void ContentSecurityPolicy::addDirective(const String& name, const String& value) { DEFINE_STATIC_LOCAL(String, defaultSrc, ("default-src")); DEFINE_STATIC_LOCAL(String, scriptSrc, ("script-src")); DEFINE_STATIC_LOCAL(String, objectSrc, ("object-src")); DEFINE_STATIC_LOCAL(String, frameSrc, ("frame-src")); DEFINE_STATIC_LOCAL(String, imgSrc, ("img-src")); DEFINE_STATIC_LOCAL(String, styleSrc, ("style-src")); DEFINE_STATIC_LOCAL(String, fontSrc, ("font-src")); DEFINE_STATIC_LOCAL(String, mediaSrc, ("media-src")); DEFINE_STATIC_LOCAL(String, reportURI, ("report-uri")); ASSERT(!name.isEmpty()); if (!m_defaultSrc && equalIgnoringCase(name, defaultSrc)) m_defaultSrc = createCSPDirective(name, value); else if (!m_scriptSrc && equalIgnoringCase(name, scriptSrc)) m_scriptSrc = createCSPDirective(name, value); else if (!m_objectSrc && equalIgnoringCase(name, objectSrc)) m_objectSrc = createCSPDirective(name, value); else if (!m_frameSrc && equalIgnoringCase(name, frameSrc)) m_frameSrc = createCSPDirective(name, value); else if (!m_imgSrc && equalIgnoringCase(name, imgSrc)) m_imgSrc = createCSPDirective(name, value); else if (!m_styleSrc && equalIgnoringCase(name, styleSrc)) m_styleSrc = createCSPDirective(name, value); else if (!m_fontSrc && equalIgnoringCase(name, fontSrc)) m_fontSrc = createCSPDirective(name, value); else if (!m_mediaSrc && equalIgnoringCase(name, mediaSrc)) m_mediaSrc = createCSPDirective(name, value); else if (m_reportURLs.isEmpty() && equalIgnoringCase(name, reportURI)) parseReportURI(value); }
void CSPDirectiveList::addDirective(const String& name, const String& value) { ASSERT(!name.isEmpty()); if (equalIgnoringCase(name, ContentSecurityPolicy::DefaultSrc)) { setCSPDirective<SourceListDirective>(name, value, m_defaultSrc); // TODO(mkwst) It seems unlikely that developers would use different // algorithms for scripts and styles. We may want to combine the // usesScriptHashAlgorithms() and usesStyleHashAlgorithms. m_policy->usesScriptHashAlgorithms(m_defaultSrc->hashAlgorithmsUsed()); m_policy->usesStyleHashAlgorithms(m_defaultSrc->hashAlgorithmsUsed()); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ScriptSrc)) { setCSPDirective<SourceListDirective>(name, value, m_scriptSrc); m_policy->usesScriptHashAlgorithms(m_scriptSrc->hashAlgorithmsUsed()); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ObjectSrc)) { setCSPDirective<SourceListDirective>(name, value, m_objectSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameAncestors)) { setCSPDirective<SourceListDirective>(name, value, m_frameAncestors); } else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameSrc)) { setCSPDirective<SourceListDirective>(name, value, m_frameSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ImgSrc)) { setCSPDirective<SourceListDirective>(name, value, m_imgSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::StyleSrc)) { setCSPDirective<SourceListDirective>(name, value, m_styleSrc); m_policy->usesStyleHashAlgorithms(m_styleSrc->hashAlgorithmsUsed()); } else if (equalIgnoringCase(name, ContentSecurityPolicy::FontSrc)) { setCSPDirective<SourceListDirective>(name, value, m_fontSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::MediaSrc)) { setCSPDirective<SourceListDirective>(name, value, m_mediaSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ConnectSrc)) { setCSPDirective<SourceListDirective>(name, value, m_connectSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::Sandbox)) { applySandboxPolicy(name, value); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ReportURI)) { parseReportURI(name, value); } else if (equalIgnoringCase(name, ContentSecurityPolicy::BaseURI)) { setCSPDirective<SourceListDirective>(name, value, m_baseURI); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ChildSrc)) { setCSPDirective<SourceListDirective>(name, value, m_childSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::FormAction)) { setCSPDirective<SourceListDirective>(name, value, m_formAction); } else