| /* |
| * Copyright (C) 2011 Google, Inc. All rights reserved. |
| * |
| * Redistribution and use in source and binary forms, with or without |
| * modification, are permitted provided that the following conditions |
| * are met: |
| * 1. Redistributions of source code must retain the above copyright |
| * notice, this list of conditions and the following disclaimer. |
| * 2. Redistributions in binary form must reproduce the above copyright |
| * notice, this list of conditions and the following disclaimer in the |
| * documentation and/or other materials provided with the distribution. |
| * |
| * THIS SOFTWARE IS PROVIDED BY GOOGLE INC. ``AS IS'' AND ANY |
| * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR |
| * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
| * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
| * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR |
| * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
| * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| */ |
| |
| #ifndef THIRD_PARTY_BLINK_RENDERER_CORE_FRAME_CSP_CONTENT_SECURITY_POLICY_H_ |
| #define THIRD_PARTY_BLINK_RENDERER_CORE_FRAME_CSP_CONTENT_SECURITY_POLICY_H_ |
| |
| #include <memory> |
| #include <utility> |
| |
| #include "services/network/public/mojom/content_security_policy.mojom-blink.h" |
| #include "services/network/public/mojom/web_sandbox_flags.mojom-blink-forward.h" |
| #include "third_party/blink/public/mojom/devtools/console_message.mojom-blink.h" |
| #include "third_party/blink/public/mojom/devtools/inspector_issue.mojom-blink.h" |
| #include "third_party/blink/public/mojom/fetch/fetch_api_request.mojom-blink-forward.h" |
| #include "third_party/blink/public/mojom/security_context/insecure_request_policy.mojom-blink-forward.h" |
| #include "third_party/blink/public/platform/web_content_security_policy_struct.h" |
| #include "third_party/blink/renderer/bindings/core/v8/source_location.h" |
| #include "third_party/blink/renderer/core/core_export.h" |
| #include "third_party/blink/renderer/core/execution_context/security_context.h" |
| #include "third_party/blink/renderer/core/frame/web_feature.h" |
| #include "third_party/blink/renderer/platform/bindings/script_state.h" |
| #include "third_party/blink/renderer/platform/heap/handle.h" |
| #include "third_party/blink/renderer/platform/loader/fetch/integrity_metadata.h" |
| #include "third_party/blink/renderer/platform/loader/fetch/resource_loader_options.h" |
| #include "third_party/blink/renderer/platform/loader/fetch/resource_request.h" |
| #include "third_party/blink/renderer/platform/network/content_security_policy_parsers.h" |
| #include "third_party/blink/renderer/platform/network/http_parsers.h" |
| #include "third_party/blink/renderer/platform/weborigin/reporting_disposition.h" |
| #include "third_party/blink/renderer/platform/weborigin/scheme_registry.h" |
| #include "third_party/blink/renderer/platform/wtf/hash_set.h" |
| #include "third_party/blink/renderer/platform/wtf/text/string_hash.h" |
| #include "third_party/blink/renderer/platform/wtf/text/text_position.h" |
| #include "third_party/blink/renderer/platform/wtf/text/wtf_string.h" |
| #include "third_party/blink/renderer/platform/wtf/vector.h" |
| |
| namespace WTF { |
| class OrdinalNumber; |
| } |
| |
| namespace blink { |
| |
| class ContentSecurityPolicyResponseHeaders; |
| class ConsoleMessage; |
| class DOMWrapperWorld; |
| class Element; |
| class ExecutionContext; |
| class LocalFrame; |
| class KURL; |
| class ResourceRequest; |
| class SecurityOrigin; |
| class SecurityPolicyViolationEventInit; |
| class SourceLocation; |
| enum class ResourceType : uint8_t; |
| |
| typedef HeapVector<Member<ConsoleMessage>> ConsoleMessageVector; |
| using RedirectStatus = ResourceRequest::RedirectStatus; |
| using network::mojom::blink::CSPDirectiveName; |
| |
| // A delegate interface to implement violation reporting, support for some |
