url/origin.h - Issue 1224293002: Introduce 'url::Origin'.

Side by Side Diff: url/origin.h

Issue 1224293002: Introduce 'url::Origin'. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@url-schemehostport

Patch Set: Created 5 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright 2015 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #ifndef URL_ORIGIN_H_

	6 #define URL_ORIGIN_H_

	7

	8 #include <string>

	9

	10 #include "base/strings/string16.h"

	11 #include "url/scheme_host_port.h"

	12 #include "url/third_party/mozilla/url_parse.h"

	13 #include "url/url_canon.h"

	14 #include "url/url_constants.h"

	15 #include "url/url_export.h"

	16

	17 class GURL;

	18

	19 namespace url {

	20

	21 // An Origin is a tuple of (scheme, host, port), as described in RFC 6454.
	Ryan Sleevi 2015/07/10 11:59:54 I would hope that immediately after stating this, I would hope that immediately after stating this, in the first paragraph (e.g. before line 23), explain explicitly how these differ from url::SchemeHostPort. Otherwise, I think the confusion will still exist. Since Origin is composed on SchemeHostPort, that sort of 'downreference' in comments is certainly allowed. My stab, which is probably bad and I should feel bad, is // While both SchemeHostPort and Origin are composed of tuples of (scheme, host, port), it's important to // understand they reflect different conceptual models. A SchemeHostPort reflects the underlying storage of // a standard-schemed URL (that is, the generic URL syntax of RFC 3986, using scheme://authority ), where // authority is a host and optional port (ignoring the user@ portion). However, an Origin is the fundamental // concept of the web's security model, and represents the boundaries in which user agents generally // compartmentalize information, and between which user agents enforce access controls. // // An Origin may be created from a variety of URLs, not just those using the generic syntax, and an // Origin may not necessarily represent a reachable network endpoint. For example, an empty Origin // is a valid concept, indicating that it is unique and different from all other Origins, including itself, // while an empty SchemeHostPort is an invalid object. // // The choice between whether to use Origin or SchemeHostPort depends on the context. For // example, if recording a list of active network connections, a SchemeHostPort may be wholly // appropriate - it's just a storage of the tuple of information used to establish that network connection. // However, if performing access checks for some resource, for persisting things in to long term // storage, or for determining access controls between two arbitrary URLs, it's generally more // appropriate to use an Origin, to ensure that the security separation between Origins is preserved. // // There are a few subtleties to note: That's way wordier, and I'm sure you can further distill it to core points. But I think as we land this, we want to provide clear and canonical documentation for people about when they should prefer things. Likewise, in SchemeHostPort, we want to be clear to indicate that it shouldn't be used for security-relevant access checks, and instead should be seen moreso as a cache key of sorts for network-related information. Mike West 2015/07/17 09:58:09 Poked at the text a bit. Show quoted text On 2015/07/10 at 11:59:54, Ryan Sleevi (slow through 7-15 wrote: > That's way wordier, and I'm sure you can further distill it to core points. But I think as we land this, we want to provide clear and canonical documentation for people about when they should prefer things. Likewise, in SchemeHostPort, we want to be clear to indicate that it shouldn't be used for security-relevant access checks, and instead should be seen moreso as a cache key of sorts for network-related information. Poked at the text a bit.
	22 //

	23 // Origins are the fundamental component of the web's security model, and

	24 // represent the boundries within which user agents generally compartmentalize

	25 // information, and between which user agents enforce access controls.

	26 //

	27 // This class ought to be used when code needs to determine if two resources

	28 // are "same-origin", and when a canonical serialization of an origin is

	29 // required.

	30 //

	31 // Some origins are "unique", meaning that they are not same-origin with any

	32 // other origin (including themselves).

	33 //

	34 // There are a few subtleties to note:

	35 //

	36 // * Invalid and non-standard GURLs are parsed as unique origins. This includes

	37 // non-hierarchical URLs like 'data:text/html,...' and 'javascript:alert(1)'.

