OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2011 Google Inc. All rights reserved. | 2 * Copyright (C) 2011 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * | 7 * |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 16 matching lines...) Expand all Loading... | |
27 */ | 27 */ |
28 | 28 |
29 #include "config.h" | 29 #include "config.h" |
30 #include "platform/weborigin/SecurityPolicy.h" | 30 #include "platform/weborigin/SecurityPolicy.h" |
31 | 31 |
32 #include "platform/RuntimeEnabledFeatures.h" | 32 #include "platform/RuntimeEnabledFeatures.h" |
33 #include "platform/weborigin/KURL.h" | 33 #include "platform/weborigin/KURL.h" |
34 #include "platform/weborigin/OriginAccessEntry.h" | 34 #include "platform/weborigin/OriginAccessEntry.h" |
35 #include "platform/weborigin/SecurityOrigin.h" | 35 #include "platform/weborigin/SecurityOrigin.h" |
36 #include "wtf/HashMap.h" | 36 #include "wtf/HashMap.h" |
37 #include "wtf/HashSet.h" | |
37 #include "wtf/MainThread.h" | 38 #include "wtf/MainThread.h" |
38 #include "wtf/OwnPtr.h" | 39 #include "wtf/OwnPtr.h" |
39 #include "wtf/PassOwnPtr.h" | 40 #include "wtf/PassOwnPtr.h" |
40 #include "wtf/Threading.h" | 41 #include "wtf/Threading.h" |
41 #include "wtf/text/StringHash.h" | 42 #include "wtf/text/StringHash.h" |
42 | 43 |
43 namespace blink { | 44 namespace blink { |
44 | 45 |
45 typedef Vector<OriginAccessEntry> OriginAccessWhiteList; | 46 using OriginAccessWhiteList = Vector<OriginAccessEntry>; |
46 typedef HashMap<String, OwnPtr<OriginAccessWhiteList>> OriginAccessMap; | 47 using OriginAccessMap = HashMap<String, OwnPtr<OriginAccessWhiteList>>; |
48 using OriginSet = HashSet<String>; | |
47 | 49 |
48 static OriginAccessMap& originAccessMap() | 50 static OriginAccessMap& originAccessMap() |
49 { | 51 { |
50 AtomicallyInitializedStaticReference(OriginAccessMap, originAccessMap, new O riginAccessMap); | 52 AtomicallyInitializedStaticReference(OriginAccessMap, originAccessMap, new O riginAccessMap); |
51 return originAccessMap; | 53 return originAccessMap; |
52 } | 54 } |
53 | 55 |
56 static OriginSet& trustworthyOriginSet() | |
57 { | |
58 DEFINE_STATIC_LOCAL(OriginSet, trustworthyOriginSet, ()); | |
59 return trustworthyOriginSet; | |
60 } | |
61 | |
54 bool SecurityPolicy::shouldHideReferrer(const KURL& url, const String& referrer) | 62 bool SecurityPolicy::shouldHideReferrer(const KURL& url, const String& referrer) |
55 { | 63 { |
56 bool referrerIsSecureURL = protocolIs(referrer, "https"); | 64 bool referrerIsSecureURL = protocolIs(referrer, "https"); |
57 bool referrerIsWebURL = referrerIsSecureURL || protocolIs(referrer, "http"); | 65 bool referrerIsWebURL = referrerIsSecureURL || protocolIs(referrer, "http"); |
58 | 66 |
59 if (!referrerIsWebURL) | 67 if (!referrerIsWebURL) |
60 return true; | 68 return true; |
61 | 69 |
62 if (!referrerIsSecureURL) | 70 if (!referrerIsSecureURL) |
63 return false; | 71 return false; |
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
109 } | 117 } |
110 break; | 118 break; |
111 } | 119 } |
112 case ReferrerPolicyNoReferrerWhenDowngrade: | 120 case ReferrerPolicyNoReferrerWhenDowngrade: |
113 break; | 121 break; |
114 } | 122 } |
115 | 123 |
116 return Referrer(shouldHideReferrer(url, referrer) ? String() : referrer, ref errerPolicy); | 124 return Referrer(shouldHideReferrer(url, referrer) ? String() : referrer, ref errerPolicy); |
117 } | 125 } |
118 | 126 |
127 void SecurityPolicy::addOriginTrustworthyWhiteList(const SecurityOrigin& origin) | |
128 { | |
129 // Must be called before we start other threads. | |
Mike West
2015/04/20 09:25:00
One of the use-cases is devtools, right? Would we
kinuko
2015/04/20 15:43:18
Yup, the plan is not clear yet but if we support t
| |
130 ASSERT(WTF::isBeforeThreadCreated()); | |
131 if (origin.isUnique()) | |
132 return; | |
133 trustworthyOriginSet().add(origin.toRawString()); | |
134 } | |
135 | |
136 bool SecurityPolicy::isOriginWhiteListedTrustworthy(const SecurityOrigin& origin ) | |
137 { | |
138 if (origin.isUnique()) | |
139 return false; | |
140 return trustworthyOriginSet().contains(origin.toRawString()); | |
Mike West
2015/04/20 09:25:00
Hrm. Why store this as a String and not a Security
kinuko
2015/04/20 15:43:18
What we want to compare in the end is a tuple of '
| |
141 } | |
142 | |
119 bool SecurityPolicy::isAccessWhiteListed(const SecurityOrigin* activeOrigin, con st SecurityOrigin* targetOrigin) | 143 bool SecurityPolicy::isAccessWhiteListed(const SecurityOrigin* activeOrigin, con st SecurityOrigin* targetOrigin) |
120 { | 144 { |
121 if (OriginAccessWhiteList* list = originAccessMap().get(activeOrigin->toStri ng())) { | 145 if (OriginAccessWhiteList* list = originAccessMap().get(activeOrigin->toStri ng())) { |
122 for (size_t i = 0; i < list->size(); ++i) { | 146 for (size_t i = 0; i < list->size(); ++i) { |
123 if (list->at(i).matchesOrigin(*targetOrigin) != OriginAccessEntry::D oesNotMatchOrigin) | 147 if (list->at(i).matchesOrigin(*targetOrigin) != OriginAccessEntry::D oesNotMatchOrigin) |
124 return true; | 148 return true; |
125 } | 149 } |
126 } | 150 } |
127 return false; | 151 return false; |
128 } | 152 } |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
173 map.remove(it); | 197 map.remove(it); |
174 } | 198 } |
175 | 199 |
176 void SecurityPolicy::resetOriginAccessWhitelists() | 200 void SecurityPolicy::resetOriginAccessWhitelists() |
177 { | 201 { |
178 ASSERT(isMainThread()); | 202 ASSERT(isMainThread()); |
179 originAccessMap().clear(); | 203 originAccessMap().clear(); |
180 } | 204 } |
181 | 205 |
182 } // namespace blink | 206 } // namespace blink |
OLD | NEW |