| // directives and other miscellaneous functionality. |
| class CORE_EXPORT ContentSecurityPolicyDelegate : public GarbageCollectedMixin { |
| public: |
| // Returns the SecurityOrigin this content security policy is bound to. Used |
| // for matching the 'self' keyword. Must return a non-null value. |
| // See https://w3c.github.io/webappsec-csp/#policy-self-origin. |
| virtual const SecurityOrigin* GetSecurityOrigin() = 0; |
| |
| // Returns the URL this content security policy is bound to. |
| // Used for https://w3c.github.io/webappsec-csp/#violation-url and so. |
| // Note: Url() is used for several purposes that are specced slightly |
| // differently. |
| // See comments at the callers. |
| virtual const KURL& Url() const = 0; |
| |
| // Directives support. |
| virtual void SetSandboxFlags(network::mojom::blink::WebSandboxFlags) = 0; |
| virtual void SetRequireTrustedTypes() = 0; |
| virtual void AddInsecureRequestPolicy( |
| mojom::blink::InsecureRequestPolicy) = 0; |
| |
| // Violation reporting. |
| |
| // See https://w3c.github.io/webappsec-csp/#create-violation-for-global. |
| // These functions are used to create the violation object. |
| virtual std::unique_ptr<SourceLocation> GetSourceLocation() = 0; |
| virtual base::Optional<uint16_t> GetStatusCode() = 0; |
| // If the Delegate is not bound to a document, a null string should be |
| // returned as the referrer. |
| virtual String GetDocumentReferrer() = 0; |
| |
| virtual void DispatchViolationEvent(const SecurityPolicyViolationEventInit&, |
| Element*) = 0; |
| virtual void PostViolationReport(const SecurityPolicyViolationEventInit&, |
| const String& stringified_report, |
| bool is_frame_ancestors_violaton, |
| const Vector<String>& report_endpoints, |
| bool use_reporting_api) = 0; |
| |
| virtual void Count(WebFeature) = 0; |
| |
| virtual void AddConsoleMessage(ConsoleMessage*) = 0; |
| virtual void AddInspectorIssue(mojom::blink::InspectorIssueInfoPtr) = 0; |
| virtual void DisableEval(const String& error_message) = 0; |
| virtual void ReportBlockedScriptExecutionToInspector( |
| const String& directive_text) = 0; |
| virtual void DidAddContentSecurityPolicies( |
| WTF::Vector<network::mojom::blink::ContentSecurityPolicyPtr>) = 0; |
| }; |
| |
| class CORE_EXPORT ContentSecurityPolicy final |
| : public GarbageCollected<ContentSecurityPolicy> { |
| public: |
| enum ExceptionStatus { kWillThrowException, kWillNotThrowException }; |
| |
| // This covers the possible values of a violation's 'resource', as defined in |
| // https://w3c.github.io/webappsec-csp/#violation-resource. By the time we |
| // generate a report, we're guaranteed that the value isn't 'null', so we |
| // don't need that state in this enum. |
| // |
| // Trusted Types violation's 'resource' values are defined in |
| // https://wicg.github.io/trusted-types/dist/spec/#csp-violation-object-hdr. |
| enum ContentSecurityPolicyViolationType { |
| kInlineViolation, |
| kEvalViolation, |
| kURLViolation, |
| kTrustedTypesSinkViolation, |
| kTrustedTypesPolicyViolation |
| }; |
| |
| // The |type| argument given to inline checks, e.g.: |
| // https://w3c.github.io/webappsec-csp/#should-block-inline |
| // Its possible values are listed in: |
| // https://w3c.github.io/webappsec-csp/#effective-directive-for-inline-check |
| enum class InlineType { |
| kNavigation, |
| kScript, |
| kScriptAttribute, |
| kStyle, |
| kStyleAttribute |
| }; |
| |
| // CheckHeaderType can be passed to Allow*FromSource methods to control which |
| // types of CSP headers are checked. |
| enum class CheckHeaderType { |
| // Check both Content-Security-Policy and |
| // Content-Security-Policy-Report-Only headers. |
| kCheckAll, |
| // Check Content-Security-Policy headers only and ignore |
| // Content-Security-Policy-Report-Only headers. |
| kCheckEnforce, |
| // Check Content-Security-Policy-Report-Only headers only and ignore |