if (equalIgnoringCase(name, ContentSecurityPolicy::PluginTypes)) { setCSPDirective<MediaListDirective>(name, value, m_pluginTypes); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ReflectedXSS)) { parseReflectedXSS(name, value); } else if (equalIgnoringCase(name, ContentSecurityPolicy::Referrer)) { parseReferrer(name, value); } else if (equalIgnoringCase(name, ContentSecurityPolicy::UpgradeInsecureRequests)) { enableInsecureRequestsUpgrade(name, value); } else if (equalIgnoringCase(name, ContentSecurityPolicy::BlockAllMixedContent)) { enforceStrictMixedContentChecking(name, value); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ManifestSrc)) { setCSPDirective<SourceListDirective>(name, value, m_manifestSrc); } else if (RuntimeEnabledFeatures::suboriginsEnabled() && equalIgnoringCase(name, ContentSecurityPolicy::Suborigin)) { applySuboriginPolicy(name, value); } else { m_policy->reportUnsupportedDirective(name); } }
void CSPDirectiveList::addDirective(const String& name, const String& value) { ASSERT(!name.isEmpty()); if (equalIgnoringCase(name, ContentSecurityPolicy::DefaultSrc)) { setCSPDirective<SourceListDirective>(name, value, m_defaultSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ScriptSrc)) { setCSPDirective<SourceListDirective>(name, value, m_scriptSrc); m_policy->usesScriptHashAlgorithms(m_scriptSrc->hashAlgorithmsUsed()); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ObjectSrc)) { setCSPDirective<SourceListDirective>(name, value, m_objectSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameAncestors)) { setCSPDirective<SourceListDirective>(name, value, m_frameAncestors); } else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameSrc)) { setCSPDirective<SourceListDirective>(name, value, m_frameSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ImgSrc)) { setCSPDirective<SourceListDirective>(name, value, m_imgSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::StyleSrc)) { setCSPDirective<SourceListDirective>(name, value, m_styleSrc); m_policy->usesStyleHashAlgorithms(m_styleSrc->hashAlgorithmsUsed()); } else if (equalIgnoringCase(name, ContentSecurityPolicy::FontSrc)) { setCSPDirective<SourceListDirective>(name, value, m_fontSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::MediaSrc)) { setCSPDirective<SourceListDirective>(name, value, m_mediaSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ConnectSrc)) { setCSPDirective<SourceListDirective>(name, value, m_connectSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::Sandbox)) { applySandboxPolicy(name, value); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ReportURI)) { parseReportURI(name, value); } else if (equalIgnoringCase(name, ContentSecurityPolicy::BaseURI)) { setCSPDirective<SourceListDirective>(name, value, m_baseURI); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ChildSrc)) { setCSPDirective<SourceListDirective>(name, value, m_childSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::FormAction)) { setCSPDirective<SourceListDirective>(name, value, m_formAction); } else if (equalIgnoringCase(name, ContentSecurityPolicy::PluginTypes)) { setCSPDirective<MediaListDirective>(name, value, m_pluginTypes); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ReflectedXSS)) { parseReflectedXSS(name, value); } else if (equalIgnoringCase(name, ContentSecurityPolicy::Referrer)) { parseReferrer(name, value); } else if (m_policy->experimentalFeaturesEnabled()) { if (equalIgnoringCase(name, ContentSecurityPolicy::ManifestSrc)) setCSPDirective<SourceListDirective>(name, value, m_manifestSrc); else if (equalIgnoringCase(name, ContentSecurityPolicy::StrictMixedContentChecking)) enforceStrictMixedContentChecking(name, value); else m_policy->reportUnsupportedDirective(name); } else { m_policy->reportUnsupportedDirective(name); } }