| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2007 Apple Inc. All rights reserved. | 2 * Copyright (C) 2007 Apple Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * | 7 * |
| 8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
| (...skipping 11 matching lines...) Expand all Loading... |
| 22 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | 22 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
| 23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | 23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
| 24 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 24 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 27 */ | 27 */ |
| 28 | 28 |
| 29 #include "config.h" | 29 #include "config.h" |
| 30 #include "platform/weborigin/SecurityOrigin.h" | 30 #include "platform/weborigin/SecurityOrigin.h" |
| 31 | 31 |
| 32 #include "platform/RuntimeEnabledFeatures.h" |
| 32 #include "platform/weborigin/KURL.h" | 33 #include "platform/weborigin/KURL.h" |
| 33 #include "platform/weborigin/KnownPorts.h" | 34 #include "platform/weborigin/KnownPorts.h" |
| 34 #include "platform/weborigin/SchemeRegistry.h" | 35 #include "platform/weborigin/SchemeRegistry.h" |
| 35 #include "platform/weborigin/SecurityOriginCache.h" | 36 #include "platform/weborigin/SecurityOriginCache.h" |
| 36 #include "platform/weborigin/SecurityPolicy.h" | 37 #include "platform/weborigin/SecurityPolicy.h" |
| 37 #include "url/url_canon_ip.h" | 38 #include "url/url_canon_ip.h" |
| 38 #include "wtf/HexNumber.h" | 39 #include "wtf/HexNumber.h" |
| 39 #include "wtf/MainThread.h" | 40 #include "wtf/MainThread.h" |
| 41 #include "wtf/NotFound.h" |
| 40 #include "wtf/StdLibExtras.h" | 42 #include "wtf/StdLibExtras.h" |
| 41 #include "wtf/text/StringBuilder.h" | 43 #include "wtf/text/StringBuilder.h" |
| 42 | 44 |
| 43 namespace blink { | 45 namespace blink { |
| 44 | 46 |
| 45 const int InvalidPort = 0; | 47 const int InvalidPort = 0; |
| 46 const int MaxAllowedPort = 65535; | 48 const int MaxAllowedPort = 65535; |
| 47 | 49 |
| 48 static SecurityOriginCache* s_originCache = 0; | 50 static SecurityOriginCache* s_originCache = 0; |
| 49 | 51 |
| (...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 119 SecurityOrigin::SecurityOrigin(const KURL& url) | 121 SecurityOrigin::SecurityOrigin(const KURL& url) |
| 120 : m_protocol(url.protocol().isNull() ? "" : url.protocol().lower()) | 122 : m_protocol(url.protocol().isNull() ? "" : url.protocol().lower()) |
| 121 , m_host(url.host().isNull() ? "" : url.host().lower()) | 123 , m_host(url.host().isNull() ? "" : url.host().lower()) |
| 122 , m_port(url.port()) | 124 , m_port(url.port()) |
| 123 , m_isUnique(false) | 125 , m_isUnique(false) |
| 124 , m_universalAccess(false) | 126 , m_universalAccess(false) |
| 125 , m_domainWasSetInDOM(false) | 127 , m_domainWasSetInDOM(false) |
| 126 , m_enforceFilePathSeparation(false) | 128 , m_enforceFilePathSeparation(false) |
| 127 , m_needsDatabaseIdentifierQuirkForFiles(false) | 129 , m_needsDatabaseIdentifierQuirkForFiles(false) |
| 128 { | 130 { |
| 131 // Suborigins are serialized into the host, so extract it if necessary. |
| 132 String suboriginName; |
| 133 if (deserializeSuboriginAndHost(m_host, suboriginName, m_host)) |
| 134 addSuborigin(suboriginName); |
| 135 |
| 129 // document.domain starts as m_host, but can be set by the DOM. | 136 // document.domain starts as m_host, but can be set by the DOM. |
| 130 m_domain = m_host; | 137 m_domain = m_host; |
| 131 | 138 |
| 132 if (isDefaultPortForProtocol(m_port, m_protocol)) | 139 if (isDefaultPortForProtocol(m_port, m_protocol)) |
| 133 m_port = InvalidPort; | 140 m_port = InvalidPort; |
| 134 | 141 |
| 135 // By default, only local SecurityOrigins can load local resources. | 142 // By default, only local SecurityOrigins can load local resources. |
| 136 m_canLoadLocalResources = isLocal(); | 143 m_canLoadLocalResources = isLocal(); |
