1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_COMMON_EXTENSIONS_CSP_HANDLER_H_
6 #define CHROME_COMMON_EXTENSIONS_CSP_HANDLER_H_
10 #include "chrome/common/extensions/extension.h"
11 #include "chrome/common/extensions/manifest_handler.h"
13 namespace extensions {
15 // A structure to hold the Content-Security-Policy information.
16 struct CSPInfo : public Extension::ManifestData {
17 explicit CSPInfo(const std::string& security_policy);
20 // The Content-Security-Policy for an extension. Extensions can use
21 // Content-Security-Policies to mitigate cross-site scripting and other
23 std::string content_security_policy;
25 static const std::string& GetContentSecurityPolicy(
26 const Extension* extension);
28 // Returns the Content Security Policy that the specified resource should be
30 static const std::string& GetResourceContentSecurityPolicy(
31 const Extension* extension,
32 const std::string& relative_path);
35 // Parses "content_security_policy" and "app.content_security_policy" keys.
36 class CSPHandler : public ManifestHandler {
38 explicit CSPHandler(bool is_platform_app);
39 virtual ~CSPHandler();
41 virtual bool Parse(Extension* extension, string16* error) OVERRIDE;
42 virtual bool AlwaysParseForType(Manifest::Type type) const OVERRIDE;
45 virtual const std::vector<std::string> Keys() const OVERRIDE;
47 bool is_platform_app_;
49 DISALLOW_COPY_AND_ASSIGN(CSPHandler);
52 } // namespace extensions
54 #endif // CHROME_COMMON_EXTENSIONS_CSP_HANDLER_H_