| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 84 const char ContentSecurityPolicy::PluginTypes[] = "plugin-types"; | 84 const char ContentSecurityPolicy::PluginTypes[] = "plugin-types"; |
| 85 const char ContentSecurityPolicy::ReflectedXSS[] = "reflected-xss"; | 85 const char ContentSecurityPolicy::ReflectedXSS[] = "reflected-xss"; |
| 86 const char ContentSecurityPolicy::Referrer[] = "referrer"; | 86 const char ContentSecurityPolicy::Referrer[] = "referrer"; |
| 87 | 87 |
| 88 // Manifest Directives | 88 // Manifest Directives |
| 89 // https://w3c.github.io/manifest/#content-security-policy | 89 // https://w3c.github.io/manifest/#content-security-policy |
| 90 const char ContentSecurityPolicy::ManifestSrc[] = "manifest-src"; | 90 const char ContentSecurityPolicy::ManifestSrc[] = "manifest-src"; |
| 91 | 91 |
| 92 // Mixed Content Directive | 92 // Mixed Content Directive |
| 93 // https://w3c.github.io/webappsec/specs/mixedcontent/#strict-mode | 93 // https://w3c.github.io/webappsec/specs/mixedcontent/#strict-mode |
| 94 const char ContentSecurityPolicy::StrictMixedContentChecking[] = "strict-mixed-c
ontent-checking"; | 94 const char ContentSecurityPolicy::BlockAllMixedContent[] = "block-all-mixed-cont
ent"; |
| 95 | 95 |
| 96 bool ContentSecurityPolicy::isDirectiveName(const String& name) | 96 bool ContentSecurityPolicy::isDirectiveName(const String& name) |
| 97 { | 97 { |
| 98 return (equalIgnoringCase(name, ConnectSrc) | 98 return (equalIgnoringCase(name, ConnectSrc) |
| 99 || equalIgnoringCase(name, DefaultSrc) | 99 || equalIgnoringCase(name, DefaultSrc) |
| 100 || equalIgnoringCase(name, FontSrc) | 100 || equalIgnoringCase(name, FontSrc) |
| 101 || equalIgnoringCase(name, FrameSrc) | 101 || equalIgnoringCase(name, FrameSrc) |
| 102 || equalIgnoringCase(name, ImgSrc) | 102 || equalIgnoringCase(name, ImgSrc) |
| 103 || equalIgnoringCase(name, MediaSrc) | 103 || equalIgnoringCase(name, MediaSrc) |
| 104 || equalIgnoringCase(name, ObjectSrc) | 104 || equalIgnoringCase(name, ObjectSrc) |
| 105 || equalIgnoringCase(name, ReportURI) | 105 || equalIgnoringCase(name, ReportURI) |
| 106 || equalIgnoringCase(name, Sandbox) | 106 || equalIgnoringCase(name, Sandbox) |
| 107 || equalIgnoringCase(name, ScriptSrc) | 107 || equalIgnoringCase(name, ScriptSrc) |
| 108 || equalIgnoringCase(name, StyleSrc) | 108 || equalIgnoringCase(name, StyleSrc) |
| 109 || equalIgnoringCase(name, BaseURI) | 109 || equalIgnoringCase(name, BaseURI) |
| 110 || equalIgnoringCase(name, ChildSrc) | 110 || equalIgnoringCase(name, ChildSrc) |
| 111 || equalIgnoringCase(name, FormAction) | 111 || equalIgnoringCase(name, FormAction) |
| 112 || equalIgnoringCase(name, FrameAncestors) | 112 || equalIgnoringCase(name, FrameAncestors) |
| 113 || equalIgnoringCase(name, PluginTypes) | 113 || equalIgnoringCase(name, PluginTypes) |
| 114 || equalIgnoringCase(name, ReflectedXSS) | 114 || equalIgnoringCase(name, ReflectedXSS) |
| 115 || equalIgnoringCase(name, Referrer) | 115 || equalIgnoringCase(name, Referrer) |
| 116 || equalIgnoringCase(name, ManifestSrc) | 116 || equalIgnoringCase(name, ManifestSrc) |
| 117 || equalIgnoringCase(name, StrictMixedContentChecking)); | 117 || equalIgnoringCase(name, BlockAllMixedContent)); |
| 118 } | 118 } |
| 119 | 119 |
| 120 static UseCounter::Feature getUseCounterType(ContentSecurityPolicyHeaderType typ
e) | 120 static UseCounter::Feature getUseCounterType(ContentSecurityPolicyHeaderType typ
e) |
| 121 { | 121 { |
| 122 switch (type) { | 122 switch (type) { |
| 123 case ContentSecurityPolicyHeaderTypeEnforce: | 123 case ContentSecurityPolicyHeaderTypeEnforce: |
| 124 return UseCounter::ContentSecurityPolicy; | 124 return UseCounter::ContentSecurityPolicy; |
| 125 case ContentSecurityPolicyHeaderTypeReport: | 125 case ContentSecurityPolicyHeaderTypeReport: |
| 126 return UseCounter::ContentSecurityPolicyReportOnly; | 126 return UseCounter::ContentSecurityPolicyReportOnly; |
| 127 } | 127 } |
| (...skipping 777 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 905 // Collisions have no security impact, so we can save space by storing only
the string's hash rather than the whole report. | 905 // Collisions have no security impact, so we can save space by storing only
the string's hash rather than the whole report. |
| 906 return !m_violationReportsSent.contains(report.impl()->hash()); | 906 return !m_violationReportsSent.contains(report.impl()->hash()); |
| 907 } | 907 } |
| 908 | 908 |
| 909 void ContentSecurityPolicy::didSendViolationReport(const String& report) | 909 void ContentSecurityPolicy::didSendViolationReport(const String& report) |
| 910 { | 910 { |
| 911 m_violationReportsSent.add(report.impl()->hash()); | 911 m_violationReportsSent.add(report.impl()->hash()); |
| 912 } | 912 } |
| 913 | 913 |
| 914 } // namespace blink | 914 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 856753003:
MIX: Rename the CSP directive. (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master