void ContentSecurityPolicy::addDirective(const String& name, const String& value)
{
DEFINE_STATIC_LOCAL(String, defaultSrc, ("default-src"));
DEFINE_STATIC_LOCAL(String, scriptSrc, ("script-src"));
DEFINE_STATIC_LOCAL(String, objectSrc, ("object-src"));
DEFINE_STATIC_LOCAL(String, frameSrc, ("frame-src"));
DEFINE_STATIC_LOCAL(String, imgSrc, ("img-src"));
DEFINE_STATIC_LOCAL(String, styleSrc, ("style-src"));
DEFINE_STATIC_LOCAL(String, fontSrc, ("font-src"));
DEFINE_STATIC_LOCAL(String, mediaSrc, ("media-src"));
DEFINE_STATIC_LOCAL(String, reportURI, ("report-uri"));
ASSERT(!name.isEmpty());
if (!m_defaultSrc && equalIgnoringCase(name, defaultSrc))
m_defaultSrc = createCSPDirective(name, value);
else if (!m_scriptSrc && equalIgnoringCase(name, scriptSrc))
m_scriptSrc = createCSPDirective(name, value);
else if (!m_objectSrc && equalIgnoringCase(name, objectSrc))
m_objectSrc = createCSPDirective(name, value);
else if (!m_frameSrc && equalIgnoringCase(name, frameSrc))
m_frameSrc = createCSPDirective(name, value);
else if (!m_imgSrc && equalIgnoringCase(name, imgSrc))
m_imgSrc = createCSPDirective(name, value);
else if (!m_styleSrc && equalIgnoringCase(name, styleSrc))
m_styleSrc = createCSPDirective(name, value);
else if (!m_fontSrc && equalIgnoringCase(name, fontSrc))
m_fontSrc = createCSPDirective(name, value);
else if (!m_mediaSrc && equalIgnoringCase(name, mediaSrc))
m_mediaSrc = createCSPDirective(name, value);
else if (m_reportURLs.isEmpty() && equalIgnoringCase(name, reportURI))
parseReportURI(value);
}
void CSPDirectiveList::addDirective(const String& name, const String& value)
{
ASSERT(!name.isEmpty());
if (equalIgnoringCase(name, ContentSecurityPolicy::DefaultSrc)) {
setCSPDirective<SourceListDirective>(name, value, m_defaultSrc);
// TODO(mkwst) It seems unlikely that developers would use different
// algorithms for scripts and styles. We may want to combine the
// usesScriptHashAlgorithms() and usesStyleHashAlgorithms.
m_policy->usesScriptHashAlgorithms(m_defaultSrc->hashAlgorithmsUsed());
m_policy->usesStyleHashAlgorithms(m_defaultSrc->hashAlgorithmsUsed());
} else if (equalIgnoringCase(name, ContentSecurityPolicy::ScriptSrc)) {
setCSPDirective<SourceListDirective>(name, value, m_scriptSrc);
m_policy->usesScriptHashAlgorithms(m_scriptSrc->hashAlgorithmsUsed());
} else if (equalIgnoringCase(name, ContentSecurityPolicy::ObjectSrc)) {
setCSPDirective<SourceListDirective>(name, value, m_objectSrc);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameAncestors)) {
setCSPDirective<SourceListDirective>(name, value, m_frameAncestors);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameSrc)) {
setCSPDirective<SourceListDirective>(name, value, m_frameSrc);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::ImgSrc)) {
setCSPDirective<SourceListDirective>(name, value, m_imgSrc);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::StyleSrc)) {
setCSPDirective<SourceListDirective>(name, value, m_styleSrc);
m_policy->usesStyleHashAlgorithms(m_styleSrc->hashAlgorithmsUsed());
} else if (equalIgnoringCase(name, ContentSecurityPolicy::FontSrc)) {
setCSPDirective<SourceListDirective>(name, value, m_fontSrc);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::MediaSrc)) {
setCSPDirective<SourceListDirective>(name, value, m_mediaSrc);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::ConnectSrc)) {
setCSPDirective<SourceListDirective>(name, value, m_connectSrc);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::Sandbox)) {
applySandboxPolicy(name, value);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::ReportURI)) {
parseReportURI(name, value);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::BaseURI)) {
setCSPDirective<SourceListDirective>(name, value, m_baseURI);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::ChildSrc)) {
setCSPDirective<SourceListDirective>(name, value, m_childSrc);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::FormAction)) {
