Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(620)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: public/web/WebSecurityPolicy.h

Issue 1082173003: Support whitelisting to handle insecure origins as trustworthy origins (blink) (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: no lock (for now) Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « Source/web/WebSecurityPolicy.cpp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2009 Google Inc. All rights reserved. 2 * Copyright (C) 2009 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 18 matching lines...) Expand all
29 */ 29 */
30 30
31 #ifndef WebSecurityPolicy_h 31 #ifndef WebSecurityPolicy_h
32 #define WebSecurityPolicy_h 32 #define WebSecurityPolicy_h
33 33
34 #include "../platform/WebCommon.h" 34 #include "../platform/WebCommon.h"
35 #include "../platform/WebReferrerPolicy.h" 35 #include "../platform/WebReferrerPolicy.h"
36 36
37 namespace blink { 37 namespace blink {
38 38
39 class WebSecurityOrigin;
39 class WebString; 40 class WebString;
40 class WebURL; 41 class WebURL;
41 42
42 class WebSecurityPolicy { 43 class WebSecurityPolicy {
43 public: 44 public:
44 // Registers a URL scheme to be treated as a local scheme (i.e., with the 45 // Registers a URL scheme to be treated as a local scheme (i.e., with the
45 // same security rules as those applied to "file" URLs). This means that 46 // same security rules as those applied to "file" URLs). This means that
46 // normal pages cannot link to or access URLs of this scheme. 47 // normal pages cannot link to or access URLs of this scheme.
47 BLINK_EXPORT static void registerURLSchemeAsLocal(const WebString&); 48 BLINK_EXPORT static void registerURLSchemeAsLocal(const WebString&);
48 49
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after
93 94
94 // Support for whitelisting access to origins beyond the same-origin policy. 95 // Support for whitelisting access to origins beyond the same-origin policy.
95 BLINK_EXPORT static void addOriginAccessWhitelistEntry( 96 BLINK_EXPORT static void addOriginAccessWhitelistEntry(
96 const WebURL& sourceOrigin, const WebString& destinationProtocol, 97 const WebURL& sourceOrigin, const WebString& destinationProtocol,
97 const WebString& destinationHost, bool allowDestinationSubdomains); 98 const WebString& destinationHost, bool allowDestinationSubdomains);
98 BLINK_EXPORT static void removeOriginAccessWhitelistEntry( 99 BLINK_EXPORT static void removeOriginAccessWhitelistEntry(
99 const WebURL& sourceOrigin, const WebString& destinationProtocol, 100 const WebURL& sourceOrigin, const WebString& destinationProtocol,
100 const WebString& destinationHost, bool allowDestinationSubdomains); 101 const WebString& destinationHost, bool allowDestinationSubdomains);
101 BLINK_EXPORT static void resetOriginAccessWhitelists(); 102 BLINK_EXPORT static void resetOriginAccessWhitelists();
102 103
104 // Support for whitelisting origins to treat them as trustworthy.
105 BLINK_EXPORT static void addOriginTrustworthyWhiteList(const WebSecurityOrig in&);
106
103 // Returns the referrer modified according to the referrer policy for a 107 // Returns the referrer modified according to the referrer policy for a
104 // navigation to a given URL. If the referrer returned is empty, the 108 // navigation to a given URL. If the referrer returned is empty, the
105 // referrer header should be omitted. 109 // referrer header should be omitted.
106 BLINK_EXPORT static WebString generateReferrerHeader(WebReferrerPolicy, cons t WebURL&, const WebString& referrer); 110 BLINK_EXPORT static WebString generateReferrerHeader(WebReferrerPolicy, cons t WebURL&, const WebString& referrer);
107 111
108 // Registers an URL scheme to not allow manipulation of the loaded page 112 // Registers an URL scheme to not allow manipulation of the loaded page
109 // by bookmarklets or javascript: URLs typed in the omnibox. 113 // by bookmarklets or javascript: URLs typed in the omnibox.
110 BLINK_EXPORT static void registerURLSchemeAsNotAllowingJavascriptURLs(const WebString&); 114 BLINK_EXPORT static void registerURLSchemeAsNotAllowingJavascriptURLs(const WebString&);
111 115
112 private: 116 private:
113 WebSecurityPolicy(); 117 WebSecurityPolicy();
114 }; 118 };
115 119
116 } // namespace blink 120 } // namespace blink
117 121
118 #endif 122 #endif
OLDNEW
« no previous file with comments | « Source/web/WebSecurityPolicy.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698