Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(211)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/frame/csp/CSPDirectiveList.h

Issue 811773002: Mixed Content: Implement strict mode. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Tests. Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Source/core/dom/ExecutionContext.cpp ('k') | Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CSPDirectiveList_h 5 #ifndef CSPDirectiveList_h
6 #define CSPDirectiveList_h 6 #define CSPDirectiveList_h
7 7
8 #include "core/frame/csp/ContentSecurityPolicy.h" 8 #include "core/frame/csp/ContentSecurityPolicy.h"
9 #include "core/frame/csp/MediaListDirective.h" 9 #include "core/frame/csp/MediaListDirective.h"
10 #include "core/frame/csp/SourceListDirective.h" 10 #include "core/frame/csp/SourceListDirective.h"
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after
67 private: 67 private:
68 CSPDirectiveList(ContentSecurityPolicy*, ContentSecurityPolicyHeaderType, Co ntentSecurityPolicyHeaderSource); 68 CSPDirectiveList(ContentSecurityPolicy*, ContentSecurityPolicyHeaderType, Co ntentSecurityPolicyHeaderSource);
69 69
70 bool parseDirective(const UChar* begin, const UChar* end, String& name, Stri ng& value); 70 bool parseDirective(const UChar* begin, const UChar* end, String& name, Stri ng& value);
71 void parseReportURI(const String& name, const String& value); 71 void parseReportURI(const String& name, const String& value);
72 void parsePluginTypes(const String& name, const String& value); 72 void parsePluginTypes(const String& name, const String& value);
73 void parseReflectedXSS(const String& name, const String& value); 73 void parseReflectedXSS(const String& name, const String& value);
74 void parseReferrer(const String& name, const String& value); 74 void parseReferrer(const String& name, const String& value);
75 void addDirective(const String& name, const String& value); 75 void addDirective(const String& name, const String& value);
76 void applySandboxPolicy(const String& name, const String& sandboxPolicy); 76 void applySandboxPolicy(const String& name, const String& sandboxPolicy);
77 void enforceStrictMixedContentChecking(const String& name, const String& val ue);
77 78
78 template <class CSPDirectiveType> 79 template <class CSPDirectiveType>
79 void setCSPDirective(const String& name, const String& value, OwnPtr<CSPDire ctiveType>&); 80 void setCSPDirective(const String& name, const String& value, OwnPtr<CSPDire ctiveType>&);
80 81
81 SourceListDirective* operativeDirective(SourceListDirective*) const; 82 SourceListDirective* operativeDirective(SourceListDirective*) const;
82 SourceListDirective* operativeDirective(SourceListDirective*, SourceListDire ctive* override) const; 83 SourceListDirective* operativeDirective(SourceListDirective*, SourceListDire ctive* override) const;
83 void reportViolation(const String& directiveText, const String& effectiveDir ective, const String& consoleMessage, const KURL& blockedURL) const; 84 void reportViolation(const String& directiveText, const String& effectiveDir ective, const String& consoleMessage, const KURL& blockedURL) const;
84 void reportViolationWithFrame(const String& directiveText, const String& eff ectiveDirective, const String& consoleMessage, const KURL& blockedURL, LocalFram e*) const; 85 void reportViolationWithFrame(const String& directiveText, const String& eff ectiveDirective, const String& consoleMessage, const KURL& blockedURL, LocalFram e*) const;
85 void reportViolationWithLocation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const String& contextURL, const WTF::OrdinalNumber& contextLine) const; 86 void reportViolationWithLocation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const String& contextURL, const WTF::OrdinalNumber& contextLine) const;
86 void reportViolationWithState(const String& directiveText, const String& eff ectiveDirective, const String& message, const KURL& blockedURL, ScriptState*) co nst; 87 void reportViolationWithState(const String& directiveText, const String& eff ectiveDirective, const String& message, const KURL& blockedURL, ScriptState*) co nst;
(...skipping 23 matching lines...) Expand all
110 ContentSecurityPolicyHeaderType m_headerType; 111 ContentSecurityPolicyHeaderType m_headerType;
111 ContentSecurityPolicyHeaderSource m_headerSource; 112 ContentSecurityPolicyHeaderSource m_headerSource;
112 113
113 bool m_reportOnly; 114 bool m_reportOnly;
114 bool m_haveSandboxPolicy; 115 bool m_haveSandboxPolicy;
115 ReflectedXSSDisposition m_reflectedXSSDisposition; 116 ReflectedXSSDisposition m_reflectedXSSDisposition;
116 117
117 bool m_didSetReferrerPolicy; 118 bool m_didSetReferrerPolicy;
118 ReferrerPolicy m_referrerPolicy; 119 ReferrerPolicy m_referrerPolicy;
119 120
121 bool m_strictMixedContentCheckingEnforced;
122
120 OwnPtr<MediaListDirective> m_pluginTypes; 123 OwnPtr<MediaListDirective> m_pluginTypes;
121 OwnPtr<SourceListDirective> m_baseURI; 124 OwnPtr<SourceListDirective> m_baseURI;
122 OwnPtr<SourceListDirective> m_childSrc; 125 OwnPtr<SourceListDirective> m_childSrc;
123 OwnPtr<SourceListDirective> m_connectSrc; 126 OwnPtr<SourceListDirective> m_connectSrc;
124 OwnPtr<SourceListDirective> m_defaultSrc; 127 OwnPtr<SourceListDirective> m_defaultSrc;
125 OwnPtr<SourceListDirective> m_fontSrc; 128 OwnPtr<SourceListDirective> m_fontSrc;
126 OwnPtr<SourceListDirective> m_formAction; 129 OwnPtr<SourceListDirective> m_formAction;
127 OwnPtr<SourceListDirective> m_frameAncestors; 130 OwnPtr<SourceListDirective> m_frameAncestors;
128 OwnPtr<SourceListDirective> m_frameSrc; 131 OwnPtr<SourceListDirective> m_frameSrc;
129 OwnPtr<SourceListDirective> m_imgSrc; 132 OwnPtr<SourceListDirective> m_imgSrc;
130 OwnPtr<SourceListDirective> m_mediaSrc; 133 OwnPtr<SourceListDirective> m_mediaSrc;
131 OwnPtr<SourceListDirective> m_manifestSrc; 134 OwnPtr<SourceListDirective> m_manifestSrc;
132 OwnPtr<SourceListDirective> m_objectSrc; 135 OwnPtr<SourceListDirective> m_objectSrc;
133 OwnPtr<SourceListDirective> m_scriptSrc; 136 OwnPtr<SourceListDirective> m_scriptSrc;
134 OwnPtr<SourceListDirective> m_styleSrc; 137 OwnPtr<SourceListDirective> m_styleSrc;
135 138
136 Vector<String> m_reportEndpoints; 139 Vector<String> m_reportEndpoints;
137 140
138 String m_evalDisabledErrorMessage; 141 String m_evalDisabledErrorMessage;
139 }; 142 };
140 143
141 144
142 } // namespace 145 } // namespace
143 146
144 #endif 147 #endif
OLDNEW
« no previous file with comments | « Source/core/dom/ExecutionContext.cpp ('k') | Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698