void CSPDirectiveList::addDirective(const String& name, const String& value) { ASSERT(!name.isEmpty()); if (equalIgnoringCase(name, ContentSecurityPolicy::DefaultSrc)) { setCSPDirective<SourceListDirective>(name, value, m_defaultSrc); // TODO(mkwst) It seems unlikely that developers would use different // algorithms for scripts and styles. We may want to combine the // usesScriptHashAlgorithms() and usesStyleHashAlgorithms. m_policy->usesScriptHashAlgorithms(m_defaultSrc->hashAlgorithmsUsed()); m_policy->usesStyleHashAlgorithms(m_defaultSrc->hashAlgorithmsUsed()); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ScriptSrc)) { setCSPDirective<SourceListDirective>(name, value, m_scriptSrc); m_policy->usesScriptHashAlgorithms(m_scriptSrc->hashAlgorithmsUsed()); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ObjectSrc)) { setCSPDirective<SourceListDirective>(name, value, m_objectSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameAncestors)) { setCSPDirective<SourceListDirective>(name, value, m_frameAncestors); } else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameSrc)) { setCSPDirective<SourceListDirective>(name, value, m_frameSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ImgSrc)) { setCSPDirective<SourceListDirective>(name, value, m_imgSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::StyleSrc)) { setCSPDirective<SourceListDirective>(name, value, m_styleSrc); m_policy->usesStyleHashAlgorithms(m_styleSrc->hashAlgorithmsUsed()); } else if (equalIgnoringCase(name, ContentSecurityPolicy::FontSrc)) { setCSPDirective<SourceListDirective>(name, value, m_fontSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::MediaSrc)) { setCSPDirective<SourceListDirective>(name, value, m_mediaSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ConnectSrc)) { setCSPDirective<SourceListDirective>(name, value, m_connectSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::Sandbox)) { applySandboxPolicy(name, value); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ReportURI)) { parseReportURI(name, value); } else if (equalIgnoringCase(name, ContentSecurityPolicy::BaseURI)) { setCSPDirective<SourceListDirective>(name, value, m_baseURI); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ChildSrc)) { setCSPDirective<SourceListDirective>(name, value, m_childSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::FormAction)) { setCSPDirective<SourceListDirective>(name, value, m_formAction); } else if (equalIgnoringCase(name, ContentSecurityPolicy::PluginTypes)) { setCSPDirective<MediaListDirective>(name, value, m_pluginTypes); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ReflectedXSS)) { parseReflectedXSS(name, value); } else if (equalIgnoringCase(name, ContentSecurityPolicy::Referrer)) { parseReferrer(name, value); } else if (equalIgnoringCase(name, ContentSecurityPolicy::UpgradeInsecureRequests)) { enableInsecureRequestsUpgrade(name, value); } else if (equalIgnoringCase(name, ContentSecurityPolicy::BlockAllMixedContent)) { enforceStrictMixedContentChecking(name, value); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ManifestSrc)) { setCSPDirective<SourceListDirective>(name, value, m_manifestSrc); } else if (RuntimeEnabledFeatures::suboriginsEnabled() && equalIgnoringCase(name, ContentSecurityPolicy::Suborigin)) { applySuboriginPolicy(name, value); } else { m_policy->reportUnsupportedDirective(name); } }
void CSPDirectiveList::addDirective(const String& name, const String& value) { ASSERT(!name.isEmpty()); if (equalIgnoringCase(name, ContentSecurityPolicy::DefaultSrc)) { setCSPDirective<SourceListDirective>(name, value, m_defaultSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ScriptSrc)) { setCSPDirective<SourceListDirective>(name, value, m_scriptSrc); m_policy->usesScriptHashAlgorithms(m_scriptSrc->hashAlgorithmsUsed()); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ObjectSrc)) { setCSPDirective<SourceListDirective>(name, value, m_objectSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameAncestors)) { setCSPDirective<SourceListDirective>(name, value, m_frameAncestors); } else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameSrc)) { setCSPDirective<SourceListDirective>(name, value, m_frameSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ImgSrc)) { setCSPDirective<SourceListDirective>(name, value, m_imgSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::StyleSrc)) { setCSPDirective<SourceListDirective>(name, value, m_styleSrc); m_policy->usesStyleHashAlgorithms(m_styleSrc->hashAlgorithmsUsed()); } else if (equalIgnoringCase(name, ContentSecurityPolicy::FontSrc)) { setCSPDirective<SourceListDirective>(name, value, m_fontSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::MediaSrc)) { setCSPDirective<SourceListDirective>(name, value, m_mediaSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ConnectSrc)) { setCSPDirective<SourceListDirective>(name, value, m_connectSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::Sandbox)) { applySandboxPolicy(name, value); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ReportURI)) { parseReportURI(name, value); } else if (equalIgnoringCase(name, ContentSecurityPolicy::BaseURI)) { setCSPDirective<SourceListDirective>(name, value, m_baseURI); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ChildSrc)) { setCSPDirective<SourceListDirective>(name, value, m_childSrc); } else if (equalIgnoringCase(name, ContentSecurityPolicy::FormAction)) { setCSPDirective<SourceListDirective>(name, value, m_formAction); } else if (equalIgnoringCase(name, ContentSecurityPolicy::PluginTypes)) { setCSPDirective<MediaListDirective>(name, value, m_pluginTypes); } else if (equalIgnoringCase(name, ContentSecurityPolicy::ReflectedXSS)) { parseReflectedXSS(name, value); } else if (equalIgnoringCase(name, ContentSecurityPolicy::Referrer)) { parseReferrer(name, value); } else if (m_policy->experimentalFeaturesEnabled()) { if (equalIgnoringCase(name, ContentSecurityPolicy::ManifestSrc)) setCSPDirective<SourceListDirective>(name, value, m_manifestSrc); else if (equalIgnoringCase(name, ContentSecurityPolicy::StrictMixedContentChecking)) enforceStrictMixedContentChecking(name, value); else m_policy->reportUnsupportedDirective(name); } else { m_policy->reportUnsupportedDirective(name); } }