Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(640)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/content_security_policy/content_security_policy.h

Issue 2764993002: CSP: group policies in didAddContentSecurityPolicy. (Closed)
Patch Set: Rebase. Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/common/BUILD.gn ('k') | content/common/content_security_policy/content_security_policy.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2017 The Chromium Authors. All rights reserved. 1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ 5 #ifndef CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_
6 #define CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ 6 #define CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_
7 7
8 #include <memory> 8 #include <memory>
9 #include <vector> 9 #include <vector>
10 10
11 #include "content/common/content_export.h" 11 #include "content/common/content_export.h"
12 #include "content/common/content_security_policy/csp_directive.h" 12 #include "content/common/content_security_policy/csp_directive.h"
13 #include "content/common/content_security_policy_header.h" 13 #include "content/common/content_security_policy_header.h"
14 #include "url/gurl.h" 14 #include "url/gurl.h"
15 15
16 namespace content { 16 namespace content {
17 17
18 class CSPContext; 18 class CSPContext;
19 19
20 // https://www.w3.org/TR/CSP3/#framework-policy 20 // https://www.w3.org/TR/CSP3/#framework-policy
21 // 21 //
22 // A ContentSecurityPolicy is a collection of CSPDirectives which will be 22 // A ContentSecurityPolicy is a collection of CSPDirectives which will be
23 // enforced upon requests. 23 // enforced upon requests.
24 struct CONTENT_EXPORT ContentSecurityPolicy { 24 struct CONTENT_EXPORT ContentSecurityPolicy {
25 ContentSecurityPolicy(); 25 ContentSecurityPolicy();
26 ContentSecurityPolicy(blink::WebContentSecurityPolicyType disposition, 26 ContentSecurityPolicy(const ContentSecurityPolicyHeader& header,
27 blink::WebContentSecurityPolicySource source,
28 const std::vector<CSPDirective>& directives, 27 const std::vector<CSPDirective>& directives,
29 const std::vector<std::string>& report_endpoints, 28 const std::vector<std::string>& report_endpoints);
30 const std::string& header);
31 ContentSecurityPolicy(const ContentSecurityPolicy&); 29 ContentSecurityPolicy(const ContentSecurityPolicy&);
32 ~ContentSecurityPolicy(); 30 ~ContentSecurityPolicy();
33 31
34 blink::WebContentSecurityPolicyType disposition; 32 ContentSecurityPolicyHeader header;
35 blink::WebContentSecurityPolicySource source;
36 std::vector<CSPDirective> directives; 33 std::vector<CSPDirective> directives;
37 std::vector<std::string> report_endpoints; 34 std::vector<std::string> report_endpoints;
38 std::string header;
39 35
40 std::string ToString() const; 36 std::string ToString() const;
41 37
42 // Return true when the |policy| allows a request to the |url| in relation to 38 // Return true when the |policy| allows a request to the |url| in relation to
43 // the |directive| for a given |context|. 39 // the |directive| for a given |context|.
44 // Note: Any policy violation are reported to the |context|. 40 // Note: Any policy violation are reported to the |context|.
45 static bool Allow(const ContentSecurityPolicy& policy, 41 static bool Allow(const ContentSecurityPolicy& policy,
46 CSPDirective::Name directive, 42 CSPDirective::Name directive,
47 const GURL& url, 43 const GURL& url,
48 CSPContext* context, 44 CSPContext* context,
49 bool is_redirect = false); 45 bool is_redirect = false);
50 }; 46 };
51 47
52 } // namespace content 48 } // namespace content
53 #endif // CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ 49 #endif // CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_
OLDNEW
« no previous file with comments | « content/common/BUILD.gn ('k') | content/common/content_security_policy/content_security_policy.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698