| // Content-Security-Policy headers. |
| kCheckReportOnly |
| }; |
| |
| // Helper type for the method AllowTrustedTypePolicy. |
| enum AllowTrustedTypePolicyDetails { |
| kAllowed, |
| kDisallowedName, |
| kDisallowedDuplicateName |
| }; |
| |
| static const size_t kMaxSampleLength = 40; |
| |
| // Parse raw Content Security Policy strings into mojo types. |
| static WTF::Vector<network::mojom::blink::ContentSecurityPolicyPtr> |
| ParseHeaders(const ContentSecurityPolicyResponseHeaders& headers); |
| |
| ContentSecurityPolicy(); |
| ~ContentSecurityPolicy(); |
| void Trace(Visitor*) const; |
| |
| bool IsBound(); |
| void BindToDelegate(ContentSecurityPolicyDelegate&); |
| void CopyStateFrom(const ContentSecurityPolicy*); |
| |
| void DidReceiveHeaders(const ContentSecurityPolicyResponseHeaders&); |
| void DidReceiveHeader(const String&, |
| const SecurityOrigin& self_origin, |
| network::mojom::ContentSecurityPolicyType, |
| network::mojom::ContentSecurityPolicySource); |
| void ReportAccumulatedHeaders() const; |
| |
| void AddPolicies( |
| Vector<network::mojom::blink::ContentSecurityPolicyPtr> policies); |
| |
| // Returns whether or not the Javascript code generation should call back the |
| // CSP checker before any script evaluation from a string attempts. |
| // |
| // CSP has two mechanisms for controlling eval: script-src and TrustedTypes. |
| // This returns true when any of those should to be checked. |
| bool ShouldCheckEval() const; |
| |
| // When the reporting status is |SendReport|, the |ExceptionStatus| |
| // should indicate whether the caller will throw a JavaScript |
| // exception in the event of a violation. When the caller will throw |
| // an exception, ContentSecurityPolicy does not log a violation |
| // message to the console because it would be redundant. |
| bool AllowEval(ReportingDisposition, |
| ExceptionStatus, |
| const String& script_content); |
| bool AllowWasmEval(ReportingDisposition, |
| ExceptionStatus, |
| const String& script_content); |
| |
| // AllowFromSource() wrappers. |
| bool AllowBaseURI(const KURL&); |
| bool AllowConnectToSource( |
| const KURL&, |
| const KURL& url_before_redirects, |
| RedirectStatus, |
| ReportingDisposition = ReportingDisposition::kReport, |
| CheckHeaderType = CheckHeaderType::kCheckAll); |
| bool AllowFormAction(const KURL&); |
| bool AllowImageFromSource( |
| const KURL&, |
| const KURL& url_before_redirects, |
| RedirectStatus, |
| ReportingDisposition = ReportingDisposition::kReport, |
| CheckHeaderType = CheckHeaderType::kCheckAll); |
| bool AllowMediaFromSource(const KURL&); |
| bool AllowObjectFromSource(const KURL&); |
| bool AllowScriptFromSource( |
| const KURL&, |
| const String& nonce, |
| const IntegrityMetadataSet&, |
| ParserDisposition, |
| const KURL& url_before_redirects, |
| RedirectStatus, |
| ReportingDisposition = ReportingDisposition::kReport, |
| CheckHeaderType = CheckHeaderType::kCheckAll); |
| bool AllowWorkerContextFromSource(const KURL&); |
| |
| bool AllowTrustedTypePolicy(const String& policy_name, |
| bool is_duplicate, |
| AllowTrustedTypePolicyDetails& violation_details); |
| |
| // Passing 'String()' into the |nonce| arguments in the following methods |
| // represents an unnonced resource load. |
| // |
| // For kJavaScriptURL case, |element| will not be present for navigations to |
| // javascript URLs, as those checks happen in the middle of the navigation |
| // algorithm, and we generally don't have access to the responsible element. |
| // |
| // For kInlineEventHandler case, |element| will be present almost all of the |
| // time, but because of strangeness around targeting handlers for '<body>', |
| // '<svg>', and '<frameset>', it will be 'nullptr' for handlers on those |
| // elements. |
| bool AllowInline(InlineType, |
| Element*, |
| const String& content, |
| const String& nonce, |
| const String& context_url, |
