Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(441)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: public/webview/WebSecurityPolicy.h

Issue 16623002: mv public/webview to public/webpage (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 7 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « public/webview/WebSecurityOrigin.h ('k') | public/webview/WebSelectElement.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 /*
2 * Copyright (C) 2009 Google Inc. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are
6 * met:
7 *
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above
11 * copyright notice, this list of conditions and the following disclaimer
12 * in the documentation and/or other materials provided with the
13 * distribution.
14 * * Neither the name of Google Inc. nor the names of its
15 * contributors may be used to endorse or promote products derived from
16 * this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
31 #ifndef WebSecurityPolicy_h
32 #define WebSecurityPolicy_h
33
34 #include "../platform/WebCommon.h"
35 #include "../platform/WebReferrerPolicy.h"
36
37 namespace WebKit {
38
39 class WebString;
40 class WebURL;
41
42 class WebSecurityPolicy {
43 public:
44 // Registers a URL scheme to be treated as a local scheme (i.e., with the
45 // same security rules as those applied to "file" URLs). This means that
46 // normal pages cannot link to or access URLs of this scheme.
47 WEBKIT_EXPORT static void registerURLSchemeAsLocal(const WebString&);
48
49 // Registers a URL scheme to be treated as a noAccess scheme. This means
50 // that pages loaded with this URL scheme cannot access pages loaded with
51 // any other URL scheme.
52 WEBKIT_EXPORT static void registerURLSchemeAsNoAccess(const WebString&);
53
54 // Registers a URL scheme to be treated as display-isolated. This means
55 // that pages cannot display these URLs unless they are from the same
56 // scheme. For example, pages in other origin cannot create iframes or
57 // hyperlinks to URLs with the scheme.
58 WEBKIT_EXPORT static void registerURLSchemeAsDisplayIsolated(const WebString &);
59
60 // Registers a URL scheme to not generate mixed content warnings when
61 // included by an HTTPS page.
62 WEBKIT_EXPORT static void registerURLSchemeAsSecure(const WebString&);
63
64 // Registers a non-HTTP URL scheme which can be sent CORS requests.
65 WEBKIT_EXPORT static void registerURLSchemeAsCORSEnabled(const WebString&);
66
67 // Registers a URL scheme whose resources can be loaded regardless of a page 's Content Security Policy.
68 WEBKIT_EXPORT static void registerURLSchemeAsBypassingContentSecurityPolicy( const WebString&);
69
70 // Registers a URL scheme as strictly empty documents, allowing them to
71 // commit synchronously.
72 WEBKIT_EXPORT static void registerURLSchemeAsEmptyDocument(const WebString&) ;
73
74 // Support for whitelisting access to origins beyond the same-origin policy.
75 WEBKIT_EXPORT static void addOriginAccessWhitelistEntry(
76 const WebURL& sourceOrigin, const WebString& destinationProtocol,
77 const WebString& destinationHost, bool allowDestinationSubdomains);
78 WEBKIT_EXPORT static void removeOriginAccessWhitelistEntry(
79 const WebURL& sourceOrigin, const WebString& destinationProtocol,
80 const WebString& destinationHost, bool allowDestinationSubdomains);
81 WEBKIT_EXPORT static void resetOriginAccessWhitelists();
82
83 // Returns whether the url should be allowed to see the referrer
84 // based on their respective protocols.
85 // FIXME: remove this function once the chromium side has landed.
86 WEBKIT_EXPORT static bool shouldHideReferrer(const WebURL&, const WebString& referrer);
87
88 // Returns the referrer modified according to the referrer policy for a
89 // navigation to a given URL. If the referrer returned is empty, the
90 // referrer header should be omitted.
91 WEBKIT_EXPORT static WebString generateReferrerHeader(WebReferrerPolicy, con st WebURL&, const WebString& referrer);
92
93 // Registers an URL scheme to not allow manipulation of the loaded page
94 // by bookmarklets or javascript: URLs typed in the omnibox.
95 WEBKIT_EXPORT static void registerURLSchemeAsNotAllowingJavascriptURLs(const WebString&);
96
97 private:
98 WebSecurityPolicy();
99 };
100
101 } // namespace WebKit
102
103 #endif
OLDNEW
« no previous file with comments | « public/webview/WebSecurityOrigin.h ('k') | public/webview/WebSelectElement.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698