| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2007 Apple Inc. All rights reserved. | 2 * Copyright (C) 2007 Apple Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * | 7 * |
| 8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
| (...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 119 | 119 |
| 120 SecurityOrigin::SecurityOrigin(const KURL& url) | 120 SecurityOrigin::SecurityOrigin(const KURL& url) |
| 121 : m_protocol(url.protocol().isNull() ? "" : url.protocol().lower()) | 121 : m_protocol(url.protocol().isNull() ? "" : url.protocol().lower()) |
| 122 , m_host(url.host().isNull() ? "" : url.host().lower()) | 122 , m_host(url.host().isNull() ? "" : url.host().lower()) |
| 123 , m_port(url.port()) | 123 , m_port(url.port()) |
| 124 , m_effectivePort(url.port() ? url.port() : defaultPortForProtocol(m_protoco
l)) | 124 , m_effectivePort(url.port() ? url.port() : defaultPortForProtocol(m_protoco
l)) |
| 125 , m_isUnique(false) | 125 , m_isUnique(false) |
| 126 , m_universalAccess(false) | 126 , m_universalAccess(false) |
| 127 , m_domainWasSetInDOM(false) | 127 , m_domainWasSetInDOM(false) |
| 128 , m_blockLocalAccessFromLocalOrigin(false) | 128 , m_blockLocalAccessFromLocalOrigin(false) |
| 129 , m_isUniqueOriginPotentiallyTrustworthy(false) |
| 129 { | 130 { |
| 130 // Suborigins are serialized into the host, so extract it if necessary. | 131 // Suborigins are serialized into the host, so extract it if necessary. |
| 131 String suboriginName; | 132 String suboriginName; |
| 132 if (deserializeSuboriginAndHost(m_host, suboriginName, m_host)) | 133 if (deserializeSuboriginAndHost(m_host, suboriginName, m_host)) |
| 133 addSuborigin(suboriginName); | 134 addSuborigin(suboriginName); |
| 134 | 135 |
| 135 // document.domain starts as m_host, but can be set by the DOM. | 136 // document.domain starts as m_host, but can be set by the DOM. |
| 136 m_domain = m_host; | 137 m_domain = m_host; |
| 137 | 138 |
| 138 if (isDefaultPortForProtocol(m_port, m_protocol)) | 139 if (isDefaultPortForProtocol(m_port, m_protocol)) |
| 139 m_port = InvalidPort; | 140 m_port = InvalidPort; |
| 140 | 141 |
| 141 // By default, only local SecurityOrigins can load local resources. | 142 // By default, only local SecurityOrigins can load local resources. |
| 142 m_canLoadLocalResources = isLocal(); | 143 m_canLoadLocalResources = isLocal(); |
| 143 } | 144 } |
| 144 | 145 |
| 145 SecurityOrigin::SecurityOrigin() | 146 SecurityOrigin::SecurityOrigin() |
| 146 : m_protocol("") | 147 : m_protocol("") |
| 147 , m_host("") | 148 , m_host("") |
| 148 , m_domain("") | 149 , m_domain("") |
| 149 , m_suboriginName(WTF::String()) | 150 , m_suboriginName(WTF::String()) |
| 150 , m_port(InvalidPort) | 151 , m_port(InvalidPort) |
| 151 , m_effectivePort(InvalidPort) | 152 , m_effectivePort(InvalidPort) |
| 152 , m_isUnique(true) | 153 , m_isUnique(true) |
| 153 , m_universalAccess(false) | 154 , m_universalAccess(false) |
| 154 , m_domainWasSetInDOM(false) | 155 , m_domainWasSetInDOM(false) |
| 155 , m_canLoadLocalResources(false) | 156 , m_canLoadLocalResources(false) |
| 156 , m_blockLocalAccessFromLocalOrigin(false) | 157 , m_blockLocalAccessFromLocalOrigin(false) |
| 158 , m_isUniqueOriginPotentiallyTrustworthy(false) |
| 157 { | 159 { |
| 158 } | 160 } |
| 159 | 161 |
| 160 SecurityOrigin::SecurityOrigin(const SecurityOrigin* other) | 162 SecurityOrigin::SecurityOrigin(const SecurityOrigin* other) |
| 161 : m_protocol(other->m_protocol.isolatedCopy()) | 163 : m_protocol(other->m_protocol.isolatedCopy()) |
| 162 , m_host(other->m_host.isolatedCopy()) | 164 , m_host(other->m_host.isolatedCopy()) |
| 163 , m_domain(other->m_domain.isolatedCopy()) | 165 , m_domain(other->m_domain.isolatedCopy()) |
| 164 , m_suboriginName(other->m_suboriginName.isolatedCopy()) | 166 , m_suboriginName(other->m_suboriginName.isolatedCopy()) |
| 165 , m_port(other->m_port) | 167 , m_port(other->m_port) |
| 166 , m_effectivePort(other->m_effectivePort) | 168 , m_effectivePort(other->m_effectivePort) |
