Support whitelisting to handle insecure origins as trustworthy origins (blink)

Source/platform/weborigin/SecurityPolicy.cpp

Index: Source/platform/weborigin/SecurityPolicy.cpp
diff --git a/Source/platform/weborigin/SecurityPolicy.cpp b/Source/platform/weborigin/SecurityPolicy.cpp
index 75508c58fafa23b70d4cdbf8b5b300142ecc14be..5fc6d8b941abf4b60236e36b32243eea13352bd0 100644
--- a/Source/platform/weborigin/SecurityPolicy.cpp
+++ b/Source/platform/weborigin/SecurityPolicy.cpp
@@ -34,6 +34,7 @@
 #include "platform/weborigin/OriginAccessEntry.h"
 #include "platform/weborigin/SecurityOrigin.h"
 #include "wtf/HashMap.h"
+#include "wtf/HashSet.h"
 #include "wtf/MainThread.h"
 #include "wtf/OwnPtr.h"
 #include "wtf/PassOwnPtr.h"
@@ -42,8 +43,9 @@
 
 namespace blink {
 
-typedef Vector<OriginAccessEntry> OriginAccessWhiteList;
-typedef HashMap<String, OwnPtr<OriginAccessWhiteList>> OriginAccessMap;
+using OriginAccessWhiteList = Vector<OriginAccessEntry>;
+using OriginAccessMap = HashMap<String, OwnPtr<OriginAccessWhiteList>>;
+using OriginSet = HashSet<String>;
 
 static OriginAccessMap& originAccessMap()
 {
@@ -51,6 +53,12 @@ static OriginAccessMap& originAccessMap()
     return originAccessMap;
 }
 
+static OriginSet& trustworthyOriginSet()
+{
+    DEFINE_STATIC_LOCAL(OriginSet, trustworthyOriginSet, ());
+    return trustworthyOriginSet;
+}
+
 bool SecurityPolicy::shouldHideReferrer(const KURL& url, const String& referrer)
 {
     bool referrerIsSecureURL = protocolIs(referrer, "https");
@@ -116,6 +124,22 @@ Referrer SecurityPolicy::generateReferrer(ReferrerPolicy referrerPolicy, const K
     return Referrer(shouldHideReferrer(url, referrer) ? String() : referrer, referrerPolicy);
 }
 
+void SecurityPolicy::addOriginTrustworthyWhiteList(const SecurityOrigin& origin)
+{
+    // Must be called before we start other threads.

[Mike West, 2015/04/20 09:25:00]

One of the use-cases is devtools, right? Would we be able to reuse this
mechanism to whitelist origins via devtools, or will that need to go a separate
route?

[kinuko, 2015/04/20 15:43:18]

Yup, the plan is not clear yet but if we support the use case in DevTools we'll
likely use this mechanism.  When we do so we can easily change this part (by
introducing lock etc), so I prefer keeping this simple until then. (The PS4 is
using lock for reference)

+    ASSERT(WTF::isBeforeThreadCreated());
+    if (origin.isUnique())
+        return;
+    trustworthyOriginSet().add(origin.toRawString());
+}
+
+bool SecurityPolicy::isOriginWhiteListedTrustworthy(const SecurityOrigin& origin)
+{
+    if (origin.isUnique())
+        return false;
+    return trustworthyOriginSet().contains(origin.toRawString());

[Mike West, 2015/04/20 09:25:00]

Hrm. Why store this as a String and not a SecurityOrigin?

[kinuko, 2015/04/20 15:43:18]

What we want to compare in the end is a tuple of 'scheme, host, port', and using
String seems easiest for origin matching with HashSet.  Also I felt storing
RefPtr<SecurityOrigin> is a bit overkill. (I could be convinced though)

+}
+
 bool SecurityPolicy::isAccessWhiteListed(const SecurityOrigin* activeOrigin, const SecurityOrigin* targetOrigin)
 {
     if (OriginAccessWhiteList* list = originAccessMap().get(activeOrigin->toString())) {