Upstream version 9.38.198.0

[platform/framework/web/crosswalk.git] / src / third_party / WebKit / Source / core / frame / csp / ContentSecurityPolicy.h
diff --git a/src/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h b/src/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h

index 5aee0ea..203b433 100644 (file)
--- a/src/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
+++ b/src/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
@@ -26,8 +26,9 @@
  #ifndef ContentSecurityPolicy_h
  #define ContentSecurityPolicy_h
  
-#include "bindings/v8/ScriptState.h"
-#include "core/dom/Document.h"
+#include "bindings/core/v8/ScriptState.h"
+#include "core/dom/ExecutionContext.h"
+#include "core/frame/ConsoleTypes.h"
  #include "platform/network/ContentSecurityPolicyParsers.h"
  #include "platform/network/HTTPParsers.h"
  #include "platform/weborigin/ReferrerPolicy.h"
@@ -44,14 +45,14 @@ namespace WTF {
  class OrdinalNumber;
  }
  
-namespace WebCore {
+namespace blink {
  
  class ContentSecurityPolicyResponseHeaders;
  class CSPDirectiveList;
  class DOMStringList;
+class Document;
  class JSONObject;
  class KURL;
-class ExecutionContextClient;
  class SecurityOrigin;
  
  typedef int SandboxFlags;
@@ -82,9 +83,9 @@ public:
      static const char ReflectedXSS[];
      static const char Referrer[];
  
-    static PassRefPtr<ContentSecurityPolicy> create(ExecutionContextClient* client)
+    static PassRefPtr<ContentSecurityPolicy> create(ExecutionContext* executionContext)
      {
-        return adoptRef(new ContentSecurityPolicy(client));
+        return adoptRef(new ContentSecurityPolicy(executionContext));
      }
      ~ContentSecurityPolicy();
  
@@ -126,10 +127,14 @@ public:
  
      // The nonce and hash allow functions are guaranteed to not have any side
      // effects, including reporting.
-    bool allowScriptNonce(const String& nonce) const;
-    bool allowStyleNonce(const String& nonce) const;
-    bool allowScriptHash(const String& source) const;
-    bool allowStyleHash(const String& source) const;
+    // Nonce/Hash functions check all policies relating to use of a script/style
+    // with the given nonce/hash and return true all CSP policies allow it.
+    // If these return true, callers can then process the content or
+    // issue a load and be safe disabling any further CSP checks.
+    bool allowScriptWithNonce(const String& nonce) const;
+    bool allowStyleWithNonce(const String& nonce) const;
+    bool allowScriptWithHash(const String& source) const;
+    bool allowStyleWithHash(const String& source) const;
  
      void usesScriptHashAlgorithms(uint8_t ContentSecurityPolicyHashAlgorithm);
      void usesStyleHashAlgorithms(uint8_t ContentSecurityPolicyHashAlgorithm);
@@ -173,19 +178,20 @@ public:
  
      static bool isDirectiveName(const String&);
  
-    ExecutionContextClient* client() const { return m_client; }
-    Document* document() const { return client()->isDocument() ? toDocument(client()) : 0; }
+    ExecutionContext* executionContext() const { return m_executionContext; }
  
  private:
-    explicit ContentSecurityPolicy(ExecutionContextClient*);
+    explicit ContentSecurityPolicy(ExecutionContext*);
  
-    void logToConsole(const String& message) const;
+    Document* document() const;
+
+    void logToConsole(const String& message, MessageLevel = ErrorMessageLevel) const;
      void addPolicyFromHeaderValue(const String&, ContentSecurityPolicyHeaderType, ContentSecurityPolicyHeaderSource);
  
      bool shouldSendViolationReport(const String&) const;
      void didSendViolationReport(const String&);
  
-    ExecutionContextClient* m_client;
+    ExecutionContext* m_executionContext;
      bool m_overrideInlineStyleAllowed;
      CSPDirectiveListVector m_policies;