| const WTF::OrdinalNumber& context_line, |
| ReportingDisposition = ReportingDisposition::kReport); |
| |
| static bool IsScriptInlineType(InlineType); |
| |
| // TODO(crbug.com/889751): Remove "mojom::blink::RequestContextType" once |
| // all the code migrates. |
| bool AllowRequestWithoutIntegrity( |
| mojom::blink::RequestContextType, |
| network::mojom::RequestDestination, |
| const KURL&, |
| const KURL& url_before_redirects, |
| RedirectStatus, |
| ReportingDisposition = ReportingDisposition::kReport, |
| CheckHeaderType = CheckHeaderType::kCheckAll) const; |
| |
| // TODO(crbug.com/889751): Remove "mojom::blink::RequestContextType" once |
| // all the code migrates. |
| bool AllowRequest(mojom::blink::RequestContextType, |
| network::mojom::RequestDestination, |
| const KURL&, |
| const String& nonce, |
| const IntegrityMetadataSet&, |
| ParserDisposition, |
| const KURL& url_before_redirects, |
| RedirectStatus, |
| ReportingDisposition = ReportingDisposition::kReport, |
| CheckHeaderType = CheckHeaderType::kCheckAll); |
| |
| // Determine whether to enforce the assignment failure. Also handle reporting. |
| // Returns whether enforcing Trusted Types CSP directives are present. |
| bool AllowTrustedTypeAssignmentFailure( |
| const String& message, |
| const String& sample = String(), |
| const String& sample_prefix = String()); |
| |
| void UsesScriptHashAlgorithms(uint8_t content_security_policy_hash_algorithm); |
| void UsesStyleHashAlgorithms(uint8_t content_security_policy_hash_algorithm); |
| |
| void SetOverrideAllowInlineStyle(bool); |
| void SetOverrideURLForSelf(const KURL&); |
| |
| bool IsActive() const; |
| bool IsActiveForConnections() const; |
| |
| // If a frame is passed in, the message will be logged to its active |
| // document's console. Otherwise, the message will be logged to this object's |
| // |m_executionContext|. |
| void LogToConsole(ConsoleMessage*, LocalFrame* = nullptr); |
| |
| void ReportDirectiveAsSourceExpression(const String& directive_name, |
| const String& source_expression); |
| void ReportDuplicateDirective(const String&); |
| void ReportInvalidDirectiveValueCharacter(const String& directive_name, |
| const String& value); |
| void ReportInvalidPathCharacter(const String& directive_name, |
| const String& value, |
| const char); |
| void ReportInvalidRequireTrustedTypesFor(const String&); |
| void ReportInvalidSandboxFlags(const String&); |
| void ReportInvalidSourceExpression(const String& directive_name, |
| const String& source); |
| void ReportMultipleReportToEndpoints(); |
| void ReportUnsupportedDirective(const String&); |
| void ReportInvalidInReportOnly(const String&); |
| void ReportInvalidDirectiveInMeta(const String& directive_name); |
| void ReportReportOnlyInMeta(const String&); |
| void ReportMetaOutsideHead(const String&); |
| void ReportValueForEmptyDirective(const String& directive_name, |
| const String& value); |
| void ReportMixedContentReportURI(const String& endpoint); |
| |
| // If a frame is passed in, the report will be sent using it as a context. If |
| // no frame is passed in, the report will be sent via this object's |
| // |m_executionContext| (or dropped on the floor if no such context is |
| // available). |
| // If |sourceLocation| is not set, the source location will be the context's |
| // current location. |
| void ReportViolation(const String& directive_text, |
| CSPDirectiveName effective_type, |
| const String& console_message, |
| const KURL& blocked_url, |
| const Vector<String>& report_endpoints, |
| bool use_reporting_api, |
| const String& header, |
| network::mojom::ContentSecurityPolicyType, |
| ContentSecurityPolicyViolationType, |
| std::unique_ptr<SourceLocation>, |
| LocalFrame* = nullptr, |
| RedirectStatus = RedirectStatus::kFollowedRedirect, |
| Element* = nullptr, |
| const String& source = g_empty_string, |
| const String& source_prefix = g_empty_string); |
