OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2011 Google Inc. All rights reserved. | 2 * Copyright (C) 2011 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * | 7 * |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 28 matching lines...) Expand all Loading... | |
39 #include "wtf/OwnPtr.h" | 39 #include "wtf/OwnPtr.h" |
40 #include "wtf/PassOwnPtr.h" | 40 #include "wtf/PassOwnPtr.h" |
41 #include "wtf/Threading.h" | 41 #include "wtf/Threading.h" |
42 #include "wtf/text/StringHash.h" | 42 #include "wtf/text/StringHash.h" |
43 | 43 |
44 namespace blink { | 44 namespace blink { |
45 | 45 |
46 using OriginAccessWhiteList = Vector<OriginAccessEntry>; | 46 using OriginAccessWhiteList = Vector<OriginAccessEntry>; |
47 using OriginAccessMap = HashMap<String, OwnPtr<OriginAccessWhiteList>>; | 47 using OriginAccessMap = HashMap<String, OwnPtr<OriginAccessWhiteList>>; |
48 using OriginSet = HashSet<String>; | 48 using OriginSet = HashSet<String>; |
49 using SchemeSet = HashSet<String>; | |
Mike West
2015/10/06 07:22:34
I'd prefer to see this done via `Source/platform/w
jww
2015/10/06 21:53:56
Done.
| |
49 | 50 |
50 static OriginAccessMap& originAccessMap() | 51 static OriginAccessMap& originAccessMap() |
51 { | 52 { |
52 DEFINE_STATIC_LOCAL(OriginAccessMap, originAccessMap, ()); | 53 DEFINE_STATIC_LOCAL(OriginAccessMap, originAccessMap, ()); |
53 return originAccessMap; | 54 return originAccessMap; |
54 } | 55 } |
55 | 56 |
56 static OriginSet& trustworthyOriginSet() | 57 static OriginSet& trustworthyOriginSet() |
57 { | 58 { |
58 DEFINE_STATIC_LOCAL(OriginSet, trustworthyOriginSet, ()); | 59 DEFINE_STATIC_LOCAL(OriginSet, trustworthyOriginSet, ()); |
59 return trustworthyOriginSet; | 60 return trustworthyOriginSet; |
60 } | 61 } |
61 | 62 |
63 static SchemeSet& schemesBypassingSecureContextCheckSet() | |
64 { | |
65 DEFINE_STATIC_LOCAL(SchemeSet, bypassSecureContextCheckSet, ()); | |
66 return bypassSecureContextCheckSet; | |
67 } | |
68 | |
62 void SecurityPolicy::init() | 69 void SecurityPolicy::init() |
63 { | 70 { |
64 originAccessMap(); | 71 originAccessMap(); |
65 trustworthyOriginSet(); | 72 trustworthyOriginSet(); |
73 schemesBypassingSecureContextCheckSet(); | |
66 } | 74 } |
67 | 75 |
68 bool SecurityPolicy::shouldHideReferrer(const KURL& url, const String& referrer) | 76 bool SecurityPolicy::shouldHideReferrer(const KURL& url, const String& referrer) |
69 { | 77 { |
70 bool referrerIsSecureURL = protocolIs(referrer, "https"); | 78 bool referrerIsSecureURL = protocolIs(referrer, "https"); |
71 bool referrerIsWebURL = referrerIsSecureURL || protocolIs(referrer, "http"); | 79 bool referrerIsWebURL = referrerIsSecureURL || protocolIs(referrer, "http"); |
72 | 80 |
73 if (!referrerIsWebURL) | 81 if (!referrerIsWebURL) |
74 return true; | 82 return true; |
75 | 83 |
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
139 trustworthyOriginSet().add(origin->toRawString()); | 147 trustworthyOriginSet().add(origin->toRawString()); |
140 } | 148 } |
141 | 149 |
142 bool SecurityPolicy::isOriginWhiteListedTrustworthy(const SecurityOrigin& origin ) | 150 bool SecurityPolicy::isOriginWhiteListedTrustworthy(const SecurityOrigin& origin ) |
143 { | 151 { |
144 if (origin.isUnique()) | 152 if (origin.isUnique()) |
145 return false; | 153 return false; |
146 return trustworthyOriginSet().contains(origin.toRawString()); | 154 return trustworthyOriginSet().contains(origin.toRawString()); |
147 } | 155 } |
148 | 156 |
157 void SecurityPolicy::addSchemeToBypassSecureContextWhitelist(const String& schem e) | |
158 { | |
159 // Must be called before we start other threads. | |
160 ASSERT(WTF::isBeforeThreadCreated()); | |
161 schemesBypassingSecureContextCheckSet().add(scheme); | |
162 } | |
163 | |
164 bool SecurityPolicy::shouldOriginBypassSecureContextCheck(const SecurityOrigin& origin) | |
165 { | |
166 if (origin.isUnique()) | |
167 return false; | |
168 return schemesBypassingSecureContextCheckSet().contains(origin.protocol()); | |
169 } | |
170 | |
149 bool SecurityPolicy::isAccessWhiteListed(const SecurityOrigin* activeOrigin, con st SecurityOrigin* targetOrigin) | 171 bool SecurityPolicy::isAccessWhiteListed(const SecurityOrigin* activeOrigin, con st SecurityOrigin* targetOrigin) |
150 { | 172 { |
151 if (OriginAccessWhiteList* list = originAccessMap().get(activeOrigin->toStri ng())) { | 173 if (OriginAccessWhiteList* list = originAccessMap().get(activeOrigin->toStri ng())) { |
152 for (size_t i = 0; i < list->size(); ++i) { | 174 for (size_t i = 0; i < list->size(); ++i) { |
153 if (list->at(i).matchesOrigin(*targetOrigin) != OriginAccessEntry::D oesNotMatchOrigin) | 175 if (list->at(i).matchesOrigin(*targetOrigin) != OriginAccessEntry::D oesNotMatchOrigin) |
154 return true; | 176 return true; |
155 } | 177 } |
156 } | 178 } |
157 return false; | 179 return false; |
158 } | 180 } |
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
231 return true; | 253 return true; |
232 } | 254 } |
233 if (equalIgnoringCase(policy, "no-referrer-when-downgrade") || equalIgnoring Case(policy, "default")) { | 255 if (equalIgnoringCase(policy, "no-referrer-when-downgrade") || equalIgnoring Case(policy, "default")) { |
234 *result = ReferrerPolicyNoReferrerWhenDowngrade; | 256 *result = ReferrerPolicyNoReferrerWhenDowngrade; |
235 return true; | 257 return true; |
236 } | 258 } |
237 return false; | 259 return false; |
238 } | 260 } |
239 | 261 |
240 } // namespace blink | 262 } // namespace blink |
OLD | NEW |