	38 //

	39 // * GURLs with a 'file' scheme are tricky. They are parsed as ('file', '', 0),

	40 // and are difficult to reason about in the abstract.
	Ryan Sleevi 2015/07/10 11:59:54 I feel like something more may be warranted to her I feel like something more may be warranted to here.
	41 //

	42 // * Unique origins all serialize to the string "null"; this means that the

	43 // serializations of two unique origins are '==' to each other, though the
	Ryan Sleevi 2015/07/10 11:59:54 s/are '==' to each other/are identical/ s/are '==' to each other/are identical/ Mike West 2015/07/17 09:58:09 Done. Show quoted text On 2015/07/10 at 11:59:54, Ryan Sleevi (slow through 7-15 wrote: > s/are '==' to each other/are identical/ Done.
	44 // origins themselves are not "the same". This means that origins'

	45 // serializations must not be relied upon for security checks.

	46 //

	47 // * GURLs with schemes of 'filesystem' or 'blob' parse the origin out of the

	48 // internals of the URL. That is, 'filesystem:https://example.com/temporary/f'

	49 // is parsed as ('https', 'example.com', 443).

	50 //

	51 // * The host component of an IPv6 address includes brackets, just like the URL

	52 // representation.
	Ryan Sleevi 2015/07/10 11:59:53 Why is this? I found it a bit surprising? Why is this? I found it a bit surprising? Mike West 2015/07/17 09:58:09 Why wouldn't we do this? It matches the representa Show quoted text On 2015/07/10 at 11:59:53, Ryan Sleevi (slow through 7-15 wrote: > Why is this? I found it a bit surprising? Why wouldn't we do this? It matches the representation you'll get in JavaScript, and the representation you get from GURL.
	53 //

	54 // Usage:

	55 //

	56 // * Origins are generally constructed from GURL objects:
	Ryan Sleevi 2015/07/10 11:59:53 When I first read this comment, I had to scroll do When I first read this comment, I had to scroll down to see if you had an explicit scheme/host/port constructor, since that what I was expecting with the way this was worded. Perhaps an alternative wording // * Unless creating a unique Origin, Origins are constructed from an already canonicalized GURL: Mike West 2015/07/17 09:58:09 Ran with something like that. Show quoted text On 2015/07/10 at 11:59:53, Ryan Sleevi (slow through 7-15 wrote: > // * Unless creating a unique Origin, Origins are constructed from an already canonicalized GURL: Ran with something like that.
	57 //

	58 // GURL url("https://example.com/");
	Ryan Sleevi 2015/07/10 11:59:53 wrong indent level (2 != 4) wrong indent level (2 != 4) Mike West 2015/07/17 09:58:09 [Insert eye rolling here.] Show quoted text On 2015/07/10 at 11:59:53, Ryan Sleevi (slow through 7-15 wrote: > wrong indent level (2 != 4) [Insert eye rolling here.]
	59 // url::Origin origin(url);

	60 // origin.scheme(); // "https"

	61 // origin.host(); // "example.com"

	62 // origin.port(); // 443

	63 // origin.IsUnique(); // false

	64 //

	65 // * To answer the question "Are \|this\| and \|that\| "same-origin" with each

	66 // other?", use \|Origin::IsSameOriginWith\|:

	67 //

	68 // if (this.IsSameOriginWith(that)) {
	Ryan Sleevi 2015/07/10 11:59:53 wrong indent level (2 != 4) wrong indent level (2 != 4) Mike West 2015/07/17 09:58:09 [And here] Show quoted text On 2015/07/10 at 11:59:53, Ryan Sleevi (slow through 7-15 wrote: > wrong indent level (2 != 4) [And here]
	69 // // Amazingness goes here.
	Ryan Sleevi 2015/07/10 11:59:54 wrong indent level (2 != 4) wrong indent level (2 != 4) Mike West 2015/07/17 09:58:09 [Also here] Show quoted text On 2015/07/10 at 11:59:54, Ryan Sleevi (slow through 7-15 wrote: > wrong indent level (2 != 4) [Also here]
	70 // }

	71 class URL_EXPORT Origin {

	72 public:

	73 // Creates a unique Origin.

