| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 462 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 473 return isAllowedByAllWithURL<&CSPDirectiveList::allowObjectFromSource>(m_pol
icies, url, reportingStatus); | 473 return isAllowedByAllWithURL<&CSPDirectiveList::allowObjectFromSource>(m_pol
icies, url, reportingStatus); |
| 474 } | 474 } |
| 475 | 475 |
| 476 bool ContentSecurityPolicy::allowChildFrameFromSource(const KURL& url, ContentSe
curityPolicy::ReportingStatus reportingStatus) const | 476 bool ContentSecurityPolicy::allowChildFrameFromSource(const KURL& url, ContentSe
curityPolicy::ReportingStatus reportingStatus) const |
| 477 { | 477 { |
| 478 return isAllowedByAllWithURL<&CSPDirectiveList::allowChildFrameFromSource>(m
_policies, url, reportingStatus); | 478 return isAllowedByAllWithURL<&CSPDirectiveList::allowChildFrameFromSource>(m
_policies, url, reportingStatus); |
| 479 } | 479 } |
| 480 | 480 |
| 481 bool ContentSecurityPolicy::allowImageFromSource(const KURL& url, ContentSecurit
yPolicy::ReportingStatus reportingStatus) const | 481 bool ContentSecurityPolicy::allowImageFromSource(const KURL& url, ContentSecurit
yPolicy::ReportingStatus reportingStatus) const |
| 482 { | 482 { |
| 483 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol(),
SchemeRegistry::PolicyAreaImage)) |
| 484 return true; |
| 483 return isAllowedByAllWithURL<&CSPDirectiveList::allowImageFromSource>(m_poli
cies, url, reportingStatus); | 485 return isAllowedByAllWithURL<&CSPDirectiveList::allowImageFromSource>(m_poli
cies, url, reportingStatus); |
| 484 } | 486 } |
| 485 | 487 |
| 486 bool ContentSecurityPolicy::allowStyleFromSource(const KURL& url, ContentSecurit
yPolicy::ReportingStatus reportingStatus) const | 488 bool ContentSecurityPolicy::allowStyleFromSource(const KURL& url, ContentSecurit
yPolicy::ReportingStatus reportingStatus) const |
| 487 { | 489 { |
| 490 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol(),
SchemeRegistry::PolicyAreaStyle)) |
| 491 return true; |
| 488 return isAllowedByAllWithURL<&CSPDirectiveList::allowStyleFromSource>(m_poli
cies, url, reportingStatus); | 492 return isAllowedByAllWithURL<&CSPDirectiveList::allowStyleFromSource>(m_poli
cies, url, reportingStatus); |
| 489 } | 493 } |
| 490 | 494 |
| 491 bool ContentSecurityPolicy::allowFontFromSource(const KURL& url, ContentSecurity
Policy::ReportingStatus reportingStatus) const | 495 bool ContentSecurityPolicy::allowFontFromSource(const KURL& url, ContentSecurity
Policy::ReportingStatus reportingStatus) const |
| 492 { | 496 { |
| 493 return isAllowedByAllWithURL<&CSPDirectiveList::allowFontFromSource>(m_polic
ies, url, reportingStatus); | 497 return isAllowedByAllWithURL<&CSPDirectiveList::allowFontFromSource>(m_polic
ies, url, reportingStatus); |
| 494 } | 498 } |
| 495 | 499 |
| 496 bool ContentSecurityPolicy::allowMediaFromSource(const KURL& url, ContentSecurit
yPolicy::ReportingStatus reportingStatus) const | 500 bool ContentSecurityPolicy::allowMediaFromSource(const KURL& url, ContentSecurit
yPolicy::ReportingStatus reportingStatus) const |
| 497 { | 501 { |
| (...skipping 374 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 872 // Collisions have no security impact, so we can save space by storing only
the string's hash rather than the whole report. | 876 // Collisions have no security impact, so we can save space by storing only
the string's hash rather than the whole report. |
| 873 return !m_violationReportsSent.contains(report.impl()->hash()); | 877 return !m_violationReportsSent.contains(report.impl()->hash()); |
| 874 } | 878 } |
| 875 | 879 |
| 876 void ContentSecurityPolicy::didSendViolationReport(const String& report) | 880 void ContentSecurityPolicy::didSendViolationReport(const String& report) |
| 877 { | 881 { |
| 878 m_violationReportsSent.add(report.impl()->hash()); | 882 m_violationReportsSent.add(report.impl()->hash()); |
| 879 } | 883 } |
| 880 | 884 |
| 881 } // namespace blink | 885 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 730203007:
CSP: Permit exempting schemes only for certain policy areas. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk