Chromium Code Reviews Chromium Code Reviews
Issue 901903003:
CSP: Adding the 'upgrade-insecure-requests' directive. (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google Inc. All Rights Reserved. | 2 * Copyright (C) 2011 Google Inc. All Rights Reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 22 matching lines...) Expand all Loading... | |
| 33 #include "wtf/text/WTFString.h" | 33 #include "wtf/text/WTFString.h" |
| 34 | 34 |
| 35 namespace blink { | 35 namespace blink { |
| 36 | 36 |
| 37 class SecurityOrigin; | 37 class SecurityOrigin; |
| 38 class ContentSecurityPolicy; | 38 class ContentSecurityPolicy; |
| 39 class KURL; | 39 class KURL; |
| 40 | 40 |
| 41 class SecurityContext { | 41 class SecurityContext { |
| 42 public: | 42 public: |
| 43 // The ordering here is important: 'upgrade' overrides 'monitor', which over rides 'ignore'. | |
| 44 enum InsecureContentPolicy { | |
| 45 InsecureContentIgnore = 0, | |
|
Yoav Weiss
2015/02/05 13:25:36
Excuse the bikeshedding but is "ignore" the best n
Mike West
2015/02/05 13:39:34
No, it certainly isn't. InsecureContentDefault, ma
Yoav Weiss
2015/02/05 13:49:13
Yeah, "InsecureContentDefault" works for me
| |
| 46 InsecureContentMonitor, | |
| 47 InsecureContentUpgrade | |
| 48 }; | |
| 49 | |
| 43 SecurityOrigin* securityOrigin() const { return m_securityOrigin.get(); } | 50 SecurityOrigin* securityOrigin() const { return m_securityOrigin.get(); } |
| 44 ContentSecurityPolicy* contentSecurityPolicy() const { return m_contentSecur ityPolicy.get(); } | 51 ContentSecurityPolicy* contentSecurityPolicy() const { return m_contentSecur ityPolicy.get(); } |
| 45 | 52 |
| 46 bool isSecureTransitionTo(const KURL&) const; | 53 bool isSecureTransitionTo(const KURL&) const; |
| 47 | 54 |
| 48 // Explicitly override the security origin for this security context. | 55 // Explicitly override the security origin for this security context. |
| 49 // Note: It is dangerous to change the security origin of a script context | 56 // Note: It is dangerous to change the security origin of a script context |
| 50 // that already contains content. | 57 // that already contains content. |
| 51 void setSecurityOrigin(PassRefPtr<SecurityOrigin>); | 58 void setSecurityOrigin(PassRefPtr<SecurityOrigin>); |
| 52 virtual void didUpdateSecurityOrigin() = 0; | 59 virtual void didUpdateSecurityOrigin() = 0; |
| 53 | 60 |
| 54 SandboxFlags sandboxFlags() const { return m_sandboxFlags; } | 61 SandboxFlags sandboxFlags() const { return m_sandboxFlags; } |
| 55 bool isSandboxed(SandboxFlags mask) const { return m_sandboxFlags & mask; } | 62 bool isSandboxed(SandboxFlags mask) const { return m_sandboxFlags & mask; } |
| 56 void enforceSandboxFlags(SandboxFlags mask); | 63 void enforceSandboxFlags(SandboxFlags mask); |
| 57 | 64 |
| 58 void setHostedInReservedIPRange() { m_hostedInReservedIPRange = true; } | 65 void setHostedInReservedIPRange() { m_hostedInReservedIPRange = true; } |
| 59 bool isHostedInReservedIPRange() const { return m_hostedInReservedIPRange; } | 66 bool isHostedInReservedIPRange() const { return m_hostedInReservedIPRange; } |
| 60 | 67 |
| 68 void setInsecureContentPolicy(InsecureContentPolicy policy) { m_insecureCont entPolicy = policy; } | |
| 69 InsecureContentPolicy insecureContentPolicy() const { return m_insecureConte ntPolicy; } | |
| 70 | |
| 61 protected: | 71 protected: |
| 62 SecurityContext(); | 72 SecurityContext(); |
| 63 virtual ~SecurityContext(); | 73 virtual ~SecurityContext(); |
| 64 | 74 |
| 65 void setContentSecurityPolicy(PassRefPtr<ContentSecurityPolicy>); | 75 void setContentSecurityPolicy(PassRefPtr<ContentSecurityPolicy>); |
| 66 | 76 |
| 67 void didFailToInitializeSecurityOrigin() { m_haveInitializedSecurityOrigin = false; } | 77 void didFailToInitializeSecurityOrigin() { m_haveInitializedSecurityOrigin = false; } |
| 68 bool haveInitializedSecurityOrigin() const { return m_haveInitializedSecurit yOrigin; } | 78 bool haveInitializedSecurityOrigin() const { return m_haveInitializedSecurit yOrigin; } |
| 69 | 79 |
| 70 private: | 80 private: |
| 71 bool m_haveInitializedSecurityOrigin; | 81 bool m_haveInitializedSecurityOrigin; |
| 72 RefPtr<SecurityOrigin> m_securityOrigin; | 82 RefPtr<SecurityOrigin> m_securityOrigin; |
| 73 RefPtr<ContentSecurityPolicy> m_contentSecurityPolicy; | 83 RefPtr<ContentSecurityPolicy> m_contentSecurityPolicy; |
| 74 | 84 |
| 75 SandboxFlags m_sandboxFlags; | 85 SandboxFlags m_sandboxFlags; |
| 76 | 86 |
| 77 bool m_hostedInReservedIPRange; | 87 bool m_hostedInReservedIPRange; |
| 88 InsecureContentPolicy m_insecureContentPolicy; | |
| 78 }; | 89 }; |
| 79 | 90 |
| 80 } // namespace blink | 91 } // namespace blink |
| 81 | 92 |
| 82 #endif // SecurityContext_h | 93 #endif // SecurityContext_h |
| OLD | NEW |
