Check for equality of the URL's origin in replaceState/pushState

third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp

 /*
  * Copyright (C) 2007 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1.  Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  * 2.  Redistributions in binary form must reproduce the above copyright
@@ skipping 348 matching lines @@
 
     if (SchemeRegistry::shouldTreatURLSchemeAsDisplayIsolated(protocol))
         return m_protocol == protocol || SecurityPolicy::isAccessToURLWhiteListed(this, url);
 
     if (SchemeRegistry::shouldTreatURLSchemeAsLocal(protocol))
         return canLoadLocalResources() || SecurityPolicy::isAccessToURLWhiteListed(this, url);
 
     return true;
 }
 
+bool SecurityOrigin::areSamePageUrls(const KURL& a, const KURL& b) const
+{
+    if (m_universalAccess)
+        return true;
+
+    if (isUnique())
+        return false;
+
+    if (!equalIgnoringPathQueryAndFragment(a, b))

[brettw, 2015/12/08 05:41:32]

Personally, I would prefer manually checking scheme/host/port for equality
rather than adding this new function on KURL that's only called once. Would be
interested in Mike's opinion.

[robwu, 2015/12/08 08:45:17]

Checking for scheme/host/port equality is not sufficient, username/password
should also be ignored. To avoid hard-coding the meaning "URL minus path, query
and fragment" = "protocol, username, password, host and port", I've put the
helper method in KURL (so that others can also rely on it if wanted).

[Mike West, 2015/12/08 13:45:19]

This is defined somewhat strangely in HTML as "If any component of these two
URLs differ other than the path, query, and fragment components, then throw a
SecurityError exception and abort these steps."

This is fairly explicitly not an origin check; it's checking properties of the
page's URLs. To that end, I'd suggest that we should avoid putting the code in
'SecurityOrigin'. I spot-checked Firefox, and it agrees with the
username/password bits.

Given that this is the only place in the codebase that we need this kind of
check (and, given it's weirdness, I'd prefer not to encourage others to reuse
it), I'd suggest packing up the check in an anon. namepsace of `History.cpp`.

[robwu, 2015/12/08 14:10:39]

I presume that you're fine with exposing the value of m_universalAccess through
a getter on SecurityOrigin, because this was one of the reasons why I put this
implementation in SecurityOrigin.cpp?

[Mike West, 2015/12/08 14:18:41]

I would dearly love to murder that property entirely. Until that happens,
exposing it as a getter isn't a problem. :)

+        return false;
+
+    RefPtr<SecurityOrigin> originA = SecurityOrigin::create(a);
+    if (originA->isUnique() || !isSameSchemeHostPort(originA.get()))
+        return false;
+
+    RefPtr<SecurityOrigin> originB = SecurityOrigin::create(b);
+    if (originB->isUnique() || !isSameSchemeHostPort(originB.get()))
+        return false;
+
+    return true;
+}
+
 bool SecurityOrigin::isPotentiallyTrustworthy(String& errorMessage) const
 {
     ASSERT(m_protocol != "data");
     if (SchemeRegistry::shouldTreatURLSchemeAsSecure(m_protocol) || isLocal() || isLocalhost())
         return true;
 
     if (SecurityPolicy::isOriginWhiteListedTrustworthy(*this))
         return true;
 
     errorMessage = "Only secure origins are allowed (see: https://goo.gl/Y0ZkNV).";
@@ skipping 174 matching lines @@
 }
 
 void SecurityOrigin::transferPrivilegesFrom(PassOwnPtr<PrivilegeData> privilegeData)
 {
     m_universalAccess = privilegeData->m_universalAccess;
     m_canLoadLocalResources = privilegeData->m_canLoadLocalResources;
     m_blockLocalAccessFromLocalOrigin = privilegeData->m_blockLocalAccessFromLocalOrigin;
 }
 
 } // namespace blink