Chromium Code Reviews Chromium Code Reviews
Issue 1082173003:
Support whitelisting to handle insecure origins as trustworthy origins (blink) (Closed)
Base URL: svn://svn.chromium.org/blink/trunk| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2009 Google Inc. All rights reserved. | 2 * Copyright (C) 2009 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 93 | 93 |
| 94 // Support for whitelisting access to origins beyond the same-origin policy. | 94 // Support for whitelisting access to origins beyond the same-origin policy. |
| 95 BLINK_EXPORT static void addOriginAccessWhitelistEntry( | 95 BLINK_EXPORT static void addOriginAccessWhitelistEntry( |
| 96 const WebURL& sourceOrigin, const WebString& destinationProtocol, | 96 const WebURL& sourceOrigin, const WebString& destinationProtocol, |
| 97 const WebString& destinationHost, bool allowDestinationSubdomains); | 97 const WebString& destinationHost, bool allowDestinationSubdomains); |
| 98 BLINK_EXPORT static void removeOriginAccessWhitelistEntry( | 98 BLINK_EXPORT static void removeOriginAccessWhitelistEntry( |
| 99 const WebURL& sourceOrigin, const WebString& destinationProtocol, | 99 const WebURL& sourceOrigin, const WebString& destinationProtocol, |
| 100 const WebString& destinationHost, bool allowDestinationSubdomains); | 100 const WebString& destinationHost, bool allowDestinationSubdomains); |
| 101 BLINK_EXPORT static void resetOriginAccessWhitelists(); | 101 BLINK_EXPORT static void resetOriginAccessWhitelists(); |
| 102 | 102 |
| 103 // Support for whitelisting origins to treat them as trustworthy. | |
| 104 BLINK_EXPORT static void addOriginTrustworthyWhiteList(const WebURL& origin) ; | |
|
Mike West
2015/04/20 09:25:00
Why not pass in a WebSecurityOrigin?
kinuko
2015/04/20 15:43:18
Done.
| |
| 105 | |
| 103 // Returns the referrer modified according to the referrer policy for a | 106 // Returns the referrer modified according to the referrer policy for a |
| 104 // navigation to a given URL. If the referrer returned is empty, the | 107 // navigation to a given URL. If the referrer returned is empty, the |
| 105 // referrer header should be omitted. | 108 // referrer header should be omitted. |
| 106 BLINK_EXPORT static WebString generateReferrerHeader(WebReferrerPolicy, cons t WebURL&, const WebString& referrer); | 109 BLINK_EXPORT static WebString generateReferrerHeader(WebReferrerPolicy, cons t WebURL&, const WebString& referrer); |
| 107 | 110 |
| 108 // Registers an URL scheme to not allow manipulation of the loaded page | 111 // Registers an URL scheme to not allow manipulation of the loaded page |
| 109 // by bookmarklets or javascript: URLs typed in the omnibox. | 112 // by bookmarklets or javascript: URLs typed in the omnibox. |
| 110 BLINK_EXPORT static void registerURLSchemeAsNotAllowingJavascriptURLs(const WebString&); | 113 BLINK_EXPORT static void registerURLSchemeAsNotAllowingJavascriptURLs(const WebString&); |
| 111 | 114 |
| 112 private: | 115 private: |
| 113 WebSecurityPolicy(); | 116 WebSecurityPolicy(); |
| 114 }; | 117 }; |
| 115 | 118 |
| 116 } // namespace blink | 119 } // namespace blink |
| 117 | 120 |
| 118 #endif | 121 #endif |
| OLD | NEW |