setCSPDirective<SourceListDirective>(name, value, m_formAction);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::PluginTypes)) {
setCSPDirective<MediaListDirective>(name, value, m_pluginTypes);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::ReflectedXSS)) {
parseReflectedXSS(name, value);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::Referrer)) {
parseReferrer(name, value);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::UpgradeInsecureRequests)) {
enableInsecureRequestsUpgrade(name, value);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::BlockAllMixedContent)) {
enforceStrictMixedContentChecking(name, value);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::ManifestSrc)) {
setCSPDirective<SourceListDirective>(name, value, m_manifestSrc);
} else if (RuntimeEnabledFeatures::suboriginsEnabled() && equalIgnoringCase(name, ContentSecurityPolicy::Suborigin)) {
applySuboriginPolicy(name, value);
} else {
m_policy->reportUnsupportedDirective(name);
}
}
void CSPDirectiveList::addDirective(const String& name, const String& value)
{
ASSERT(!name.isEmpty());
if (equalIgnoringCase(name, ContentSecurityPolicy::DefaultSrc)) {
setCSPDirective<SourceListDirective>(name, value, m_defaultSrc);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::ScriptSrc)) {
setCSPDirective<SourceListDirective>(name, value, m_scriptSrc);
m_policy->usesScriptHashAlgorithms(m_scriptSrc->hashAlgorithmsUsed());
} else if (equalIgnoringCase(name, ContentSecurityPolicy::ObjectSrc)) {
setCSPDirective<SourceListDirective>(name, value, m_objectSrc);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameAncestors)) {
setCSPDirective<SourceListDirective>(name, value, m_frameAncestors);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameSrc)) {
setCSPDirective<SourceListDirective>(name, value, m_frameSrc);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::ImgSrc)) {
setCSPDirective<SourceListDirective>(name, value, m_imgSrc);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::StyleSrc)) {
setCSPDirective<SourceListDirective>(name, value, m_styleSrc);
m_policy->usesStyleHashAlgorithms(m_styleSrc->hashAlgorithmsUsed());
} else if (equalIgnoringCase(name, ContentSecurityPolicy::FontSrc)) {
setCSPDirective<SourceListDirective>(name, value, m_fontSrc);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::MediaSrc)) {
setCSPDirective<SourceListDirective>(name, value, m_mediaSrc);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::ConnectSrc)) {
setCSPDirective<SourceListDirective>(name, value, m_connectSrc);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::Sandbox)) {
applySandboxPolicy(name, value);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::ReportURI)) {
parseReportURI(name, value);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::BaseURI)) {
setCSPDirective<SourceListDirective>(name, value, m_baseURI);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::ChildSrc)) {
setCSPDirective<SourceListDirective>(name, value, m_childSrc);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::FormAction)) {
setCSPDirective<SourceListDirective>(name, value, m_formAction);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::PluginTypes)) {
setCSPDirective<MediaListDirective>(name, value, m_pluginTypes);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::ReflectedXSS)) {
parseReflectedXSS(name, value);
} else if (equalIgnoringCase(name, ContentSecurityPolicy::Referrer)) {
parseReferrer(name, value);
} else if (m_policy->experimentalFeaturesEnabled()) {
if (equalIgnoringCase(name, ContentSecurityPolicy::ManifestSrc))
setCSPDirective<SourceListDirective>(name, value, m_manifestSrc);
else if (equalIgnoringCase(name, ContentSecurityPolicy::StrictMixedContentChecking))
enforceStrictMixedContentChecking(name, value);
else
m_policy->reportUnsupportedDirective(name);
} else {
m_policy->reportUnsupportedDirective(name);
}
}