| 137 } | 144 } |
| 138 | 145 |
| 139 SecurityOrigin::SecurityOrigin() | 146 SecurityOrigin::SecurityOrigin() |
| 140 : m_protocol("") | 147 : m_protocol("") |
| 141 , m_host("") | 148 , m_host("") |
| 142 , m_domain("") | 149 , m_domain("") |
| 150 , m_suboriginName(WTF::String()) |
| 143 , m_port(InvalidPort) | 151 , m_port(InvalidPort) |
| 144 , m_isUnique(true) | 152 , m_isUnique(true) |
| 145 , m_universalAccess(false) | 153 , m_universalAccess(false) |
| 146 , m_domainWasSetInDOM(false) | 154 , m_domainWasSetInDOM(false) |
| 147 , m_canLoadLocalResources(false) | 155 , m_canLoadLocalResources(false) |
| 148 , m_enforceFilePathSeparation(false) | 156 , m_enforceFilePathSeparation(false) |
| 149 , m_needsDatabaseIdentifierQuirkForFiles(false) | 157 , m_needsDatabaseIdentifierQuirkForFiles(false) |
| 150 { | 158 { |
| 151 } | 159 } |
| 152 | 160 |
| 153 SecurityOrigin::SecurityOrigin(const SecurityOrigin* other) | 161 SecurityOrigin::SecurityOrigin(const SecurityOrigin* other) |
| 154 : m_protocol(other->m_protocol.isolatedCopy()) | 162 : m_protocol(other->m_protocol.isolatedCopy()) |
| 155 , m_host(other->m_host.isolatedCopy()) | 163 , m_host(other->m_host.isolatedCopy()) |
| 156 , m_domain(other->m_domain.isolatedCopy()) | 164 , m_domain(other->m_domain.isolatedCopy()) |
| 165 , m_suboriginName(other->m_suboriginName) |
| 157 , m_port(other->m_port) | 166 , m_port(other->m_port) |
| 158 , m_isUnique(other->m_isUnique) | 167 , m_isUnique(other->m_isUnique) |
| 159 , m_universalAccess(other->m_universalAccess) | 168 , m_universalAccess(other->m_universalAccess) |
| 160 , m_domainWasSetInDOM(other->m_domainWasSetInDOM) | 169 , m_domainWasSetInDOM(other->m_domainWasSetInDOM) |
| 161 , m_canLoadLocalResources(other->m_canLoadLocalResources) | 170 , m_canLoadLocalResources(other->m_canLoadLocalResources) |
| 162 , m_enforceFilePathSeparation(other->m_enforceFilePathSeparation) | 171 , m_enforceFilePathSeparation(other->m_enforceFilePathSeparation) |
| 163 , m_needsDatabaseIdentifierQuirkForFiles(other->m_needsDatabaseIdentifierQui
rkForFiles) | 172 , m_needsDatabaseIdentifierQuirkForFiles(other->m_needsDatabaseIdentifierQui
rkForFiles) |
| 164 { | 173 { |
| 165 } | 174 } |
| 166 | 175 |
| (...skipping 22 matching lines...) Expand all Loading... |
| 189 return adoptRef(new SecurityOrigin(url)); | 198 return adoptRef(new SecurityOrigin(url)); |
| 190 } | 199 } |
| 191 | 200 |
| 192 PassRefPtr<SecurityOrigin> SecurityOrigin::createUnique() | 201 PassRefPtr<SecurityOrigin> SecurityOrigin::createUnique() |
| 193 { | 202 { |
| 194 RefPtr<SecurityOrigin> origin = adoptRef(new SecurityOrigin()); | 203 RefPtr<SecurityOrigin> origin = adoptRef(new SecurityOrigin()); |
| 195 ASSERT(origin->isUnique()); | 204 ASSERT(origin->isUnique()); |
| 196 return origin.release(); | 205 return origin.release(); |
| 197 } | 206 } |
| 198 | 207 |
| 208 void SecurityOrigin::addSuborigin(const String& suborigin) |
| 209 { |
| 210 ASSERT(RuntimeEnabledFeatures::suboriginsEnabled()); |
| 211 // Changing suborigins midstream is bad. Very bad. It should not happen. |
| 212 // This is, in fact, one of the very basic invariants that makes suborigins |
| 213 // an effective security tool. |
| 214 RELEASE_ASSERT(m_suboriginName.isNull() || m_suboriginName == suborigin); |
| 215 m_suboriginName = suborigin; |
| 216 } |
| 217 |
| 199 PassRefPtr<SecurityOrigin> SecurityOrigin::isolatedCopy() const | 218 PassRefPtr<SecurityOrigin> SecurityOrigin::isolatedCopy() const |
| 200 { | 219 { |
| 201 return adoptRef(new SecurityOrigin(this)); | 220 return adoptRef(new SecurityOrigin(this)); |
| 202 } | 221 } |
| 203 | 222 |
| 204 void SecurityOrigin::setDomainFromDOM(const String& newDomain) | 223 void SecurityOrigin::setDomainFromDOM(const String& newDomain) |
| 205 { | 224 { |
| 206 m_domainWasSetInDOM = true; | 225 m_domainWasSetInDOM = true; |
