| // Copyright 2018 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef CONTENT_BROWSER_INITIATOR_CSP_CONTEXT_H_ |
| #define CONTENT_BROWSER_INITIATOR_CSP_CONTEXT_H_ |
| |
| #include "content/browser/frame_host/render_frame_host_impl.h" |
| #include "content/common/content_security_policy/csp_context.h" |
| #include "content/common/navigation_params.h" |
| |
| namespace content { |
| |
| // This is a CSP context that represents the document that initiated a |
| // navigation. The reason we can't just use the initiating RenderFrameHost is |
| // because it might already be destroyed when the CSP are checked in the |
| // navigating RenderFrameHost. This uses the policies |
| // passed through the CommonNavigationParams. The |
| // relevant CSP directives of the navigation initiator are currently |
| // `navigate-to` and `form-action` (in the case of form submissions). |
| class InitiatorCSPContext : public CSPContext { |
| public: |
| InitiatorCSPContext(const std::vector<ContentSecurityPolicy>& policies, |
| base::Optional<CSPSource>& self_source); |
| |
| void ReportContentSecurityPolicyViolation( |
| const CSPViolationParams& violation_params) override; |
| bool SchemeShouldBypassCSP(const base::StringPiece& scheme) override; |
| void SetReportingRenderFrameHost(RenderFrameHostImpl* rfh); |
| void SanitizeDataForUseInCspViolation( |
| bool is_redirect, |
| CSPDirective::Name directive, |
| GURL* blocked_url, |
| SourceLocation* source_location) const override; |
| |
| private: |
| RenderFrameHostImpl* reporting_render_frame_host_impl_; |
| }; |
| |
| } // namespace content |
| |
| #endif // CONTENT_BROWSER_INITIATOR_CSP_CONTEXT_H_ |