Support whitelisting to handle insecure origins as trustworthy origins (blink)

Source/platform/weborigin/SecurityPolicy.cpp

 /*
  * Copyright (C) 2011 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1.  Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  * 2.  Redistributions in binary form must reproduce the above copyright
@@ skipping 16 matching lines @@
  */
 
 #include "config.h"
 #include "platform/weborigin/SecurityPolicy.h"
 
 #include "platform/RuntimeEnabledFeatures.h"
 #include "platform/weborigin/KURL.h"
 #include "platform/weborigin/OriginAccessEntry.h"
 #include "platform/weborigin/SecurityOrigin.h"
 #include "wtf/HashMap.h"
+#include "wtf/HashSet.h"
 #include "wtf/MainThread.h"
 #include "wtf/OwnPtr.h"
 #include "wtf/PassOwnPtr.h"
 #include "wtf/Threading.h"
 #include "wtf/text/StringHash.h"
 
 namespace blink {
 
-typedef Vector<OriginAccessEntry> OriginAccessWhiteList;
-typedef HashMap<String, OwnPtr<OriginAccessWhiteList>> OriginAccessMap;
+using OriginAccessWhiteList = Vector<OriginAccessEntry>;
+using OriginAccessMap = HashMap<String, OwnPtr<OriginAccessWhiteList>>;
+using OriginSet = HashSet<String>;
 
 static OriginAccessMap& originAccessMap()
 {
     AtomicallyInitializedStaticReference(OriginAccessMap, originAccessMap, new OriginAccessMap);
     return originAccessMap;
 }
 
+static OriginSet& trustworthyOriginSet()
+{
+    DEFINE_STATIC_LOCAL(OriginSet, trustworthyOriginSet, ());
+    return trustworthyOriginSet;
+}
+
 bool SecurityPolicy::shouldHideReferrer(const KURL& url, const String& referrer)
 {
     bool referrerIsSecureURL = protocolIs(referrer, "https");
     bool referrerIsWebURL = referrerIsSecureURL || protocolIs(referrer, "http");
 
     if (!referrerIsWebURL)
         return true;
 
     if (!referrerIsSecureURL)
         return false;
@@ skipping 45 matching lines @@
         }
         break;
     }
     case ReferrerPolicyNoReferrerWhenDowngrade:
         break;
     }
 
     return Referrer(shouldHideReferrer(url, referrer) ? String() : referrer, referrerPolicy);
 }
 
+void SecurityPolicy::addOriginTrustworthyWhiteList(PassRefPtr<SecurityOrigin> origin)
+{
+    // Must be called before we start other threads.
+    ASSERT(WTF::isBeforeThreadCreated());
+    if (origin->isUnique())
+        return;
+    trustworthyOriginSet().add(origin->toRawString());
+}
+
+bool SecurityPolicy::isOriginWhiteListedTrustworthy(const SecurityOrigin& origin)
+{
+    if (origin.isUnique())
+        return false;
+    return trustworthyOriginSet().contains(origin.toRawString());
+}
+
 bool SecurityPolicy::isAccessWhiteListed(const SecurityOrigin* activeOrigin, const SecurityOrigin* targetOrigin)
 {
     if (OriginAccessWhiteList* list = originAccessMap().get(activeOrigin->toString())) {
         for (size_t i = 0; i < list->size();  ++i) {
             if (list->at(i).matchesOrigin(*targetOrigin) != OriginAccessEntry::DoesNotMatchOrigin)
                 return true;
         }
     }
     return false;
 }
@@ skipping 44 matching lines @@
         map.remove(it);
 }
 
 void SecurityPolicy::resetOriginAccessWhitelists()
 {
     ASSERT(isMainThread());
     originAccessMap().clear();
 }
 
 } // namespace blink