| 207 m_domain = newDomain.lower(); | 226 m_domain = newDomain.lower(); |
| 208 } | 227 } |
| (...skipping 250 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 459 String SecurityOrigin::toRawString() const | 478 String SecurityOrigin::toRawString() const |
| 460 { | 479 { |
| 461 if (m_protocol == "file") | 480 if (m_protocol == "file") |
| 462 return "file://"; | 481 return "file://"; |
| 463 | 482 |
| 464 StringBuilder result; | 483 StringBuilder result; |
| 465 buildRawString(result); | 484 buildRawString(result); |
| 466 return result.toString(); | 485 return result.toString(); |
| 467 } | 486 } |
| 468 | 487 |
| 488 // Returns true if and only if a suborigin component was found. If false, no |
| 489 // guarantees about the return value |suboriginName| are made. |
| 490 bool SecurityOrigin::deserializeSuboriginAndHost(const String& oldHost, String&
suboriginName, String& newHost) |
| 491 { |
| 492 if (!RuntimeEnabledFeatures::suboriginsEnabled()) |
| 493 return false; |
| 494 |
| 495 size_t suboriginEnd = oldHost.find('_'); |
| 496 // Suborigins cannot be empty |
| 497 if (suboriginEnd == 0 || suboriginEnd == WTF::kNotFound) |
| 498 return false; |
| 499 |
| 500 suboriginName = oldHost.substring(0, suboriginEnd); |
| 501 newHost = oldHost.substring(suboriginEnd + 1); |
| 502 |
| 503 return true; |
| 504 } |
| 505 |
| 506 |
| 469 AtomicString SecurityOrigin::toRawAtomicString() const | 507 AtomicString SecurityOrigin::toRawAtomicString() const |
| 470 { | 508 { |
| 471 if (m_protocol == "file") | 509 if (m_protocol == "file") |
| 472 return AtomicString("file://", AtomicString::ConstructFromLiteral); | 510 return AtomicString("file://", AtomicString::ConstructFromLiteral); |
| 473 | 511 |
| 474 StringBuilder result; | 512 StringBuilder result; |
| 475 buildRawString(result); | 513 buildRawString(result); |
| 476 return result.toAtomicString(); | 514 return result.toAtomicString(); |
| 477 } | 515 } |
| 478 | 516 |
| 479 inline void SecurityOrigin::buildRawString(StringBuilder& builder) const | 517 void SecurityOrigin::buildRawString(StringBuilder& builder) const |
| 480 { | 518 { |
| 481 builder.reserveCapacity(m_protocol.length() + m_host.length() + 10); | |
| 482 builder.append(m_protocol); | 519 builder.append(m_protocol); |
| 483 builder.appendLiteral("://"); | 520 builder.appendLiteral("://"); |
| 521 if (hasSuborigin()) { |
| 522 builder.append(m_suboriginName); |
| 523 builder.appendLiteral("_"); |
| 524 } |
| 484 builder.append(m_host); | 525 builder.append(m_host); |
| 485 | 526 |
| 486 if (m_port) { | 527 if (m_port) { |
| 487 builder.append(':'); | 528 builder.append(':'); |
| 488 builder.appendNumber(m_port); | 529 builder.appendNumber(m_port); |
| 489 } | 530 } |
| 490 } | 531 } |
| 491 | 532 |
| 492 PassRefPtr<SecurityOrigin> SecurityOrigin::createFromString(const String& origin
String) | 533 PassRefPtr<SecurityOrigin> SecurityOrigin::createFromString(const String& origin
String) |
| 493 { | 534 { |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 527 } | 568 } |
| 528 | 569 |
| 529 void SecurityOrigin::transferPrivilegesFrom(const SecurityOrigin& origin) | 570 void SecurityOrigin::transferPrivilegesFrom(const SecurityOrigin& origin) |
| 530 { | 571 { |
| 531 m_universalAccess = origin.m_universalAccess; | 572 m_universalAccess = origin.m_universalAccess; |
| 532 m_canLoadLocalResources = origin.m_canLoadLocalResources; | 573 m_canLoadLocalResources = origin.m_canLoadLocalResources; |
| 533 m_enforceFilePathSeparation = origin.m_enforceFilePathSeparation; | 574 m_enforceFilePathSeparation = origin.m_enforceFilePathSeparation; |
| 534 } | 575 } |
| 535 | 576 |
| 536 } // namespace blink | 577 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1109633002:
Basic experimental suborigin CSP directive and SecurityOrigin mods (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master