Index: content/common/origin_util.cc |
diff --git a/content/common/origin_util.cc b/content/common/origin_util.cc |
index d6e806a3c85073b7e287415ebc2c1a93f9533d1f..2fdc553b5c55aeca570ec772f5ee53573222fe64 100644 |
--- a/content/common/origin_util.cc |
+++ b/content/common/origin_util.cc |
@@ -12,6 +12,19 @@ |
#include "url/gurl.h" |
#include "url/url_util.h" |
+namespace { |
+ |
+// This function partially reflects the result from SecurityOrigin::isUnique, |
+// not its actual implementation. It takes into account how |
+// SecurityOrigin::create might return unique origins for URLs whose schemes are |
+// included in SchemeRegistry::shouldTreatURLSchemeAsNoAccess. |
+bool IsOriginUnique(const url::Origin& origin) { |
+ return origin.unique() || |
+ base::ContainsValue(url::GetNoAccessSchemes(), origin.scheme()); |
+} |
+ |
+} // namespace |
+ |
namespace content { |
bool IsOriginSecure(const GURL& url) { |
@@ -30,9 +43,8 @@ bool IsOriginSecure(const GURL& url) { |
if (base::ContainsValue(url::GetSecureSchemes(), url.scheme())) |
return true; |
- if (base::ContainsValue(GetSecureOrigins(), url.GetOrigin())) { |
+ if (base::ContainsValue(GetSecureOrigins(), url.GetOrigin())) |
return true; |
- } |
return false; |
} |
@@ -48,4 +60,33 @@ bool OriginCanAccessServiceWorkers(const GURL& url) { |
return false; |
} |
+bool IsOriginWhiteListedTrustworthy(const url::Origin& origin) { |
+ if (IsOriginUnique(origin)) |
+ return false; |
+ |
+ return base::ContainsValue(GetSecureOrigins(), |
+ origin.GetURL().HostNoBrackets()); |
+} |
+ |
+bool IsPotentiallyTrustworthyOrigin(const url::Origin& origin) { |
+ // Note: Considering this mirrors SecurityOrigin::isPotentiallyTrustworthy, it |
+ // assumes m_isUniqueOriginPotentiallyTrustworthy is set to false. This |
+ // implementation follows Blink's default behavior but in the renderer it can |
+ // be changed per instance by calls to |
+ // SecurityOrigin::setUniqueOriginIsPotentiallyTrustworthy. |
+ if (IsOriginUnique(origin)) |
+ return false; |
+ |
+ if (base::ContainsValue(url::GetSecureSchemes(), origin.scheme()) || |
+ base::ContainsValue(url::GetLocalSchemes(), origin.scheme()) || |
+ net::IsLocalhost(origin.GetURL().HostNoBrackets())) { |
+ return true; |
+ } |
+ |
+ if (IsOriginWhiteListedTrustworthy(origin)) |
+ return true; |
+ |
+ return false; |
+} |
+ |
} // namespace content |