	74 Origin();

	75

	76 // Creates an Origin from \|url\|, as described at

	77 // https://url.spec.whatwg.org/#origin, with the following additions:

	78 //

	79 // 1. If \|url\| is invalid or non-standard, a unique Origin is constructed.

	80 // 2. 'filesystem' URLs behave as 'blob' URLs (that is, the origin is parsed

	81 // out of everything in the URL which follows the scheme).

	82 // 3. 'file' URLs all parse as ("file", "", 0).

	83 Origin(const GURL& url);

	84

	85 ~Origin();

	86

	87 std::string scheme() const { return tuple_.scheme(); }

	88 std::string host() const { return tuple_.host(); }

	89 uint16 port() const { return tuple_.port(); }

	90

	91 // Origins may be forcibly treated as unique; this operation is irreversable.

	92 void ForceUnique() { unique_ = true; }
	Ryan Sleevi 2015/07/10 11:59:53 I find this quite surprising. Why allow mutable st I find this quite surprising. Why allow mutable state at all? I'd much rather say you need to update the Origin to a new, unique origin, rather than have this method. Mike West 2015/07/17 09:58:09 I think we'll need this for `file:` URLs, as we ei Show quoted text On 2015/07/10 at 11:59:53, Ryan Sleevi (slow through 7-15 wrote: > I find this quite surprising. Why allow mutable state at all? I'd much rather say you need to update the Origin to a new, unique origin, rather than have this method. I think we'll need this for `file:` URLs, as we either treat them as unique or not depending on decisions the embedder makes. This, of course, is absurd, but it's the world we live in. I can drop it for the moment, and add it back in when we need it. shrug
	93 bool unique() const { return unique_; }

	94

	95 // An ASCII serialization of the Origin as per Section 6.2 of RFC 6454, with

	96 // the addition that Origins with a 'file' scheme serialize to "file://".

	97 std::string Serialize() const;

	98

	99 // Two Origins are "same-origin" iff their schemes, hosts, and ports are exact

	100 // matches; and neither is unique.

	101 bool IsSameOriginWith(const Origin& other) const;

	102

	103 // Allows SchemeHostPort to used as a key in STL (for example, a std::set or

	104 // std::map).

	105 bool operator<(const Origin& other) const;

	106 bool operator>(const Origin& other) const;
	Ryan Sleevi 2015/07/10 11:59:54 operator> is not needed. All that's needed for any operator> is not needed. All that's needed for anything on the StrictWeakOrdering is an operator< or an std::less<typename> override, with a preference for the former. With strict weak ordering requirements, operator < is presumed to have symmetric qualities, such that (a < b) == !(b < a). Equality is then equivalent to !(a < b) && !(b < a). Mike West 2015/07/17 09:58:09 Done. Show quoted text On 2015/07/10 at 11:59:54, Ryan Sleevi (slow through 7-15 wrote: > operator> is not needed. All that's needed for anything on the StrictWeakOrdering is an operator< or an std::less<typename> override, with a preference for the former. > > With strict weak ordering requirements, operator < is presumed to have symmetric qualities, such that (a < b) == !(b < a). Equality is then equivalent to !(a < b) && !(b < a). Done.
	107

	108 private:

	109 url::SchemeHostPort tuple_;

	110 bool unique_;
	Ryan Sleevi 2015/07/10 11:59:54 DISALLOW_COPY_AND_ASSIGN ? DISALLOW_COPY_AND_ASSIGN ?
	111 };

	112

	113 } // namespace url

	114

	115 #endif // URL_SCHEME_HOST_PORT_H_

OLD	NEW

« no previous file with comments | « url/BUILD.gn ('k') | url/origin.cc » ('j') | url/origin.cc » ('J')