OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Google Inc. All rights reserved. | 2 * Copyright (C) 2011 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * | 7 * |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 16 matching lines...) Expand all Loading... |
27 */ | 27 */ |
28 | 28 |
29 #include "config.h" | 29 #include "config.h" |
30 #include "platform/weborigin/SecurityPolicy.h" | 30 #include "platform/weborigin/SecurityPolicy.h" |
31 | 31 |
32 #include "platform/RuntimeEnabledFeatures.h" | 32 #include "platform/RuntimeEnabledFeatures.h" |
33 #include "platform/weborigin/KURL.h" | 33 #include "platform/weborigin/KURL.h" |
34 #include "platform/weborigin/OriginAccessEntry.h" | 34 #include "platform/weborigin/OriginAccessEntry.h" |
35 #include "platform/weborigin/SecurityOrigin.h" | 35 #include "platform/weborigin/SecurityOrigin.h" |
36 #include "wtf/HashMap.h" | 36 #include "wtf/HashMap.h" |
| 37 #include "wtf/HashSet.h" |
37 #include "wtf/MainThread.h" | 38 #include "wtf/MainThread.h" |
38 #include "wtf/OwnPtr.h" | 39 #include "wtf/OwnPtr.h" |
39 #include "wtf/PassOwnPtr.h" | 40 #include "wtf/PassOwnPtr.h" |
40 #include "wtf/Threading.h" | 41 #include "wtf/Threading.h" |
41 #include "wtf/text/StringHash.h" | 42 #include "wtf/text/StringHash.h" |
42 | 43 |
43 namespace blink { | 44 namespace blink { |
44 | 45 |
45 typedef Vector<OriginAccessEntry> OriginAccessWhiteList; | 46 using OriginAccessWhiteList = Vector<OriginAccessEntry>; |
46 typedef HashMap<String, OwnPtr<OriginAccessWhiteList>> OriginAccessMap; | 47 using OriginAccessMap = HashMap<String, OwnPtr<OriginAccessWhiteList>>; |
| 48 using OriginSet = HashSet<String>; |
47 | 49 |
48 static OriginAccessMap& originAccessMap() | 50 static OriginAccessMap& originAccessMap() |
49 { | 51 { |
50 AtomicallyInitializedStaticReference(OriginAccessMap, originAccessMap, new O
riginAccessMap); | 52 AtomicallyInitializedStaticReference(OriginAccessMap, originAccessMap, new O
riginAccessMap); |
51 return originAccessMap; | 53 return originAccessMap; |
52 } | 54 } |
53 | 55 |
| 56 static OriginSet& trustworthyOriginSet() |
| 57 { |
| 58 DEFINE_STATIC_LOCAL(OriginSet, trustworthyOriginSet, ()); |
| 59 return trustworthyOriginSet; |
| 60 } |
| 61 |
54 bool SecurityPolicy::shouldHideReferrer(const KURL& url, const String& referrer) | 62 bool SecurityPolicy::shouldHideReferrer(const KURL& url, const String& referrer) |
55 { | 63 { |
56 bool referrerIsSecureURL = protocolIs(referrer, "https"); | 64 bool referrerIsSecureURL = protocolIs(referrer, "https"); |
57 bool referrerIsWebURL = referrerIsSecureURL || protocolIs(referrer, "http"); | 65 bool referrerIsWebURL = referrerIsSecureURL || protocolIs(referrer, "http"); |
58 | 66 |
59 if (!referrerIsWebURL) | 67 if (!referrerIsWebURL) |
60 return true; | 68 return true; |
61 | 69 |
62 if (!referrerIsSecureURL) | 70 if (!referrerIsSecureURL) |
63 return false; | 71 return false; |
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
109 } | 117 } |
110 break; | 118 break; |
111 } | 119 } |
112 case ReferrerPolicyNoReferrerWhenDowngrade: | 120 case ReferrerPolicyNoReferrerWhenDowngrade: |
113 break; | 121 break; |
114 } | 122 } |
115 | 123 |
116 return Referrer(shouldHideReferrer(url, referrer) ? String() : referrer, ref
errerPolicy); | 124 return Referrer(shouldHideReferrer(url, referrer) ? String() : referrer, ref
errerPolicy); |
117 } | 125 } |
118 | 126 |
| 127 void SecurityPolicy::addOriginTrustworthyWhiteList(PassRefPtr<SecurityOrigin> or
igin) |
| 128 { |
| 129 // Must be called before we start other threads. |
| 130 ASSERT(WTF::isBeforeThreadCreated()); |
| 131 if (origin->isUnique()) |
| 132 return; |
| 133 trustworthyOriginSet().add(origin->toRawString()); |
| 134 } |
| 135 |
| 136 bool SecurityPolicy::isOriginWhiteListedTrustworthy(const SecurityOrigin& origin
) |
| 137 { |
| 138 if (origin.isUnique()) |
| 139 return false; |
| 140 return trustworthyOriginSet().contains(origin.toRawString()); |
| 141 } |
| 142 |
119 bool SecurityPolicy::isAccessWhiteListed(const SecurityOrigin* activeOrigin, con
st SecurityOrigin* targetOrigin) | 143 bool SecurityPolicy::isAccessWhiteListed(const SecurityOrigin* activeOrigin, con
st SecurityOrigin* targetOrigin) |
120 { | 144 { |
121 if (OriginAccessWhiteList* list = originAccessMap().get(activeOrigin->toStri
ng())) { | 145 if (OriginAccessWhiteList* list = originAccessMap().get(activeOrigin->toStri
ng())) { |
122 for (size_t i = 0; i < list->size(); ++i) { | 146 for (size_t i = 0; i < list->size(); ++i) { |
123 if (list->at(i).matchesOrigin(*targetOrigin) != OriginAccessEntry::D
oesNotMatchOrigin) | 147 if (list->at(i).matchesOrigin(*targetOrigin) != OriginAccessEntry::D
oesNotMatchOrigin) |
124 return true; | 148 return true; |
125 } | 149 } |
126 } | 150 } |
127 return false; | 151 return false; |
128 } | 152 } |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
173 map.remove(it); | 197 map.remove(it); |
174 } | 198 } |
175 | 199 |
176 void SecurityPolicy::resetOriginAccessWhitelists() | 200 void SecurityPolicy::resetOriginAccessWhitelists() |
177 { | 201 { |
178 ASSERT(isMainThread()); | 202 ASSERT(isMainThread()); |
179 originAccessMap().clear(); | 203 originAccessMap().clear(); |
180 } | 204 } |
181 | 205 |
182 } // namespace blink | 206 } // namespace blink |
OLD | NEW |