| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2009 Google Inc. All rights reserved. | 2 * Copyright (C) 2009 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 60 // Registers a URL scheme to not generate mixed content warnings when | 60 // Registers a URL scheme to not generate mixed content warnings when |
| 61 // included by an HTTPS page. | 61 // included by an HTTPS page. |
| 62 BLINK_EXPORT static void registerURLSchemeAsSecure(const WebString&); | 62 BLINK_EXPORT static void registerURLSchemeAsSecure(const WebString&); |
| 63 | 63 |
| 64 // Registers a non-HTTP URL scheme which can be sent CORS requests. | 64 // Registers a non-HTTP URL scheme which can be sent CORS requests. |
| 65 BLINK_EXPORT static void registerURLSchemeAsCORSEnabled(const WebString&); | 65 BLINK_EXPORT static void registerURLSchemeAsCORSEnabled(const WebString&); |
| 66 | 66 |
| 67 // Registers a URL scheme whose resources can be loaded regardless of a page
's Content Security Policy. | 67 // Registers a URL scheme whose resources can be loaded regardless of a page
's Content Security Policy. |
| 68 BLINK_EXPORT static void registerURLSchemeAsBypassingContentSecurityPolicy(c
onst WebString&); | 68 BLINK_EXPORT static void registerURLSchemeAsBypassingContentSecurityPolicy(c
onst WebString&); |
| 69 | 69 |
| 70 // Registers a URL scheme for which some kinds of resources bypass Content S
ecurity Policy. |
| 71 // This enum should be kept in sync with Source/platform/weborigin/SchemeReg
istry.h. |
| 72 // Enforced in AssertMatchingEnums.cpp. |
| 73 enum PolicyAreas : uint32_t { |
| 74 PolicyAreaNone = 0, |
| 75 PolicyAreaImage = 1 << 0, |
| 76 PolicyAreaStyle = 1 << 1, |
| 77 // Add more policy areas as needed by clients. |
| 78 PolicyAreaAll = ~static_cast<uint32_t>(0), |
| 79 }; |
| 80 BLINK_EXPORT static void registerURLSchemeAsBypassingContentSecurityPolicy(c
onst WebString& scheme, PolicyAreas); |
| 81 |
| 70 // Registers a URL scheme as strictly empty documents, allowing them to | 82 // Registers a URL scheme as strictly empty documents, allowing them to |
| 71 // commit synchronously. | 83 // commit synchronously. |
| 72 BLINK_EXPORT static void registerURLSchemeAsEmptyDocument(const WebString&); | 84 BLINK_EXPORT static void registerURLSchemeAsEmptyDocument(const WebString&); |
| 73 | 85 |
| 74 // Support for whitelisting access to origins beyond the same-origin policy. | 86 // Support for whitelisting access to origins beyond the same-origin policy. |
| 75 BLINK_EXPORT static void addOriginAccessWhitelistEntry( | 87 BLINK_EXPORT static void addOriginAccessWhitelistEntry( |
| 76 const WebURL& sourceOrigin, const WebString& destinationProtocol, | 88 const WebURL& sourceOrigin, const WebString& destinationProtocol, |
| 77 const WebString& destinationHost, bool allowDestinationSubdomains); | 89 const WebString& destinationHost, bool allowDestinationSubdomains); |
| 78 BLINK_EXPORT static void removeOriginAccessWhitelistEntry( | 90 BLINK_EXPORT static void removeOriginAccessWhitelistEntry( |
| 79 const WebURL& sourceOrigin, const WebString& destinationProtocol, | 91 const WebURL& sourceOrigin, const WebString& destinationProtocol, |
| 80 const WebString& destinationHost, bool allowDestinationSubdomains); | 92 const WebString& destinationHost, bool allowDestinationSubdomains); |
| 81 BLINK_EXPORT static void resetOriginAccessWhitelists(); | 93 BLINK_EXPORT static void resetOriginAccessWhitelists(); |
| 82 | 94 |
| 83 // Returns the referrer modified according to the referrer policy for a | 95 // Returns the referrer modified according to the referrer policy for a |
| 84 // navigation to a given URL. If the referrer returned is empty, the | 96 // navigation to a given URL. If the referrer returned is empty, the |
| 85 // referrer header should be omitted. | 97 // referrer header should be omitted. |
| 86 BLINK_EXPORT static WebString generateReferrerHeader(WebReferrerPolicy, cons
t WebURL&, const WebString& referrer); | 98 BLINK_EXPORT static WebString generateReferrerHeader(WebReferrerPolicy, cons
t WebURL&, const WebString& referrer); |
| 87 | 99 |
| 88 // Registers an URL scheme to not allow manipulation of the loaded page | 100 // Registers an URL scheme to not allow manipulation of the loaded page |
| 89 // by bookmarklets or javascript: URLs typed in the omnibox. | 101 // by bookmarklets or javascript: URLs typed in the omnibox. |
| 90 BLINK_EXPORT static void registerURLSchemeAsNotAllowingJavascriptURLs(const
WebString&); | 102 BLINK_EXPORT static void registerURLSchemeAsNotAllowingJavascriptURLs(const
WebString&); |
| 91 | 103 |
| 92 private: | 104 private: |
| 93 WebSecurityPolicy(); | 105 WebSecurityPolicy(); |
| 94 }; | 106 }; |
| 95 | 107 |
| 96 } // namespace blink | 108 } // namespace blink |
| 97 | 109 |
| 98 #endif | 110 #endif |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 730203007:
CSP: Permit exempting schemes only for certain policy areas. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk