OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
84 const char ContentSecurityPolicy::PluginTypes[] = "plugin-types"; | 84 const char ContentSecurityPolicy::PluginTypes[] = "plugin-types"; |
85 const char ContentSecurityPolicy::ReflectedXSS[] = "reflected-xss"; | 85 const char ContentSecurityPolicy::ReflectedXSS[] = "reflected-xss"; |
86 const char ContentSecurityPolicy::Referrer[] = "referrer"; | 86 const char ContentSecurityPolicy::Referrer[] = "referrer"; |
87 | 87 |
88 // Manifest Directives | 88 // Manifest Directives |
89 // https://w3c.github.io/manifest/#content-security-policy | 89 // https://w3c.github.io/manifest/#content-security-policy |
90 const char ContentSecurityPolicy::ManifestSrc[] = "manifest-src"; | 90 const char ContentSecurityPolicy::ManifestSrc[] = "manifest-src"; |
91 | 91 |
92 // Mixed Content Directive | 92 // Mixed Content Directive |
93 // https://w3c.github.io/webappsec/specs/mixedcontent/#strict-mode | 93 // https://w3c.github.io/webappsec/specs/mixedcontent/#strict-mode |
94 const char ContentSecurityPolicy::StrictMixedContentChecking[] = "strict-mixed-c
ontent-checking"; | 94 const char ContentSecurityPolicy::BlockAllMixedContent[] = "block-all-mixed-cont
ent"; |
95 | 95 |
96 bool ContentSecurityPolicy::isDirectiveName(const String& name) | 96 bool ContentSecurityPolicy::isDirectiveName(const String& name) |
97 { | 97 { |
98 return (equalIgnoringCase(name, ConnectSrc) | 98 return (equalIgnoringCase(name, ConnectSrc) |
99 || equalIgnoringCase(name, DefaultSrc) | 99 || equalIgnoringCase(name, DefaultSrc) |
100 || equalIgnoringCase(name, FontSrc) | 100 || equalIgnoringCase(name, FontSrc) |
101 || equalIgnoringCase(name, FrameSrc) | 101 || equalIgnoringCase(name, FrameSrc) |
102 || equalIgnoringCase(name, ImgSrc) | 102 || equalIgnoringCase(name, ImgSrc) |
103 || equalIgnoringCase(name, MediaSrc) | 103 || equalIgnoringCase(name, MediaSrc) |
104 || equalIgnoringCase(name, ObjectSrc) | 104 || equalIgnoringCase(name, ObjectSrc) |
105 || equalIgnoringCase(name, ReportURI) | 105 || equalIgnoringCase(name, ReportURI) |
106 || equalIgnoringCase(name, Sandbox) | 106 || equalIgnoringCase(name, Sandbox) |
107 || equalIgnoringCase(name, ScriptSrc) | 107 || equalIgnoringCase(name, ScriptSrc) |
108 || equalIgnoringCase(name, StyleSrc) | 108 || equalIgnoringCase(name, StyleSrc) |
109 || equalIgnoringCase(name, BaseURI) | 109 || equalIgnoringCase(name, BaseURI) |
110 || equalIgnoringCase(name, ChildSrc) | 110 || equalIgnoringCase(name, ChildSrc) |
111 || equalIgnoringCase(name, FormAction) | 111 || equalIgnoringCase(name, FormAction) |
112 || equalIgnoringCase(name, FrameAncestors) | 112 || equalIgnoringCase(name, FrameAncestors) |
113 || equalIgnoringCase(name, PluginTypes) | 113 || equalIgnoringCase(name, PluginTypes) |
114 || equalIgnoringCase(name, ReflectedXSS) | 114 || equalIgnoringCase(name, ReflectedXSS) |
115 || equalIgnoringCase(name, Referrer) | 115 || equalIgnoringCase(name, Referrer) |
116 || equalIgnoringCase(name, ManifestSrc) | 116 || equalIgnoringCase(name, ManifestSrc) |
117 || equalIgnoringCase(name, StrictMixedContentChecking)); | 117 || equalIgnoringCase(name, BlockAllMixedContent)); |
118 } | 118 } |
119 | 119 |
120 static UseCounter::Feature getUseCounterType(ContentSecurityPolicyHeaderType typ
e) | 120 static UseCounter::Feature getUseCounterType(ContentSecurityPolicyHeaderType typ
e) |
121 { | 121 { |
122 switch (type) { | 122 switch (type) { |
123 case ContentSecurityPolicyHeaderTypeEnforce: | 123 case ContentSecurityPolicyHeaderTypeEnforce: |
124 return UseCounter::ContentSecurityPolicy; | 124 return UseCounter::ContentSecurityPolicy; |
125 case ContentSecurityPolicyHeaderTypeReport: | 125 case ContentSecurityPolicyHeaderTypeReport: |
126 return UseCounter::ContentSecurityPolicyReportOnly; | 126 return UseCounter::ContentSecurityPolicyReportOnly; |
127 } | 127 } |
(...skipping 777 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
905 // Collisions have no security impact, so we can save space by storing only
the string's hash rather than the whole report. | 905 // Collisions have no security impact, so we can save space by storing only
the string's hash rather than the whole report. |
906 return !m_violationReportsSent.contains(report.impl()->hash()); | 906 return !m_violationReportsSent.contains(report.impl()->hash()); |
907 } | 907 } |
908 | 908 |
909 void ContentSecurityPolicy::didSendViolationReport(const String& report) | 909 void ContentSecurityPolicy::didSendViolationReport(const String& report) |
910 { | 910 { |
911 m_violationReportsSent.add(report.impl()->hash()); | 911 m_violationReportsSent.add(report.impl()->hash()); |
912 } | 912 } |
913 | 913 |
914 } // namespace blink | 914 } // namespace blink |
OLD | NEW |