OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CSPDirectiveList_h | 5 #ifndef CSPDirectiveList_h |
6 #define CSPDirectiveList_h | 6 #define CSPDirectiveList_h |
7 | 7 |
8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
9 #include "core/frame/csp/MediaListDirective.h" | 9 #include "core/frame/csp/MediaListDirective.h" |
10 #include "core/frame/csp/SourceListDirective.h" | 10 #include "core/frame/csp/SourceListDirective.h" |
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
67 private: | 67 private: |
68 CSPDirectiveList(ContentSecurityPolicy*, ContentSecurityPolicyHeaderType, Co
ntentSecurityPolicyHeaderSource); | 68 CSPDirectiveList(ContentSecurityPolicy*, ContentSecurityPolicyHeaderType, Co
ntentSecurityPolicyHeaderSource); |
69 | 69 |
70 bool parseDirective(const UChar* begin, const UChar* end, String& name, Stri
ng& value); | 70 bool parseDirective(const UChar* begin, const UChar* end, String& name, Stri
ng& value); |
71 void parseReportURI(const String& name, const String& value); | 71 void parseReportURI(const String& name, const String& value); |
72 void parsePluginTypes(const String& name, const String& value); | 72 void parsePluginTypes(const String& name, const String& value); |
73 void parseReflectedXSS(const String& name, const String& value); | 73 void parseReflectedXSS(const String& name, const String& value); |
74 void parseReferrer(const String& name, const String& value); | 74 void parseReferrer(const String& name, const String& value); |
75 void addDirective(const String& name, const String& value); | 75 void addDirective(const String& name, const String& value); |
76 void applySandboxPolicy(const String& name, const String& sandboxPolicy); | 76 void applySandboxPolicy(const String& name, const String& sandboxPolicy); |
| 77 void enforceStrictMixedContentChecking(const String& name, const String& val
ue); |
77 | 78 |
78 template <class CSPDirectiveType> | 79 template <class CSPDirectiveType> |
79 void setCSPDirective(const String& name, const String& value, OwnPtr<CSPDire
ctiveType>&); | 80 void setCSPDirective(const String& name, const String& value, OwnPtr<CSPDire
ctiveType>&); |
80 | 81 |
81 SourceListDirective* operativeDirective(SourceListDirective*) const; | 82 SourceListDirective* operativeDirective(SourceListDirective*) const; |
82 SourceListDirective* operativeDirective(SourceListDirective*, SourceListDire
ctive* override) const; | 83 SourceListDirective* operativeDirective(SourceListDirective*, SourceListDire
ctive* override) const; |
83 void reportViolation(const String& directiveText, const String& effectiveDir
ective, const String& consoleMessage, const KURL& blockedURL) const; | 84 void reportViolation(const String& directiveText, const String& effectiveDir
ective, const String& consoleMessage, const KURL& blockedURL) const; |
84 void reportViolationWithFrame(const String& directiveText, const String& eff
ectiveDirective, const String& consoleMessage, const KURL& blockedURL, LocalFram
e*) const; | 85 void reportViolationWithFrame(const String& directiveText, const String& eff
ectiveDirective, const String& consoleMessage, const KURL& blockedURL, LocalFram
e*) const; |
85 void reportViolationWithLocation(const String& directiveText, const String&
effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const
String& contextURL, const WTF::OrdinalNumber& contextLine) const; | 86 void reportViolationWithLocation(const String& directiveText, const String&
effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const
String& contextURL, const WTF::OrdinalNumber& contextLine) const; |
86 void reportViolationWithState(const String& directiveText, const String& eff
ectiveDirective, const String& message, const KURL& blockedURL, ScriptState*) co
nst; | 87 void reportViolationWithState(const String& directiveText, const String& eff
ectiveDirective, const String& message, const KURL& blockedURL, ScriptState*) co
nst; |
(...skipping 23 matching lines...) Expand all Loading... |
110 ContentSecurityPolicyHeaderType m_headerType; | 111 ContentSecurityPolicyHeaderType m_headerType; |
111 ContentSecurityPolicyHeaderSource m_headerSource; | 112 ContentSecurityPolicyHeaderSource m_headerSource; |
112 | 113 |
113 bool m_reportOnly; | 114 bool m_reportOnly; |
114 bool m_haveSandboxPolicy; | 115 bool m_haveSandboxPolicy; |
115 ReflectedXSSDisposition m_reflectedXSSDisposition; | 116 ReflectedXSSDisposition m_reflectedXSSDisposition; |
116 | 117 |
117 bool m_didSetReferrerPolicy; | 118 bool m_didSetReferrerPolicy; |
118 ReferrerPolicy m_referrerPolicy; | 119 ReferrerPolicy m_referrerPolicy; |
119 | 120 |
| 121 bool m_strictMixedContentCheckingEnforced; |
| 122 |
120 OwnPtr<MediaListDirective> m_pluginTypes; | 123 OwnPtr<MediaListDirective> m_pluginTypes; |
121 OwnPtr<SourceListDirective> m_baseURI; | 124 OwnPtr<SourceListDirective> m_baseURI; |
122 OwnPtr<SourceListDirective> m_childSrc; | 125 OwnPtr<SourceListDirective> m_childSrc; |
123 OwnPtr<SourceListDirective> m_connectSrc; | 126 OwnPtr<SourceListDirective> m_connectSrc; |
124 OwnPtr<SourceListDirective> m_defaultSrc; | 127 OwnPtr<SourceListDirective> m_defaultSrc; |
125 OwnPtr<SourceListDirective> m_fontSrc; | 128 OwnPtr<SourceListDirective> m_fontSrc; |
126 OwnPtr<SourceListDirective> m_formAction; | 129 OwnPtr<SourceListDirective> m_formAction; |
127 OwnPtr<SourceListDirective> m_frameAncestors; | 130 OwnPtr<SourceListDirective> m_frameAncestors; |
128 OwnPtr<SourceListDirective> m_frameSrc; | 131 OwnPtr<SourceListDirective> m_frameSrc; |
129 OwnPtr<SourceListDirective> m_imgSrc; | 132 OwnPtr<SourceListDirective> m_imgSrc; |
130 OwnPtr<SourceListDirective> m_mediaSrc; | 133 OwnPtr<SourceListDirective> m_mediaSrc; |
131 OwnPtr<SourceListDirective> m_manifestSrc; | 134 OwnPtr<SourceListDirective> m_manifestSrc; |
132 OwnPtr<SourceListDirective> m_objectSrc; | 135 OwnPtr<SourceListDirective> m_objectSrc; |
133 OwnPtr<SourceListDirective> m_scriptSrc; | 136 OwnPtr<SourceListDirective> m_scriptSrc; |
134 OwnPtr<SourceListDirective> m_styleSrc; | 137 OwnPtr<SourceListDirective> m_styleSrc; |
135 | 138 |
136 Vector<String> m_reportEndpoints; | 139 Vector<String> m_reportEndpoints; |
137 | 140 |
138 String m_evalDisabledErrorMessage; | 141 String m_evalDisabledErrorMessage; |
139 }; | 142 }; |
140 | 143 |
141 | 144 |
142 } // namespace | 145 } // namespace |
143 | 146 |
144 #endif | 147 #endif |
OLD | NEW |