Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(934)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/dom/SecurityContext.h

Issue 1010893003: Upgrade insecure requests: Pipe navigational hosts down into nested documents. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: MOARASSERT Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « Source/core/dom/DocumentInit.cpp ('k') | Source/core/frame/csp/ContentSecurityPolicy.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Google Inc. All Rights Reserved. 2 * Copyright (C) 2011 Google Inc. All Rights Reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 11 matching lines...) Expand all
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 * 24 *
25 */ 25 */
26 26
27 #ifndef SecurityContext_h 27 #ifndef SecurityContext_h
28 #define SecurityContext_h 28 #define SecurityContext_h
29 29
30 #include "core/CoreExport.h" 30 #include "core/CoreExport.h"
31 #include "core/dom/SandboxFlags.h" 31 #include "core/dom/SandboxFlags.h"
32 #include "wtf/HashSet.h"
32 #include "wtf/Noncopyable.h" 33 #include "wtf/Noncopyable.h"
33 #include "wtf/PassRefPtr.h" 34 #include "wtf/PassRefPtr.h"
34 #include "wtf/RefPtr.h" 35 #include "wtf/RefPtr.h"
36 #include "wtf/text/StringHash.h"
35 #include "wtf/text/WTFString.h" 37 #include "wtf/text/WTFString.h"
36 38
37 namespace blink { 39 namespace blink {
38 40
39 class SecurityOrigin; 41 class SecurityOrigin;
40 class ContentSecurityPolicy; 42 class ContentSecurityPolicy;
41 class KURL; 43 class KURL;
42 44
43 class CORE_EXPORT SecurityContext { 45 class CORE_EXPORT SecurityContext {
44 WTF_MAKE_NONCOPYABLE(SecurityContext); 46 WTF_MAKE_NONCOPYABLE(SecurityContext);
45 public: 47 public:
48 using InsecureNavigationsSet = HashSet<unsigned, WTF::AlreadyHashed>;
49
46 // The ordering here is important: 'Upgrade' overrides 'DoNotUpgrade'. 50 // The ordering here is important: 'Upgrade' overrides 'DoNotUpgrade'.
47 enum InsecureRequestsPolicy { 51 enum InsecureRequestsPolicy {
48 InsecureRequestsDoNotUpgrade = 0, 52 InsecureRequestsDoNotUpgrade = 0,
49 InsecureRequestsUpgrade 53 InsecureRequestsUpgrade
50 }; 54 };
51 55
52 SecurityOrigin* securityOrigin() const { return m_securityOrigin.get(); } 56 SecurityOrigin* securityOrigin() const { return m_securityOrigin.get(); }
53 ContentSecurityPolicy* contentSecurityPolicy() const { return m_contentSecur ityPolicy.get(); } 57 ContentSecurityPolicy* contentSecurityPolicy() const { return m_contentSecur ityPolicy.get(); }
54 58
55 bool isSecureTransitionTo(const KURL&) const; 59 bool isSecureTransitionTo(const KURL&) const;
56 60
57 // Explicitly override the security origin for this security context. 61 // Explicitly override the security origin for this security context.
58 // Note: It is dangerous to change the security origin of a script context 62 // Note: It is dangerous to change the security origin of a script context
59 // that already contains content. 63 // that already contains content.
60 void setSecurityOrigin(PassRefPtr<SecurityOrigin>); 64 void setSecurityOrigin(PassRefPtr<SecurityOrigin>);
61 virtual void didUpdateSecurityOrigin() = 0; 65 virtual void didUpdateSecurityOrigin() = 0;
62 66
63 SandboxFlags sandboxFlags() const { return m_sandboxFlags; } 67 SandboxFlags sandboxFlags() const { return m_sandboxFlags; }
64 bool isSandboxed(SandboxFlags mask) const { return m_sandboxFlags & mask; } 68 bool isSandboxed(SandboxFlags mask) const { return m_sandboxFlags & mask; }
65 void enforceSandboxFlags(SandboxFlags mask); 69 void enforceSandboxFlags(SandboxFlags mask);
66 70
67 void setHostedInReservedIPRange() { m_hostedInReservedIPRange = true; } 71 void setHostedInReservedIPRange() { m_hostedInReservedIPRange = true; }
68 bool isHostedInReservedIPRange() const { return m_hostedInReservedIPRange; } 72 bool isHostedInReservedIPRange() const { return m_hostedInReservedIPRange; }
69 73
70 void setInsecureRequestsPolicy(InsecureRequestsPolicy policy) { m_insecureRe questsPolicy = policy; } 74 void setInsecureRequestsPolicy(InsecureRequestsPolicy policy) { m_insecureRe questsPolicy = policy; }
71 InsecureRequestsPolicy insecureRequestsPolicy() const { return m_insecureReq uestsPolicy; } 75 InsecureRequestsPolicy insecureRequestsPolicy() const { return m_insecureReq uestsPolicy; }
72 76
77 void addInsecureNavigationUpgrade(unsigned hashedHost) { m_insecureNavigatio nsToUpgrade.add(hashedHost); }
78 InsecureNavigationsSet* insecureNavigationsToUpgrade() { return &m_insecureN avigationsToUpgrade; }
79
73 protected: 80 protected:
74 SecurityContext(); 81 SecurityContext();
75 virtual ~SecurityContext(); 82 virtual ~SecurityContext();
76 83
77 void setContentSecurityPolicy(PassRefPtr<ContentSecurityPolicy>); 84 void setContentSecurityPolicy(PassRefPtr<ContentSecurityPolicy>);
78 85
79 void didFailToInitializeSecurityOrigin() { m_haveInitializedSecurityOrigin = false; } 86 void didFailToInitializeSecurityOrigin() { m_haveInitializedSecurityOrigin = false; }
80 bool haveInitializedSecurityOrigin() const { return m_haveInitializedSecurit yOrigin; } 87 bool haveInitializedSecurityOrigin() const { return m_haveInitializedSecurit yOrigin; }
81 88
82 private: 89 private:
83 bool m_haveInitializedSecurityOrigin; 90 bool m_haveInitializedSecurityOrigin;
84 RefPtr<SecurityOrigin> m_securityOrigin; 91 RefPtr<SecurityOrigin> m_securityOrigin;
85 RefPtr<ContentSecurityPolicy> m_contentSecurityPolicy; 92 RefPtr<ContentSecurityPolicy> m_contentSecurityPolicy;
86 93
87 SandboxFlags m_sandboxFlags; 94 SandboxFlags m_sandboxFlags;
88 95
89 bool m_hostedInReservedIPRange; 96 bool m_hostedInReservedIPRange;
90 InsecureRequestsPolicy m_insecureRequestsPolicy; 97 InsecureRequestsPolicy m_insecureRequestsPolicy;
98 InsecureNavigationsSet m_insecureNavigationsToUpgrade;
91 }; 99 };
92 100
93 } // namespace blink 101 } // namespace blink
94 102
95 #endif // SecurityContext_h 103 #endif // SecurityContext_h
OLDNEW
« no previous file with comments | « Source/core/dom/DocumentInit.cpp ('k') | Source/core/frame/csp/ContentSecurityPolicy.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698