1 // Copyright 2018 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef THIRD_PARTY_BLINK_RENDERER_BINDINGS_CORE_V8_ISOLATED_WORLD_CSP_H_
6 #define THIRD_PARTY_BLINK_RENDERER_BINDINGS_CORE_V8_ISOLATED_WORLD_CSP_H_
7 
8 #include "base/macros.h"
9 #include "third_party/blink/renderer/core/core_export.h"
10 #include "third_party/blink/renderer/platform/weborigin/security_origin.h"
11 #include "third_party/blink/renderer/platform/wtf/allocator/allocator.h"
12 #include "third_party/blink/renderer/platform/wtf/hash_map.h"
13 #include "third_party/blink/renderer/platform/wtf/text/wtf_string.h"
14 
15 namespace blink {
16 
17 class ContentSecurityPolicy;
18 class Document;
19 
20 // A singleton storing content security policy for each isolated world.
21 class CORE_EXPORT IsolatedWorldCSP {
22   USING_FAST_MALLOC(IsolatedWorldCSP);
23 
24  public:
25   static IsolatedWorldCSP& Get();
26 
27   // Associated an isolated world with a Content Security Policy. Resources
28   // embedded into the main world's DOM from script executed in an isolated
29   // world should be restricted based on the isolated world's CSP, not the
30   // main world's.
31   //
32   // TODO(crbug.com/896041): Right now, resource injection simply bypasses the
33   // main world's CSP. More work is necessary to allow the isolated world's
34   // policy to be applied correctly.
35   // Note: If |policy| is null, the PolicyInfo for |world_id| is cleared. If
36   // |policy| is specified, |self_origin| must not be null.
37   void SetContentSecurityPolicy(int32_t world_id,
38                                 const String& policy,
39                                 scoped_refptr<SecurityOrigin> self_origin);
40   bool HasContentSecurityPolicy(int32_t world_id) const;
41 
42   // Creates a ContentSecurityPolicy instance for the given isolated |world_id|
43   // and |document|. Returns null if no ContentSecurityPolicy is defined for the
44   // given isolated |world_id|.
45   ContentSecurityPolicy* CreateIsolatedWorldCSP(Document& document,
46                                                 int32_t world_id);
47 
48  private:
49   struct PolicyInfo {
50     String policy;
51     scoped_refptr<SecurityOrigin> self_origin;
52   };
53 
54   IsolatedWorldCSP();
55 
56   // Map from the isolated world |world_id| to its PolicyInfo.
57   HashMap<int, PolicyInfo> csp_map_;
58 
59   DISALLOW_COPY_AND_ASSIGN(IsolatedWorldCSP);
60 };
61 
62 }  // namespace blink
63 
64 #endif  // THIRD_PARTY_BLINK_RENDERER_BINDINGS_CORE_V8_ISOLATED_WORLD_CSP_H_
65