summaryrefslogtreecommitdiffstats
path: root/dom/security/nsCSPParser.h
diff options
context:
space:
mode:
Diffstat (limited to 'dom/security/nsCSPParser.h')
-rw-r--r--dom/security/nsCSPParser.h19
1 files changed, 11 insertions, 8 deletions
diff --git a/dom/security/nsCSPParser.h b/dom/security/nsCSPParser.h
index 1bfc56c65..d500a1c18 100644
--- a/dom/security/nsCSPParser.h
+++ b/dom/security/nsCSPParser.h
@@ -243,14 +243,17 @@ class nsCSPParser {
bool mStrictDynamic; // false, if 'strict-dynamic' is not defined
nsCSPKeywordSrc* mUnsafeInlineKeywordSrc; // null, otherwise invlidate()
- // cache variables for child-src and frame-src directive handling.
- // frame-src is deprecated in favor of child-src, however if we
- // see a frame-src directive, it takes precedence for frames and iframes.
- // At the end of parsing, if we have a child-src directive, we need to
- // decide whether it will handle frames, or if there is a frame-src we
- // should honor instead.
- nsCSPChildSrcDirective* mChildSrc;
- nsCSPDirective* mFrameSrc;
+ // cache variables for child-src, frame-src and worker-src handling;
+ // in CSP 3 child-src is deprecated. For backwards compatibility
+ // child-src needs to restrict:
+ // (*) frames, in case frame-src is not expicitly specified
+ // (*) workers, in case worker-src is not expicitly specified
+ // If neither worker-src, nor child-src is present, then script-src
+ // needs to govern workers.
+ nsCSPChildSrcDirective* mChildSrc;
+ nsCSPDirective* mFrameSrc;
+ nsCSPDirective* mWorkerSrc;
+ nsCSPScriptSrcDirective* mScriptSrc;
// cache variable to let nsCSPHostSrc know that it's within
// the frame-ancestors directive.