LibWeb: Introduce Content Security Policy policies and directives

These form the basis of Content Security Policy. A policy is a collection of directives that are parsed from either the Content-Security-Policy(-Report-Only) HTTP header, or the `<meta>` element. The directives are what restrict the operations can be performed in the current global execution context. For example, "frame-ancestors: none" tells us to prevent the page from being loaded in an embedded context, such as `<iframe>`. You can see it a bit like OpenBSD's pledge() functionality, but for the web platform: https://man.openbsd.org/pledge.2
Author: https://github.com/Lubrsi Commit: e34a6c86b9 Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/3662
2025-05-05 10:42:51 +00:00 · 2024-11-25 16:17:17 +00:00 · 2024-11-25 16:17:17 +00:00 · e34a6c86b9 · 2025-03-04 13:28:21 +00:00
commit e34a6c86b9
parent d17bd2c5f1
20 changed files with 846 additions and 3 deletions
--- a/Libraries/LibWeb/HTML/SerializedPolicyContainer.cpp
+++ b/Libraries/LibWeb/HTML/SerializedPolicyContainer.cpp
@ -13,6 +13,7 @@ namespace IPC {
 template<>
 ErrorOr<void> encode(Encoder& encoder, Web::HTML::SerializedPolicyContainer const& serialized_policy_container)
 {
+    TRY(encoder.encode(serialized_policy_container.csp_list));
    TRY(encoder.encode(serialized_policy_container.embedder_policy));
    TRY(encoder.encode(serialized_policy_container.referrer_policy));

@ -24,6 +25,7 @@ ErrorOr<Web::HTML::SerializedPolicyContainer> decode(Decoder& decoder)
 {
    Web::HTML::SerializedPolicyContainer serialized_policy_container {};

+    serialized_policy_container.csp_list = TRY(decoder.decode<Vector<Web::ContentSecurityPolicy::SerializedPolicy>>());
    serialized_policy_container.embedder_policy = TRY(decoder.decode<Web::HTML::EmbedderPolicy>());
    serialized_policy_container.referrer_policy = TRY(decoder.decode<Web::ReferrerPolicy::ReferrerPolicy>());