OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/public/common/origin_util.h" | 5 #include "content/public/common/origin_util.h" |
6 | 6 |
7 #include "base/lazy_instance.h" | 7 #include "base/lazy_instance.h" |
8 #include "base/macros.h" | 8 #include "base/macros.h" |
9 #include "base/stl_util.h" | 9 #include "base/stl_util.h" |
10 #include "content/common/url_schemes.h" | 10 #include "content/common/url_schemes.h" |
11 #include "net/base/url_util.h" | 11 #include "net/base/url_util.h" |
12 #include "url/gurl.h" | 12 #include "url/gurl.h" |
13 #include "url/url_util.h" | 13 #include "url/url_util.h" |
14 | 14 |
| 15 namespace { |
| 16 |
| 17 // This function partially reflects the result from SecurityOrigin::isUnique, |
| 18 // not its actual implementation. It takes into account how |
| 19 // SecurityOrigin::create might return unique origins for URLs whose schemes are |
| 20 // included in SchemeRegistry::shouldTreatURLSchemeAsNoAccess. |
| 21 bool IsOriginUnique(const url::Origin& origin) { |
| 22 return origin.unique() || |
| 23 base::ContainsValue(url::GetNoAccessSchemes(), origin.scheme()); |
| 24 } |
| 25 |
| 26 } // namespace |
| 27 |
15 namespace content { | 28 namespace content { |
16 | 29 |
17 bool IsOriginSecure(const GURL& url) { | 30 bool IsOriginSecure(const GURL& url) { |
18 if (url.SchemeIsCryptographic() || url.SchemeIsFile()) | 31 if (url.SchemeIsCryptographic() || url.SchemeIsFile()) |
19 return true; | 32 return true; |
20 | 33 |
21 if (url.SchemeIsFileSystem() && url.inner_url() && | 34 if (url.SchemeIsFileSystem() && url.inner_url() && |
22 IsOriginSecure(*url.inner_url())) { | 35 IsOriginSecure(*url.inner_url())) { |
23 return true; | 36 return true; |
24 } | 37 } |
25 | 38 |
26 std::string hostname = url.HostNoBrackets(); | 39 std::string hostname = url.HostNoBrackets(); |
27 if (net::IsLocalhost(hostname)) | 40 if (net::IsLocalhost(hostname)) |
28 return true; | 41 return true; |
29 | 42 |
30 if (base::ContainsValue(url::GetSecureSchemes(), url.scheme())) | 43 if (base::ContainsValue(url::GetSecureSchemes(), url.scheme())) |
31 return true; | 44 return true; |
32 | 45 |
33 if (base::ContainsValue(GetSecureOrigins(), url.GetOrigin())) { | 46 if (base::ContainsValue(GetSecureOrigins(), url.GetOrigin())) |
34 return true; | 47 return true; |
35 } | |
36 | 48 |
37 return false; | 49 return false; |
38 } | 50 } |
39 | 51 |
40 bool OriginCanAccessServiceWorkers(const GURL& url) { | 52 bool OriginCanAccessServiceWorkers(const GURL& url) { |
41 if (url.SchemeIsHTTPOrHTTPS() && IsOriginSecure(url)) | 53 if (url.SchemeIsHTTPOrHTTPS() && IsOriginSecure(url)) |
42 return true; | 54 return true; |
43 | 55 |
44 if (base::ContainsValue(GetServiceWorkerSchemes(), url.scheme())) { | 56 if (base::ContainsValue(GetServiceWorkerSchemes(), url.scheme())) { |
45 return true; | 57 return true; |
46 } | 58 } |
47 | 59 |
48 return false; | 60 return false; |
49 } | 61 } |
50 | 62 |
| 63 bool IsOriginWhiteListedTrustworthy(const url::Origin& origin) { |
| 64 if (IsOriginUnique(origin)) |
| 65 return false; |
| 66 |
| 67 return base::ContainsValue(GetSecureOrigins(), |
| 68 origin.GetURL().HostNoBrackets()); |
| 69 } |
| 70 |
| 71 bool IsPotentiallyTrustworthyOrigin(const url::Origin& origin) { |
| 72 // Note: Considering this mirrors SecurityOrigin::isPotentiallyTrustworthy, it |
| 73 // assumes m_isUniqueOriginPotentiallyTrustworthy is set to false. This |
| 74 // implementation follows Blink's default behavior but in the renderer it can |
| 75 // be changed per instance by calls to |
| 76 // SecurityOrigin::setUniqueOriginIsPotentiallyTrustworthy. |
| 77 if (IsOriginUnique(origin)) |
| 78 return false; |
| 79 |
| 80 if (base::ContainsValue(url::GetSecureSchemes(), origin.scheme()) || |
| 81 base::ContainsValue(url::GetLocalSchemes(), origin.scheme()) || |
| 82 net::IsLocalhost(origin.GetURL().HostNoBrackets())) { |
| 83 return true; |
| 84 } |
| 85 |
| 86 if (IsOriginWhiteListedTrustworthy(origin)) |
| 87 return true; |
| 88 |
| 89 return false; |
| 90 } |
| 91 |
51 } // namespace content | 92 } // namespace content |
OLD | NEW |