Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(671)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/origin_util.cc

Issue 1905033002: PlzNavigate: Move navigation-level mixed content checks to the browser. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@console-security-message
Patch Set: Minor changes from nasko@'s comments Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/common/frame_messages.h ('k') | content/public/browser/web_contents_delegate.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/public/common/origin_util.h" 5 #include "content/public/common/origin_util.h"
6 6
7 #include "base/lazy_instance.h" 7 #include "base/lazy_instance.h"
8 #include "base/macros.h" 8 #include "base/macros.h"
9 #include "base/stl_util.h" 9 #include "base/stl_util.h"
10 #include "content/common/url_schemes.h" 10 #include "content/common/url_schemes.h"
11 #include "net/base/url_util.h" 11 #include "net/base/url_util.h"
12 #include "url/gurl.h" 12 #include "url/gurl.h"
13 #include "url/url_util.h" 13 #include "url/url_util.h"
14 14
15 namespace {
16
17 // This function partially reflects the result from SecurityOrigin::isUnique,
18 // not its actual implementation. It takes into account how
19 // SecurityOrigin::create might return unique origins for URLs whose schemes are
20 // included in SchemeRegistry::shouldTreatURLSchemeAsNoAccess.
21 bool IsOriginUnique(const url::Origin& origin) {
22 return origin.unique() ||
23 base::ContainsValue(url::GetNoAccessSchemes(), origin.scheme());
24 }
25
26 } // namespace
27
15 namespace content { 28 namespace content {
16 29
17 bool IsOriginSecure(const GURL& url) { 30 bool IsOriginSecure(const GURL& url) {
18 if (url.SchemeIsCryptographic() || url.SchemeIsFile()) 31 if (url.SchemeIsCryptographic() || url.SchemeIsFile())
19 return true; 32 return true;
20 33
21 if (url.SchemeIsFileSystem() && url.inner_url() && 34 if (url.SchemeIsFileSystem() && url.inner_url() &&
22 IsOriginSecure(*url.inner_url())) { 35 IsOriginSecure(*url.inner_url())) {
23 return true; 36 return true;
24 } 37 }
25 38
26 std::string hostname = url.HostNoBrackets(); 39 std::string hostname = url.HostNoBrackets();
27 if (net::IsLocalhost(hostname)) 40 if (net::IsLocalhost(hostname))
28 return true; 41 return true;
29 42
30 if (base::ContainsValue(url::GetSecureSchemes(), url.scheme())) 43 if (base::ContainsValue(url::GetSecureSchemes(), url.scheme()))
31 return true; 44 return true;
32 45
33 if (base::ContainsValue(GetSecureOrigins(), url.GetOrigin())) { 46 if (base::ContainsValue(GetSecureOrigins(), url.GetOrigin()))
34 return true; 47 return true;
35 }
36 48
37 return false; 49 return false;
38 } 50 }
39 51
40 bool OriginCanAccessServiceWorkers(const GURL& url) { 52 bool OriginCanAccessServiceWorkers(const GURL& url) {
41 if (url.SchemeIsHTTPOrHTTPS() && IsOriginSecure(url)) 53 if (url.SchemeIsHTTPOrHTTPS() && IsOriginSecure(url))
42 return true; 54 return true;
43 55
44 if (base::ContainsValue(GetServiceWorkerSchemes(), url.scheme())) { 56 if (base::ContainsValue(GetServiceWorkerSchemes(), url.scheme())) {
45 return true; 57 return true;
46 } 58 }
47 59
48 return false; 60 return false;
49 } 61 }
50 62
63 bool IsOriginWhiteListedTrustworthy(const url::Origin& origin) {
64 if (IsOriginUnique(origin))
65 return false;
66
67 return base::ContainsValue(GetSecureOrigins(),
68 origin.GetURL().HostNoBrackets());
69 }
70
71 bool IsPotentiallyTrustworthyOrigin(const url::Origin& origin) {
72 // Note: Considering this mirrors SecurityOrigin::isPotentiallyTrustworthy, it
73 // assumes m_isUniqueOriginPotentiallyTrustworthy is set to false. This
74 // implementation follows Blink's default behavior but in the renderer it can
75 // be changed per instance by calls to
76 // SecurityOrigin::setUniqueOriginIsPotentiallyTrustworthy.
77 if (IsOriginUnique(origin))
78 return false;
79
80 if (base::ContainsValue(url::GetSecureSchemes(), origin.scheme()) ||
81 base::ContainsValue(url::GetLocalSchemes(), origin.scheme()) ||
82 net::IsLocalhost(origin.GetURL().HostNoBrackets())) {
83 return true;
84 }
85
86 if (IsOriginWhiteListedTrustworthy(origin))
87 return true;
88
89 return false;
90 }
91
51 } // namespace content 92 } // namespace content
OLDNEW
« no previous file with comments | « content/common/frame_messages.h ('k') | content/public/browser/web_contents_delegate.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698