1 // Copyright 2018 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef THIRD_PARTY_BLINK_RENDERER_BINDINGS_CORE_V8_ISOLATED_WORLD_CSP_H_ 6 #define THIRD_PARTY_BLINK_RENDERER_BINDINGS_CORE_V8_ISOLATED_WORLD_CSP_H_ 7 8 #include "base/macros.h" 9 #include "third_party/blink/renderer/core/core_export.h" 10 #include "third_party/blink/renderer/platform/weborigin/security_origin.h" 11 #include "third_party/blink/renderer/platform/wtf/allocator/allocator.h" 12 #include "third_party/blink/renderer/platform/wtf/hash_map.h" 13 #include "third_party/blink/renderer/platform/wtf/text/wtf_string.h" 14 15 namespace blink { 16 17 class ContentSecurityPolicy; 18 class Document; 19 20 // A singleton storing content security policy for each isolated world. 21 class CORE_EXPORT IsolatedWorldCSP { 22 USING_FAST_MALLOC(IsolatedWorldCSP); 23 24 public: 25 static IsolatedWorldCSP& Get(); 26 27 // Associated an isolated world with a Content Security Policy. Resources 28 // embedded into the main world's DOM from script executed in an isolated 29 // world should be restricted based on the isolated world's CSP, not the 30 // main world's. 31 // 32 // TODO(crbug.com/896041): Right now, resource injection simply bypasses the 33 // main world's CSP. More work is necessary to allow the isolated world's 34 // policy to be applied correctly. 35 // Note: If |policy| is null, the PolicyInfo for |world_id| is cleared. If 36 // |policy| is specified, |self_origin| must not be null. 37 void SetContentSecurityPolicy(int32_t world_id, 38 const String& policy, 39 scoped_refptr<SecurityOrigin> self_origin); 40 bool HasContentSecurityPolicy(int32_t world_id) const; 41 42 // Creates a ContentSecurityPolicy instance for the given isolated |world_id| 43 // and |document|. Returns null if no ContentSecurityPolicy is defined for the 44 // given isolated |world_id|. 45 ContentSecurityPolicy* CreateIsolatedWorldCSP(Document& document, 46 int32_t world_id); 47 48 private: 49 struct PolicyInfo { 50 String policy; 51 scoped_refptr<SecurityOrigin> self_origin; 52 }; 53 54 IsolatedWorldCSP(); 55 56 // Map from the isolated world |world_id| to its PolicyInfo. 57 HashMap<int, PolicyInfo> csp_map_; 58 59 DISALLOW_COPY_AND_ASSIGN(IsolatedWorldCSP); 60 }; 61 62 } // namespace blink 63 64 #endif // THIRD_PARTY_BLINK_RENDERER_BINDINGS_CORE_V8_ISOLATED_WORLD_CSP_H_ 65