1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef EXTENSIONS_COMMON_MANIFEST_HANDLERS_CSP_INFO_H_ 6 #define EXTENSIONS_COMMON_MANIFEST_HANDLERS_CSP_INFO_H_ 7 8 #include <string> 9 10 #include "extensions/common/extension.h" 11 #include "extensions/common/manifest_handler.h" 12 13 namespace extensions { 14 15 // A structure to hold the Content-Security-Policy information. 16 struct CSPInfo : public Extension::ManifestData { 17 explicit CSPInfo(const std::string& security_policy); 18 virtual ~CSPInfo(); 19 20 // The Content-Security-Policy for an extension. Extensions can use 21 // Content-Security-Policies to mitigate cross-site scripting and other 22 // vulnerabilities. 23 std::string content_security_policy; 24 25 static const std::string& GetContentSecurityPolicy( 26 const Extension* extension); 27 28 // Returns the Content Security Policy that the specified resource should be 29 // served with. 30 static const std::string& GetResourceContentSecurityPolicy( 31 const Extension* extension, 32 const std::string& relative_path); 33 }; 34 35 // Parses "content_security_policy" and "app.content_security_policy" keys. 36 class CSPHandler : public ManifestHandler { 37 public: 38 explicit CSPHandler(bool is_platform_app); 39 virtual ~CSPHandler(); 40 41 virtual bool Parse(Extension* extension, string16* error) OVERRIDE; 42 virtual bool AlwaysParseForType(Manifest::Type type) const OVERRIDE; 43 44 private: 45 virtual const std::vector<std::string> Keys() const OVERRIDE; 46 47 bool is_platform_app_; 48 49 DISALLOW_COPY_AND_ASSIGN(CSPHandler); 50 }; 51 52 } // namespace extensions 53 54 #endif // EXTENSIONS_COMMON_MANIFEST_HANDLERS_CSP_INFO_H_ 55