| |
| // Called when mixed content is detected on a page; will trigger a violation |
| // report if the 'block-all-mixed-content' directive is specified for a |
| // policy. |
| void ReportMixedContent(const KURL& blocked_url, RedirectStatus); |
| |
| void ReportBlockedScriptExecutionToInspector( |
| const String& directive_text) const; |
| |
| // Used as <object>'s URL when there is no `src` attribute. |
| const KURL FallbackUrlForPlugin() const; |
| |
| void EnforceSandboxFlags(network::mojom::blink::WebSandboxFlags); |
| void RequireTrustedTypes(); |
| bool IsRequireTrustedTypes() const { return require_trusted_types_; } |
| String EvalDisabledErrorMessage() const; |
| |
| // Upgrade-Insecure-Requests and Block-All-Mixed-Content are represented in |
| // |m_insecureRequestPolicy| |
| void EnforceStrictMixedContentChecking(); |
| void UpgradeInsecureRequests(); |
| mojom::blink::InsecureRequestPolicy GetInsecureRequestPolicy() const { |
| return insecure_request_policy_; |
| } |
| |
| bool ExperimentalFeaturesEnabled() const; |
| |
| bool ShouldSendCSPHeader(ResourceType) const; |
| |
| // Whether the main world's CSP should be bypassed based on the current |
| // javascript world we are in. |
| // Note: This is deprecated. New usages should not be added. Operations in an |
| // isolated world should use the isolated world CSP instead of bypassing the |
| // main world CSP. See |
| // ExecutionContext::GetContentSecurityPolicyForCurrentWorld. |
| // TODO(karandeepb): Rename to ShouldBypassMainWorldDeprecated. |
| static bool ShouldBypassMainWorld(const ExecutionContext*); |
| |
| // Whether the main world's CSP should be bypassed for operations in the given |
| // |world|. |
| // Note: This is deprecated. New usages should not be added. Operations in an |
| // isolated world should use the isolated world CSP instead of bypassing the |
| // main world CSP. See ExecutionContext::GetContentSecurityPolicyForWorld. |
| // TODO(karandeepb): Rename to ShouldBypassMainWorldDeprecated. |
| static bool ShouldBypassMainWorld(const DOMWrapperWorld* world); |
| |
| static bool IsNonceableElement(const Element*); |
| |
| static const char* GetDirectiveName(CSPDirectiveName type); |
| static CSPDirectiveName GetDirectiveType(const String& name); |
| |
| bool HasHeaderDeliveredPolicy() const { return header_delivered_; } |
| |
| // Returns the 'wasm-eval' source is supported. |
| bool SupportsWasmEval() const { return supports_wasm_eval_; } |
| void SetSupportsWasmEval(bool value) { supports_wasm_eval_ = value; } |
| |
| // Retrieve the parsed policies. |
| const WTF::Vector<network::mojom::blink::ContentSecurityPolicyPtr>& |
| GetParsedPolicies() const; |
| |
| // Retrieves the parsed sandbox flags. A lot of the time the execution |
| // context will be used for all sandbox checks but there are situations |
| // (before installing the document that this CSP will bind to) when |
| // there is no execution context to enforce the sandbox flags. |
| network::mojom::blink::WebSandboxFlags GetSandboxMask() const { |
| return sandbox_mask_; |
| } |
| |
| bool HasPolicyFromSource(network::mojom::ContentSecurityPolicySource) const; |
| |
| static bool IsScriptDirective(CSPDirectiveName directive_type) { |
| return (directive_type == CSPDirectiveName::ScriptSrc || |
| directive_type == CSPDirectiveName::ScriptSrcAttr || |
| directive_type == CSPDirectiveName::ScriptSrcElem); |
| } |
| |
| static bool IsStyleDirective(CSPDirectiveName directive_type) { |
| return (directive_type == CSPDirectiveName::StyleSrc || |
| directive_type == CSPDirectiveName::StyleSrcAttr || |
| directive_type == CSPDirectiveName::StyleSrcElem); |
| } |
| |
| void Count(WebFeature feature) const; |
| |
| private: |
| FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceInline); |
| FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceSinglePolicy); |
| FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceMultiplePolicy); |
| FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, EmptyCSPIsNoOp); |
| FRIEND_TEST_ALL_PREFIXES(BaseFetchContextTest, CanRequest); |
| FRIEND_TEST_ALL_PREFIXES(BaseFetchContextTest, CheckCSPForRequest); |
| FRIEND_TEST_ALL_PREFIXES(BaseFetchContextTest, |
| AllowResponseChecksReportedAndEnforcedCSP); |
| FRIEND_TEST_ALL_PREFIXES(FrameFetchContextTest, |
| PopulateResourceRequestChecksReportOnlyCSP); |
| |
| Vector<network::mojom::blink::ContentSecurityPolicyPtr> Parse( |
| const String&, |
| const SecurityOrigin& self_origin, |
| network::mojom::ContentSecurityPolicyType, |
| network::mojom::ContentSecurityPolicySource); |
| void ApplyPolicySideEffectsToDelegate(); |
| void ReportUseCounters( |
| const Vector<network::mojom::blink::ContentSecurityPolicyPtr>& policies); |
| void ComputeInternalStateForParsedPolicy( |
| const network::mojom::blink::ContentSecurityPolicy& csp); |
| |
| void LogToConsole( |
| const String& message, |
| mojom::ConsoleMessageLevel = mojom::ConsoleMessageLevel::kError); |
| |
| bool ShouldSendViolationReport(const String&) const; |
| void DidSendViolationReport(const String&); |
| void PostViolationReport(const SecurityPolicyViolationEventInit*, |
| LocalFrame*, |
| const Vector<String>& report_endpoints, |
| bool use_reporting_api); |
| |
| bool AllowFromSource(CSPDirectiveName, |
| const KURL&, |
| const KURL& url_before_redirects, |
| RedirectStatus, |
| ReportingDisposition = ReportingDisposition::kReport, |
| CheckHeaderType = CheckHeaderType::kCheckAll, |
| const String& = String(), |
| const IntegrityMetadataSet& = IntegrityMetadataSet(), |
| ParserDisposition = kParserInserted); |
| |
| static void FillInCSPHashValues( |
| const String& source, |
| uint8_t hash_algorithms_used, |
| Vector<network::mojom::blink::CSPHashSourcePtr>& csp_hash_values); |
| |
| // checks a vector of csp hashes against policy, probably a good idea |
| // to use in tandem with FillInCSPHashValues. |
| static bool CheckHashAgainstPolicy( |
| Vector<network::mojom::blink::CSPHashSourcePtr>&, |
| const network::mojom::blink::ContentSecurityPolicy&, |
| InlineType); |
| |
| bool ShouldBypassContentSecurityPolicy( |
| const KURL&, |
| SchemeRegistry::PolicyAreas = SchemeRegistry::kPolicyAreaAll) const; |
| |
| // TODO: Consider replacing 'ContentSecurityPolicy::ViolationType' with the |
| // mojo enum. |
| mojom::blink::ContentSecurityPolicyViolationType BuildCSPViolationType( |
| ContentSecurityPolicy::ContentSecurityPolicyViolationType violation_type); |
| |
| void ReportContentSecurityPolicyIssue( |
| const blink::SecurityPolicyViolationEventInit& violation_data, |
| network::mojom::ContentSecurityPolicyType header_type, |
| ContentSecurityPolicyViolationType violation_type, |
| LocalFrame*, |
| Element*, |
| SourceLocation*); |
| |
| Member<ContentSecurityPolicyDelegate> delegate_; |
| bool override_inline_style_allowed_ = false; |
| Vector<network::mojom::blink::ContentSecurityPolicyPtr> policies_; |
| ConsoleMessageVector console_messages_; |
| bool header_delivered_{false}; |
| |
| HashSet<unsigned, AlreadyHashed> violation_reports_sent_; |
| |
| // We put the hash functions used on the policy object so that we only need |
| // to calculate a hash once and then distribute it to all of the directives |
| // for validation. |
| uint8_t script_hash_algorithms_used_; |
| uint8_t style_hash_algorithms_used_; |
| |
| // State flags used to configure the environment after parsing a policy. |
| network::mojom::blink::WebSandboxFlags sandbox_mask_; |
| bool require_trusted_types_; |
| String disable_eval_error_message_; |
| mojom::blink::InsecureRequestPolicy insecure_request_policy_; |
| |
| String self_protocol_; |
| |
| bool supports_wasm_eval_ = false; |
| }; |
| |
| } // namespace blink |
| |
| #endif // THIRD_PARTY_BLINK_RENDERER_CORE_FRAME_CSP_CONTENT_SECURITY_POLICY_H_ |
