Add scheme exceptions for isSecureContext

third_party/WebKit/Source/platform/weborigin/SecurityPolicy.cpp

 /*
  * Copyright (C) 2011 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1.  Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  * 2.  Redistributions in binary form must reproduce the above copyright
@@ skipping 28 matching lines @@
 #include "wtf/OwnPtr.h"
 #include "wtf/PassOwnPtr.h"
 #include "wtf/Threading.h"
 #include "wtf/text/StringHash.h"
 
 namespace blink {
 
 using OriginAccessWhiteList = Vector<OriginAccessEntry>;
 using OriginAccessMap = HashMap<String, OwnPtr<OriginAccessWhiteList>>;
 using OriginSet = HashSet<String>;
+using SchemeSet = HashSet<String>;

[Mike West, 2015/10/06 07:22:34]

I'd prefer to see this done via `Source/platform/weborigin/SchemeRegistry.h`;
that's already a collection of scheme-based exclusion lists, so let's keep those
kinds of things together.

[jww, 2015/10/06 21:53:56]

Done.

 
 static OriginAccessMap& originAccessMap()
 {
     DEFINE_STATIC_LOCAL(OriginAccessMap, originAccessMap, ());
     return originAccessMap;
 }
 
 static OriginSet& trustworthyOriginSet()
 {
     DEFINE_STATIC_LOCAL(OriginSet, trustworthyOriginSet, ());
     return trustworthyOriginSet;
 }
 
+static SchemeSet& schemesBypassingSecureContextCheckSet()
+{
+    DEFINE_STATIC_LOCAL(SchemeSet, bypassSecureContextCheckSet, ());
+    return bypassSecureContextCheckSet;
+}
+
 void SecurityPolicy::init()
 {
     originAccessMap();
     trustworthyOriginSet();
+    schemesBypassingSecureContextCheckSet();
 }
 
 bool SecurityPolicy::shouldHideReferrer(const KURL& url, const String& referrer)
 {
     bool referrerIsSecureURL = protocolIs(referrer, "https");
     bool referrerIsWebURL = referrerIsSecureURL || protocolIs(referrer, "http");
 
     if (!referrerIsWebURL)
         return true;
 
@@ skipping 63 matching lines @@
     trustworthyOriginSet().add(origin->toRawString());
 }
 
 bool SecurityPolicy::isOriginWhiteListedTrustworthy(const SecurityOrigin& origin)
 {
     if (origin.isUnique())
         return false;
     return trustworthyOriginSet().contains(origin.toRawString());
 }
 
+void SecurityPolicy::addSchemeToBypassSecureContextWhitelist(const String& scheme)
+{
+    // Must be called before we start other threads.
+    ASSERT(WTF::isBeforeThreadCreated());
+    schemesBypassingSecureContextCheckSet().add(scheme);
+}
+
+bool SecurityPolicy::shouldOriginBypassSecureContextCheck(const SecurityOrigin& origin)
+{
+    if (origin.isUnique())
+        return false;
+    return schemesBypassingSecureContextCheckSet().contains(origin.protocol());
+}
+
 bool SecurityPolicy::isAccessWhiteListed(const SecurityOrigin* activeOrigin, const SecurityOrigin* targetOrigin)
 {
     if (OriginAccessWhiteList* list = originAccessMap().get(activeOrigin->toString())) {
         for (size_t i = 0; i < list->size();  ++i) {
             if (list->at(i).matchesOrigin(*targetOrigin) != OriginAccessEntry::DoesNotMatchOrigin)
                 return true;
         }
     }
     return false;
 }
@@ skipping 72 matching lines @@
         return true;
     }
     if (equalIgnoringCase(policy, "no-referrer-when-downgrade") || equalIgnoringCase(policy, "default")) {
         *result = ReferrerPolicyNoReferrerWhenDowngrade;
         return true;
     }
     return false;
 }
 
 } // namespace blink