| Index: Source/core/frame/csp/ContentSecurityPolicy.h
|
| diff --git a/Source/core/frame/csp/ContentSecurityPolicy.h b/Source/core/frame/csp/ContentSecurityPolicy.h
|
| index 86ecfaa59d16ddaeb5b5c97b89aa04db0982371b..4d97f90de3bf3709aaaec0560fcc00f384a7ac31 100644
|
| --- a/Source/core/frame/csp/ContentSecurityPolicy.h
|
| +++ b/Source/core/frame/csp/ContentSecurityPolicy.h
|
| @@ -28,6 +28,7 @@
|
|
|
| #include "bindings/core/v8/ScriptState.h"
|
| #include "core/dom/ExecutionContext.h"
|
| +#include "core/dom/SecurityContext.h"
|
| #include "core/frame/ConsoleTypes.h"
|
| #include "platform/network/ContentSecurityPolicyParsers.h"
|
| #include "platform/network/HTTPParsers.h"
|
| @@ -92,6 +93,9 @@ public:
|
| // https://w3c.github.io/webappsec/specs/mixedcontent/#strict-mode
|
| static const char BlockAllMixedContent[];
|
|
|
| + // https://w3c.github.io/webappsec/specs/upgrade/
|
| + static const char UpgradeInsecureRequests[];
|
| +
|
| enum ReportingStatus {
|
| SendReport,
|
| SuppressReport
|
| @@ -193,6 +197,9 @@ public:
|
| void enforceStrictMixedContentChecking();
|
| String evalDisabledErrorMessage() const;
|
|
|
| + void setInsecureContentPolicy(SecurityContext::InsecureContentPolicy);
|
| + SecurityContext::InsecureContentPolicy insecureContentPolicy() const { return m_insecureContentPolicy; };
|
| +
|
| bool urlMatchesSelf(const KURL&) const;
|
| bool protocolMatchesSelf(const KURL&) const;
|
|
|
| @@ -235,6 +242,7 @@ private:
|
| bool m_enforceStrictMixedContentChecking;
|
| ReferrerPolicy m_referrerPolicy;
|
| String m_disableEvalErrorMessage;
|
| + SecurityContext::InsecureContentPolicy m_insecureContentPolicy;
|
|
|
| OwnPtr<CSPSource> m_selfSource;
|
| String m_selfProtocol;
|
|
|
Chromium Code Reviews
Issue 901903003:
CSP: Adding the 'upgrade-insecure-requests' directive. (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master