LibWeb/CSP: Implement the report-to directive

This doesn't do anything by itself, the report a violation algorithm will handle this directive itself.
Author: https://github.com/Lubrsi Commit: 855e17529c Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/5765
2025-08-28 21:26:22 +00:00 · 2024-12-04 14:43:15 +00:00 · 2024-12-04 14:43:15 +00:00 · 855e17529c · 2025-08-07 17:26:50 +00:00
commit 855e17529c
parent ed0230bb93
5 changed files with 49 additions and 0 deletions
--- a/Libraries/LibWeb/CMakeLists.txt
+++ b/Libraries/LibWeb/CMakeLists.txt
@ -60,6 +60,7 @@ set(SOURCES
    ContentSecurityPolicy/Directives/MediaSourceDirective.cpp
    ContentSecurityPolicy/Directives/Names.cpp
    ContentSecurityPolicy/Directives/ObjectSourceDirective.cpp
+    ContentSecurityPolicy/Directives/ReportToDirective.cpp
    ContentSecurityPolicy/Directives/ReportUriDirective.cpp
    ContentSecurityPolicy/Directives/ScriptSourceAttributeDirective.cpp
    ContentSecurityPolicy/Directives/ScriptSourceDirective.cpp
--- a/Libraries/LibWeb/ContentSecurityPolicy/Directives/DirectiveFactory.cpp
+++ b/Libraries/LibWeb/ContentSecurityPolicy/Directives/DirectiveFactory.cpp
@ -20,6 +20,7 @@
 #include <LibWeb/ContentSecurityPolicy/Directives/MediaSourceDirective.h>
 #include <LibWeb/ContentSecurityPolicy/Directives/Names.h>
 #include <LibWeb/ContentSecurityPolicy/Directives/ObjectSourceDirective.h>
+#include <LibWeb/ContentSecurityPolicy/Directives/ReportToDirective.h>
 #include <LibWeb/ContentSecurityPolicy/Directives/ReportUriDirective.h>
 #include <LibWeb/ContentSecurityPolicy/Directives/ScriptSourceAttributeDirective.h>
 #include <LibWeb/ContentSecurityPolicy/Directives/ScriptSourceDirective.h>
@ -69,6 +70,9 @@ GC::Ref<Directive> create_directive(GC::Heap& heap, String name, Vector<String>
    if (name == Names::ObjectSrc)
        return heap.allocate<ObjectSourceDirective>(move(name), move(value));

+    if (name == Names::ReportTo)
+        return heap.allocate<ReportToDirective>(move(name), move(value));
+
    if (name == Names::ReportUri)
        return heap.allocate<ReportUriDirective>(move(name), move(value));

--- a/Libraries/LibWeb/ContentSecurityPolicy/Directives/ReportToDirective.cpp
+++ b/Libraries/LibWeb/ContentSecurityPolicy/Directives/ReportToDirective.cpp
@ -0,0 +1,18 @@
+/*
+ * Copyright (c) 2024, Luke Wilde <luke@ladybird.org>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+#include <LibWeb/ContentSecurityPolicy/Directives/ReportToDirective.h>
+
+namespace Web::ContentSecurityPolicy::Directives {
+
+GC_DEFINE_ALLOCATOR(ReportToDirective);
+
+ReportToDirective::ReportToDirective(String name, Vector<String> value)
+    : Directive(move(name), move(value))
+{
+}
+
+}
--- a/Libraries/LibWeb/ContentSecurityPolicy/Directives/ReportToDirective.h
+++ b/Libraries/LibWeb/ContentSecurityPolicy/Directives/ReportToDirective.h
@ -0,0 +1,25 @@
+/*
+ * Copyright (c) 2024, Luke Wilde <luke@ladybird.org>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+#pragma once
+
+#include <LibWeb/ContentSecurityPolicy/Directives/Directive.h>
+
+namespace Web::ContentSecurityPolicy::Directives {
+
+// https://w3c.github.io/webappsec-csp/#directive-report-to
+class ReportToDirective final : public Directive {
+    GC_CELL(ReportToDirective, Directive)
+    GC_DECLARE_ALLOCATOR(ReportToDirective);
+
+public:
+    virtual ~ReportToDirective() = default;
+
+private:
+    ReportToDirective(String name, Vector<String> value);
+};
+
+}
--- a/Libraries/LibWeb/Forward.h
+++ b/Libraries/LibWeb/Forward.h
@ -149,6 +149,7 @@ class ImageSourceDirective;
 class ManifestSourceDirective;
 class MediaSourceDirective;
 class ObjectSourceDirective;
+class ReportToDirective;
 class ReportUriDirective;
 class ScriptSourceAttributeDirective;
 class ScriptSourceDirective;