[webkit-reviews] review denied: [Bug 99274] Warn when CSP headers don't separate directives with '; '. : [Attachment 168647] Patch

Mon Oct 15 09:18:14 PDT 2012

Adam Barth <abarth at webkit.org> has denied Mike West <mkwst at chromium.org>'s
request for review:
Bug 99274: Warn when CSP headers don't separate directives with ';'.
https://bugs.webkit.org/show_bug.cgi?id=99274

Attachment 168647: Patch
https://bugs.webkit.org/attachment.cgi?id=168647&action=review

------- Additional Comments from Adam Barth <abarth at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=168647&action=review

> Source/WebCore/page/ContentSecurityPolicy.h:87
> +    static const char* connectSrc() { return "connect-src"; }
> +    static const char* defaultSrc() { return "default-src"; }
> +    static const char* fontSrc() { return "font-src"; }
> +    static const char* frameSrc() { return "frame-src"; }
> +    static const char* imgSrc() { return "img-src"; }
> +    static const char* mediaSrc() { return "media-src"; }
> +    static const char* objectSrc() { return "object-src"; }
> +    static const char* reportURI() { return "report-uri"; }
> +    static const char* sandbox() { return "sandbox"; }
> +    static const char* scriptSrc() { return "script-src"; }
> +    static const char* styleSrc() { return "style-src"; }
> +#if ENABLE(CSP_NEXT)
> +    static const char* formAction() { return "form-action"; }
> +    static const char* pluginTypes() { return "plugin-types"; }
> +    static const char* scriptNonce() { return "script-nonce"; }
> +#endif

Rather thank making these functions, we should just make them static constants
in the cpp file.

> Source/WebCore/page/ContentSecurityPolicy.h:89
> +    static bool isDirectiveName(const String& name);

Should this be private?