OLD | NEW |
---|---|
1 // Copyright (c) 2015 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/common/origin_util.h" | 5 #include "chrome/common/origin_util.h" |
6 | 6 |
7 #include <set> | |
8 | |
9 #include "base/command_line.h" | |
10 #include "base/lazy_instance.h" | |
11 #include "base/stl_util.h" | |
12 #include "base/strings/string_split.h" | |
13 #include "base/threading/thread_local.h" | |
14 #include "chrome/common/chrome_switches.h" | |
15 #include "content/public/common/origin_util.h" | |
7 #include "content/public/common/url_constants.h" | 16 #include "content/public/common/url_constants.h" |
8 #include "extensions/common/constants.h" | 17 #include "extensions/common/constants.h" |
9 #include "net/base/net_util.h" | |
10 #include "url/gurl.h" | 18 #include "url/gurl.h" |
11 | 19 |
20 namespace { | |
21 | |
22 using OriginSet = std::set<GURL>; | |
23 | |
24 base::LazyInstance<base::ThreadLocalPointer<OriginSet>>::Leaky | |
25 g_origin_whitelist = LAZY_INSTANCE_INITIALIZER; | |
26 | |
27 } // namespace | |
28 | |
12 bool IsOriginSecure(const GURL& url) { | 29 bool IsOriginSecure(const GURL& url) { |
13 if (url.SchemeUsesTLS() || url.SchemeIsFile()) | 30 if (content::IsOriginSecure(url)) |
palmer
2015/04/20 22:16:18
No, please don't add a |content::IsOriginSecure|.
kinuko
2015/04/21 12:26:07
Hmm, the discussion there seems very relevant here
kinuko
2015/04/21 16:15:48
Moved this completely to //content (so the name co
| |
14 return true; | 31 return true; |
15 | 32 |
16 if (url.SchemeIsFileSystem() && url.inner_url() && | 33 // Do additional check for chrome schemes. |
17 IsOriginSecure(*url.inner_url())) { | |
18 return true; | |
19 } | |
20 | |
21 std::string hostname = url.HostNoBrackets(); | |
22 if (net::IsLocalhost(hostname)) | |
23 return true; | |
24 | |
25 std::string scheme = url.scheme(); | 34 std::string scheme = url.scheme(); |
26 if (scheme == content::kChromeUIScheme || | 35 if (scheme == content::kChromeUIScheme || |
27 scheme == extensions::kExtensionScheme || | 36 scheme == extensions::kExtensionScheme || |
28 scheme == extensions::kExtensionResourceScheme) { | 37 scheme == extensions::kExtensionResourceScheme) { |
29 return true; | 38 return true; |
30 } | 39 } |
31 | 40 |
41 // Do additional check for whitelisted origins. | |
42 if (ContainsKey(GetWhiteListedSecureOrigins(), url.GetOrigin())) | |
43 return true; | |
44 | |
32 return false; | 45 return false; |
33 } | 46 } |
47 | |
48 const OriginSet& GetWhiteListedSecureOrigins() { | |
palmer
2015/04/20 22:16:18
|GetWhiteListedSecureOrigins| and |ClearWhiteListe
kinuko
2015/04/21 16:15:48
This is added only for testing. I renamed this so
| |
49 OriginSet* whitelist = g_origin_whitelist.Pointer()->Get(); | |
50 if (!whitelist) { | |
51 whitelist = new OriginSet(); | |
52 g_origin_whitelist.Pointer()->Set(whitelist); | |
53 | |
54 // If kUnsafetyTreatInsecureOriginAsSecure option is given and | |
55 // kUserDataDir is present, add the given origins to the blink whitelist | |
56 // for handling them as trustworthy. | |
57 const base::CommandLine& command_line = | |
58 *base::CommandLine::ForCurrentProcess(); | |
59 if (command_line.HasSwitch( | |
60 switches::kUnsafetyTreatInsecureOriginAsSecure) && | |
61 command_line.HasSwitch(switches::kUserDataDir)) { | |
62 std::vector<std::string> origins; | |
63 base::SplitString(command_line.GetSwitchValueASCII( | |
64 switches::kUnsafetyTreatInsecureOriginAsSecure), ',', &origins); | |
65 for (const std::string& origin : origins) | |
palmer
2015/04/20 22:16:18
Nit: Maybe you can use auto here?
kinuko
2015/04/21 16:15:48
Done.
| |
66 whitelist->insert(GURL(origin).GetOrigin()); | |
67 } | |
68 } | |
69 return *whitelist; | |
70 } | |
71 | |
72 void ClearWhiteListedSecureOrigins() { | |
73 OriginSet* whitelist = g_origin_whitelist.Pointer()->Get(); | |
74 if (whitelist) { | |
75 delete whitelist; | |
76 g_origin_whitelist.Pointer()->Set(nullptr); | |
77 } | |
78 } | |
OLD | NEW |