OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Google Inc. All Rights Reserved. | 2 * Copyright (C) 2011 Google Inc. All Rights Reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 11 matching lines...) Expand all Loading... |
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
24 * | 24 * |
25 */ | 25 */ |
26 | 26 |
27 #ifndef SecurityContext_h | 27 #ifndef SecurityContext_h |
28 #define SecurityContext_h | 28 #define SecurityContext_h |
29 | 29 |
30 #include "core/CoreExport.h" | 30 #include "core/CoreExport.h" |
31 #include "core/dom/SandboxFlags.h" | 31 #include "core/dom/SandboxFlags.h" |
| 32 #include "wtf/HashSet.h" |
32 #include "wtf/Noncopyable.h" | 33 #include "wtf/Noncopyable.h" |
33 #include "wtf/PassRefPtr.h" | 34 #include "wtf/PassRefPtr.h" |
34 #include "wtf/RefPtr.h" | 35 #include "wtf/RefPtr.h" |
| 36 #include "wtf/text/StringHash.h" |
35 #include "wtf/text/WTFString.h" | 37 #include "wtf/text/WTFString.h" |
36 | 38 |
37 namespace blink { | 39 namespace blink { |
38 | 40 |
39 class SecurityOrigin; | 41 class SecurityOrigin; |
40 class ContentSecurityPolicy; | 42 class ContentSecurityPolicy; |
41 class KURL; | 43 class KURL; |
42 | 44 |
43 class CORE_EXPORT SecurityContext { | 45 class CORE_EXPORT SecurityContext { |
44 WTF_MAKE_NONCOPYABLE(SecurityContext); | 46 WTF_MAKE_NONCOPYABLE(SecurityContext); |
45 public: | 47 public: |
| 48 using InsecureNavigationsSet = HashSet<unsigned, WTF::AlreadyHashed>; |
| 49 |
46 // The ordering here is important: 'Upgrade' overrides 'DoNotUpgrade'. | 50 // The ordering here is important: 'Upgrade' overrides 'DoNotUpgrade'. |
47 enum InsecureRequestsPolicy { | 51 enum InsecureRequestsPolicy { |
48 InsecureRequestsDoNotUpgrade = 0, | 52 InsecureRequestsDoNotUpgrade = 0, |
49 InsecureRequestsUpgrade | 53 InsecureRequestsUpgrade |
50 }; | 54 }; |
51 | 55 |
52 SecurityOrigin* securityOrigin() const { return m_securityOrigin.get(); } | 56 SecurityOrigin* securityOrigin() const { return m_securityOrigin.get(); } |
53 ContentSecurityPolicy* contentSecurityPolicy() const { return m_contentSecur
ityPolicy.get(); } | 57 ContentSecurityPolicy* contentSecurityPolicy() const { return m_contentSecur
ityPolicy.get(); } |
54 | 58 |
55 bool isSecureTransitionTo(const KURL&) const; | 59 bool isSecureTransitionTo(const KURL&) const; |
56 | 60 |
57 // Explicitly override the security origin for this security context. | 61 // Explicitly override the security origin for this security context. |
58 // Note: It is dangerous to change the security origin of a script context | 62 // Note: It is dangerous to change the security origin of a script context |
59 // that already contains content. | 63 // that already contains content. |
60 void setSecurityOrigin(PassRefPtr<SecurityOrigin>); | 64 void setSecurityOrigin(PassRefPtr<SecurityOrigin>); |
61 virtual void didUpdateSecurityOrigin() = 0; | 65 virtual void didUpdateSecurityOrigin() = 0; |
62 | 66 |
63 SandboxFlags sandboxFlags() const { return m_sandboxFlags; } | 67 SandboxFlags sandboxFlags() const { return m_sandboxFlags; } |
64 bool isSandboxed(SandboxFlags mask) const { return m_sandboxFlags & mask; } | 68 bool isSandboxed(SandboxFlags mask) const { return m_sandboxFlags & mask; } |
65 void enforceSandboxFlags(SandboxFlags mask); | 69 void enforceSandboxFlags(SandboxFlags mask); |
66 | 70 |
67 void setHostedInReservedIPRange() { m_hostedInReservedIPRange = true; } | 71 void setHostedInReservedIPRange() { m_hostedInReservedIPRange = true; } |
68 bool isHostedInReservedIPRange() const { return m_hostedInReservedIPRange; } | 72 bool isHostedInReservedIPRange() const { return m_hostedInReservedIPRange; } |
69 | 73 |
70 void setInsecureRequestsPolicy(InsecureRequestsPolicy policy) { m_insecureRe
questsPolicy = policy; } | 74 void setInsecureRequestsPolicy(InsecureRequestsPolicy policy) { m_insecureRe
questsPolicy = policy; } |
71 InsecureRequestsPolicy insecureRequestsPolicy() const { return m_insecureReq
uestsPolicy; } | 75 InsecureRequestsPolicy insecureRequestsPolicy() const { return m_insecureReq
uestsPolicy; } |
72 | 76 |
| 77 void addInsecureNavigationUpgrade(unsigned hashedHost) { m_insecureNavigatio
nsToUpgrade.add(hashedHost); } |
| 78 InsecureNavigationsSet* insecureNavigationsToUpgrade() { return &m_insecureN
avigationsToUpgrade; } |
| 79 |
73 protected: | 80 protected: |
74 SecurityContext(); | 81 SecurityContext(); |
75 virtual ~SecurityContext(); | 82 virtual ~SecurityContext(); |
76 | 83 |
77 void setContentSecurityPolicy(PassRefPtr<ContentSecurityPolicy>); | 84 void setContentSecurityPolicy(PassRefPtr<ContentSecurityPolicy>); |
78 | 85 |
79 void didFailToInitializeSecurityOrigin() { m_haveInitializedSecurityOrigin =
false; } | 86 void didFailToInitializeSecurityOrigin() { m_haveInitializedSecurityOrigin =
false; } |
80 bool haveInitializedSecurityOrigin() const { return m_haveInitializedSecurit
yOrigin; } | 87 bool haveInitializedSecurityOrigin() const { return m_haveInitializedSecurit
yOrigin; } |
81 | 88 |
82 private: | 89 private: |
83 bool m_haveInitializedSecurityOrigin; | 90 bool m_haveInitializedSecurityOrigin; |
84 RefPtr<SecurityOrigin> m_securityOrigin; | 91 RefPtr<SecurityOrigin> m_securityOrigin; |
85 RefPtr<ContentSecurityPolicy> m_contentSecurityPolicy; | 92 RefPtr<ContentSecurityPolicy> m_contentSecurityPolicy; |
86 | 93 |
87 SandboxFlags m_sandboxFlags; | 94 SandboxFlags m_sandboxFlags; |
88 | 95 |
89 bool m_hostedInReservedIPRange; | 96 bool m_hostedInReservedIPRange; |
90 InsecureRequestsPolicy m_insecureRequestsPolicy; | 97 InsecureRequestsPolicy m_insecureRequestsPolicy; |
| 98 InsecureNavigationsSet m_insecureNavigationsToUpgrade; |
91 }; | 99 }; |
92 | 100 |
93 } // namespace blink | 101 } // namespace blink |
94 | 102 |
95 #endif // SecurityContext_h | 103 #endif // SecurityContext_h |
OLD | NEW |