OLD | NEW |
(Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "content/public/common/origin_util.h" |
| 6 |
| 7 #include "base/lazy_instance.h" |
| 8 #include "base/stl_util.h" |
| 9 #include "content/public/common/content_client.h" |
| 10 #include "net/base/net_util.h" |
| 11 #include "url/gurl.h" |
| 12 |
| 13 namespace content { |
| 14 |
| 15 namespace { |
| 16 |
| 17 class SecureSchemeAndOriginSet { |
| 18 public: |
| 19 SecureSchemeAndOriginSet() { Reset(); } |
| 20 ~SecureSchemeAndOriginSet() {} |
| 21 |
| 22 void Reset() { |
| 23 GetContentClient()->AddSecureSchemesAndOrigins(&schemes_, &origins_); |
| 24 } |
| 25 |
| 26 const std::set<std::string>& schemes() const { return schemes_; } |
| 27 const std::set<GURL>& origins() const { return origins_; } |
| 28 |
| 29 private: |
| 30 std::set<std::string> schemes_; |
| 31 std::set<GURL> origins_; |
| 32 DISALLOW_COPY_AND_ASSIGN(SecureSchemeAndOriginSet); |
| 33 }; |
| 34 |
| 35 base::LazyInstance<SecureSchemeAndOriginSet>::Leaky g_trustworthy_whitelist = |
| 36 LAZY_INSTANCE_INITIALIZER; |
| 37 |
| 38 } // namespace |
| 39 |
| 40 bool IsOriginSecure(const GURL& url) { |
| 41 if (url.SchemeIsCryptographic() || url.SchemeIsFile()) |
| 42 return true; |
| 43 |
| 44 if (url.SchemeIsFileSystem() && url.inner_url() && |
| 45 IsOriginSecure(*url.inner_url())) { |
| 46 return true; |
| 47 } |
| 48 |
| 49 std::string hostname = url.HostNoBrackets(); |
| 50 if (net::IsLocalhost(hostname)) |
| 51 return true; |
| 52 |
| 53 if (ContainsKey(g_trustworthy_whitelist.Get().schemes(), url.scheme())) |
| 54 return true; |
| 55 |
| 56 if (ContainsKey(g_trustworthy_whitelist.Get().origins(), url.GetOrigin())) |
| 57 return true; |
| 58 |
| 59 return false; |
| 60 } |
| 61 |
| 62 } // namespace content |
OLD | NEW |