Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/service_worker/service_worker_utils.h" | 5 #include "content/common/service_worker/service_worker_utils.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/command_line.h" | |
| 9 #include "base/logging.h" | 10 #include "base/logging.h" |
| 10 #include "base/strings/string_util.h" | 11 #include "base/strings/string_util.h" |
| 12 #include "content/public/common/content_switches.h" | |
|
nhiroki
2016/08/01 08:21:25
These inclusions are not necessary.
horo
2016/08/01 10:48:47
Done.
| |
| 11 #include "content/public/common/origin_util.h" | 13 #include "content/public/common/origin_util.h" |
| 12 | 14 |
| 13 namespace content { | 15 namespace content { |
| 14 | 16 |
| 15 namespace { | 17 namespace { |
| 16 | 18 |
| 17 bool PathContainsDisallowedCharacter(const GURL& url) { | 19 bool PathContainsDisallowedCharacter(const GURL& url) { |
| 18 std::string path = url.path(); | 20 std::string path = url.path(); |
| 19 DCHECK(base::IsStringUTF8(path)); | 21 DCHECK(base::IsStringUTF8(path)); |
| 20 | 22 |
| 21 // We should avoid these escaped characters in the path component because | 23 // We should avoid these escaped characters in the path component because |
| 22 // these can be handled differently depending on server implementation. | 24 // these can be handled differently depending on server implementation. |
| 23 if (path.find("%2f") != std::string::npos || | 25 if (path.find("%2f") != std::string::npos || |
| 24 path.find("%2F") != std::string::npos) { | 26 path.find("%2F") != std::string::npos) { |
| 25 return true; | 27 return true; |
| 26 } | 28 } |
| 27 if (path.find("%5c") != std::string::npos || | 29 if (path.find("%5c") != std::string::npos || |
| 28 path.find("%5C") != std::string::npos) { | 30 path.find("%5C") != std::string::npos) { |
| 29 return true; | 31 return true; |
| 30 } | 32 } |
| 31 return false; | 33 return false; |
| 32 } | 34 } |
| 33 | 35 |
| 34 bool AllOriginsMatch(const GURL& url_a, const GURL& url_b, const GURL& url_c) { | |
| 35 return url_a.GetOrigin() == url_b.GetOrigin() && | |
| 36 url_a.GetOrigin() == url_c.GetOrigin(); | |
| 37 } | |
| 38 | |
| 39 } // namespace | 36 } // namespace |
| 40 | 37 |
| 41 // static | 38 // static |
| 42 bool ServiceWorkerUtils::ScopeMatches(const GURL& scope, const GURL& url) { | 39 bool ServiceWorkerUtils::ScopeMatches(const GURL& scope, const GURL& url) { |
| 43 DCHECK(!scope.has_ref()); | 40 DCHECK(!scope.has_ref()); |
| 44 return base::StartsWith(url.spec(), scope.spec(), | 41 return base::StartsWith(url.spec(), scope.spec(), |
| 45 base::CompareCase::SENSITIVE); | 42 base::CompareCase::SENSITIVE); |
| 46 } | 43 } |
| 47 | 44 |
| 48 // static | 45 // static |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 109 return false; | 106 return false; |
| 110 } | 107 } |
| 111 | 108 |
| 112 // static | 109 // static |
| 113 bool ServiceWorkerUtils::CanRegisterServiceWorker(const GURL& context_url, | 110 bool ServiceWorkerUtils::CanRegisterServiceWorker(const GURL& context_url, |
| 114 const GURL& pattern, | 111 const GURL& pattern, |
| 115 const GURL& script_url) { | 112 const GURL& script_url) { |
| 116 DCHECK(context_url.is_valid()); | 113 DCHECK(context_url.is_valid()); |
| 117 DCHECK(pattern.is_valid()); | 114 DCHECK(pattern.is_valid()); |
| 118 DCHECK(script_url.is_valid()); | 115 DCHECK(script_url.is_valid()); |
| 119 return AllOriginsMatch(context_url, pattern, script_url) && | 116 return ServiceWorkerUtils::PassOriginEqualitySecurityCheck<GURL>( |
| 117 context_url, pattern, script_url) && | |
| 120 OriginCanAccessServiceWorkers(context_url) && | 118 OriginCanAccessServiceWorkers(context_url) && |
| 121 OriginCanAccessServiceWorkers(pattern) && | 119 OriginCanAccessServiceWorkers(pattern) && |
| 122 OriginCanAccessServiceWorkers(script_url); | 120 OriginCanAccessServiceWorkers(script_url); |
| 123 } | 121 } |
| 124 | 122 |
| 125 bool LongestScopeMatcher::MatchLongest(const GURL& scope) { | 123 bool LongestScopeMatcher::MatchLongest(const GURL& scope) { |
| 126 if (!ServiceWorkerUtils::ScopeMatches(scope, url_)) | 124 if (!ServiceWorkerUtils::ScopeMatches(scope, url_)) |
| 127 return false; | 125 return false; |
| 128 if (match_.is_empty() || match_.spec().size() < scope.spec().size()) { | 126 if (match_.is_empty() || match_.spec().size() < scope.spec().size()) { |
| 129 match_ = scope; | 127 match_ = scope; |
| 130 return true; | 128 return true; |
| 131 } | 129 } |
| 132 return false; | 130 return false; |
| 133 } | 131 } |
| 134 | 132 |
| 135 } // namespace content | 133 } // namespace content |
| OLD | NEW |