Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(130)

Side by Side Diff: third_party/WebKit/Source/core/dom/Document.cpp

Issue 1754713006: CORS-RFC1918: Introduce the 'addressSpace' IDL attributes. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: philip Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) 3 * (C) 1999 Antti Koivisto (koivisto@kde.org)
4 * (C) 2001 Dirk Mueller (mueller@kde.org) 4 * (C) 2001 Dirk Mueller (mueller@kde.org)
5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org) 5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org)
6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r ights reserved. 6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r ights reserved.
7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/) 7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/)
8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved. 8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved.
9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies) 9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies)
10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved. 10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved.
(...skipping 4899 matching lines...) Expand 10 before | Expand all | Expand 10 after
4910 4910
4911 bool Document::useSecureKeyboardEntryWhenActive() const 4911 bool Document::useSecureKeyboardEntryWhenActive() const
4912 { 4912 {
4913 return m_useSecureKeyboardEntryWhenActive; 4913 return m_useSecureKeyboardEntryWhenActive;
4914 } 4914 }
4915 4915
4916 void Document::initSecurityContext(const DocumentInit& initializer) 4916 void Document::initSecurityContext(const DocumentInit& initializer)
4917 { 4917 {
4918 ASSERT(!securityOrigin()); 4918 ASSERT(!securityOrigin());
4919 4919
4920 setHostedInReservedIPRange(initializer.isHostedInReservedIPRange());
4921
4922 if (!initializer.hasSecurityContext()) { 4920 if (!initializer.hasSecurityContext()) {
4923 // No source for a security context. 4921 // No source for a security context.
4924 // This can occur via document.implementation.createDocument(). 4922 // This can occur via document.implementation.createDocument().
4925 m_cookieURL = KURL(ParsedURLString, emptyString()); 4923 m_cookieURL = KURL(ParsedURLString, emptyString());
4926 setSecurityOrigin(SecurityOrigin::createUnique()); 4924 setSecurityOrigin(SecurityOrigin::createUnique());
4927 initContentSecurityPolicy(); 4925 initContentSecurityPolicy();
4928 // Unique security origins cannot have a suborigin 4926 // Unique security origins cannot have a suborigin
4929 return; 4927 return;
4930 } 4928 }
4931 4929
(...skipping 20 matching lines...) Expand all
4952 } else if (initializer.owner()) { 4950 } else if (initializer.owner()) {
4953 m_cookieURL = initializer.owner()->cookieURL(); 4951 m_cookieURL = initializer.owner()->cookieURL();
4954 // We alias the SecurityOrigins to match Firefox, see Bug 15313 4952 // We alias the SecurityOrigins to match Firefox, see Bug 15313
4955 // https://bugs.webkit.org/show_bug.cgi?id=15313 4953 // https://bugs.webkit.org/show_bug.cgi?id=15313
4956 setSecurityOrigin(initializer.owner()->securityOrigin()); 4954 setSecurityOrigin(initializer.owner()->securityOrigin());
4957 } else { 4955 } else {
4958 m_cookieURL = m_url; 4956 m_cookieURL = m_url;
4959 setSecurityOrigin(SecurityOrigin::create(m_url)); 4957 setSecurityOrigin(SecurityOrigin::create(m_url));
4960 } 4958 }
4961 4959
4960 // Set the address space before setting up CSP, as the latter may override
4961 // the former via the 'treat-as-public-address' directive (see
4962 // https://mikewest.github.io/cors-rfc1918/#csp).
4963 if (initializer.isHostedInReservedIPRange()) {
4964 setAddressSpace(securityOrigin()->isLocalhost() ? WebURLRequest::Address SpaceLocal : WebURLRequest::AddressSpacePrivate);
4965 } else {
4966 setAddressSpace(WebURLRequest::AddressSpacePublic);
4967 }
4968
4962 if (importsController()) { 4969 if (importsController()) {
4963 // If this document is an HTML import, grab a reference to it's master d ocument's Content 4970 // If this document is an HTML import, grab a reference to it's master d ocument's Content
4964 // Security Policy. We don't call 'initContentSecurityPolicy' in this ca se, as we can't 4971 // Security Policy. We don't call 'initContentSecurityPolicy' in this ca se, as we can't
4965 // rebind the master document's policy object: its ExecutionContext need s to remain tied 4972 // rebind the master document's policy object: its ExecutionContext need s to remain tied
4966 // to the master document. 4973 // to the master document.
4967 setContentSecurityPolicy(importsController()->master()->contentSecurityP olicy()); 4974 setContentSecurityPolicy(importsController()->master()->contentSecurityP olicy());
4968 } else { 4975 } else {
4969 initContentSecurityPolicy(); 4976 initContentSecurityPolicy();
4970 } 4977 }
4971 4978
(...skipping 1016 matching lines...) Expand 10 before | Expand all | Expand 10 after
5988 #ifndef NDEBUG 5995 #ifndef NDEBUG
5989 using namespace blink; 5996 using namespace blink;
5990 void showLiveDocumentInstances() 5997 void showLiveDocumentInstances()
5991 { 5998 {
5992 Document::WeakDocumentSet& set = Document::liveDocumentSet(); 5999 Document::WeakDocumentSet& set = Document::liveDocumentSet();
5993 fprintf(stderr, "There are %u documents currently alive:\n", set.size()); 6000 fprintf(stderr, "There are %u documents currently alive:\n", set.size());
5994 for (Document* document : set) 6001 for (Document* document : set)
5995 fprintf(stderr, "- Document %p URL: %s\n", document, document->url().get String().utf8().data()); 6002 fprintf(stderr, "- Document %p URL: %s\n", document, document->url().get String().utf8().data());
5996 } 6003 }
5997 #endif 6004 #endif
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698