| 167 , m_isUnique(other->m_isUnique) | 169 , m_isUnique(other->m_isUnique) |
| 168 , m_universalAccess(other->m_universalAccess) | 170 , m_universalAccess(other->m_universalAccess) |
| 169 , m_domainWasSetInDOM(other->m_domainWasSetInDOM) | 171 , m_domainWasSetInDOM(other->m_domainWasSetInDOM) |
| 170 , m_canLoadLocalResources(other->m_canLoadLocalResources) | 172 , m_canLoadLocalResources(other->m_canLoadLocalResources) |
| 171 , m_blockLocalAccessFromLocalOrigin(other->m_blockLocalAccessFromLocalOrigin
) | 173 , m_blockLocalAccessFromLocalOrigin(other->m_blockLocalAccessFromLocalOrigin
) |
| 174 , m_isUniqueOriginPotentiallyTrustworthy(other->m_isUniqueOriginPotentiallyT
rustworthy) |
| 172 { | 175 { |
| 173 } | 176 } |
| 174 | 177 |
| 175 PassRefPtr<SecurityOrigin> SecurityOrigin::create(const KURL& url) | 178 PassRefPtr<SecurityOrigin> SecurityOrigin::create(const KURL& url) |
| 176 { | 179 { |
| 177 if (RefPtr<SecurityOrigin> origin = cachedOrigin(url)) | 180 if (RefPtr<SecurityOrigin> origin = cachedOrigin(url)) |
| 178 return origin.release(); | 181 return origin.release(); |
| 179 | 182 |
| 180 if (shouldTreatAsUniqueOrigin(url)) { | 183 if (shouldTreatAsUniqueOrigin(url)) { |
| 181 RefPtr<SecurityOrigin> origin = adoptRef(new SecurityOrigin()); | 184 RefPtr<SecurityOrigin> origin = adoptRef(new SecurityOrigin()); |
| (...skipping 167 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 349 | 352 |
| 350 if (SchemeRegistry::shouldTreatURLSchemeAsLocal(protocol)) | 353 if (SchemeRegistry::shouldTreatURLSchemeAsLocal(protocol)) |
| 351 return canLoadLocalResources() || SecurityPolicy::isAccessToURLWhiteList
ed(this, url); | 354 return canLoadLocalResources() || SecurityPolicy::isAccessToURLWhiteList
ed(this, url); |
| 352 | 355 |
| 353 return true; | 356 return true; |
| 354 } | 357 } |
| 355 | 358 |
| 356 bool SecurityOrigin::isPotentiallyTrustworthy() const | 359 bool SecurityOrigin::isPotentiallyTrustworthy() const |
| 357 { | 360 { |
| 358 ASSERT(m_protocol != "data"); | 361 ASSERT(m_protocol != "data"); |
| 362 if (isUnique()) |
| 363 return m_isUniqueOriginPotentiallyTrustworthy; |
| 364 |
| 359 if (SchemeRegistry::shouldTreatURLSchemeAsSecure(m_protocol) || isLocal() ||
isLocalhost()) | 365 if (SchemeRegistry::shouldTreatURLSchemeAsSecure(m_protocol) || isLocal() ||
isLocalhost()) |
| 360 return true; | 366 return true; |
| 361 | 367 |
| 362 if (SecurityPolicy::isOriginWhiteListedTrustworthy(*this)) | 368 if (SecurityPolicy::isOriginWhiteListedTrustworthy(*this)) |
| 363 return true; | 369 return true; |
| 364 | 370 |
| 365 return false; | 371 return false; |
| 366 } | 372 } |
| 367 | 373 |
| 368 // static | 374 // static |
| (...skipping 175 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 544 return privilegeData.release(); | 550 return privilegeData.release(); |
| 545 } | 551 } |
| 546 | 552 |
| 547 void SecurityOrigin::transferPrivilegesFrom(PassOwnPtr<PrivilegeData> privilegeD
ata) | 553 void SecurityOrigin::transferPrivilegesFrom(PassOwnPtr<PrivilegeData> privilegeD
ata) |
| 548 { | 554 { |
| 549 m_universalAccess = privilegeData->m_universalAccess; | 555 m_universalAccess = privilegeData->m_universalAccess; |
| 550 m_canLoadLocalResources = privilegeData->m_canLoadLocalResources; | 556 m_canLoadLocalResources = privilegeData->m_canLoadLocalResources; |
| 551 m_blockLocalAccessFromLocalOrigin = privilegeData->m_blockLocalAccessFromLoc
alOrigin; | 557 m_blockLocalAccessFromLocalOrigin = privilegeData->m_blockLocalAccessFromLoc
alOrigin; |
| 552 } | 558 } |
| 553 | 559 |
| 560 void SecurityOrigin::setUniqueOriginIsPotentiallyTrustworthy(bool isUniqueOrigin
PotentiallyTrustworthy) |
| 561 { |
| 562 ASSERT(!isUniqueOriginPotentiallyTrustworthy || isUnique()); |
| 563 m_isUniqueOriginPotentiallyTrustworthy = isUniqueOriginPotentiallyTrustworth
y; |
| 564 } |
| 565 |
| 554 } // namespace blink | 566 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1723753002:
Make Document::isSecureContext() work for OOPIFs (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master