OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef FeaturePolicy_h | |
6 #define FeaturePolicy_h | |
7 | |
8 #include "platform/PlatformExport.h" | |
9 #include "platform/heap/Handle.h" | |
10 #include "platform/weborigin/SecurityOrigin.h" | |
11 #include "wtf/RefPtr.h" | |
12 #include "wtf/Vector.h" | |
13 #include "wtf/text/WTFString.h" | |
14 | |
15 namespace blink { | |
16 | |
17 // The FeaturePolicyFeatureDefault enum defines the default enable state for a | |
18 // feature when neither it nor any parent frame have declared an explicit | |
19 // policy. The three possibilities map directly to Feature Policy Whitelist | |
20 // semantics. | |
21 enum FeaturePolicyFeatureDefault { | |
22 // Equivalent to []. The feature is never available by default, and can only | |
23 // be enabled by an explicit policy. | |
24 kDisableFeatureForAllOrigins, | |
25 | |
26 // Equivalent to ["self"]. The feature is enabled for top-level frames, but | |
raymes
2016/10/18 02:42:31
nit: I think "top-level" is a bit misleading, beca
iclelland
2016/10/19 12:51:55
I think that's the point, though -- it's not true
raymes
2016/10/19 23:47:36
I guess my main concern with the wording was that
iclelland
2016/10/21 13:38:25
The wording is wrong, now that I've given it some
| |
27 // must be delegated to child frames in order for them to have access. | |
28 kEnableFeatureForSelf, | |
29 | |
30 // Equivalent to ["*"]. The feature is enabled by default for all frames, but | |
raymes
2016/10/18 02:42:31
all frames->for the current frame and all child fr
iclelland
2016/10/21 13:38:25
I don't think "the current frame" means anything w
| |
31 // can be disabled through policy by any frame, at which point it cannot be | |
32 // reenabled by any of that frame's children. | |
raymes
2016/10/18 02:42:31
nit: these 2 lines are a little confusing. I think
iclelland
2016/10/21 13:38:25
Done.
| |
33 kEnableFeatureForAllOrigins | |
34 }; | |
35 | |
36 // The FeaturePolicyFeature struct is used to define all features under control | |
37 // of Feature Policy. There should only be one instance of this struct for any | |
38 // given feature (declared below.) | |
raymes
2016/10/18 02:42:31
nit: declared below).
iclelland
2016/10/19 12:51:55
Done.
| |
39 struct FeaturePolicyFeature { | |
40 // The name of the feature, as it should appear in a policy string | |
41 const char* featureName; | |
42 | |
43 // Controls whether the feature should be available in the platform by | |
44 // default, in the absence of any declared policy. | |
45 FeaturePolicyFeatureDefault defaultPolicy; | |
46 }; | |
47 | |
48 // Declarations for all features currently under control of the Feature Policy | |
49 // mechanism should be placed here. | |
50 extern const PLATFORM_EXPORT FeaturePolicyFeature kDocumentCookie; | |
51 extern const PLATFORM_EXPORT FeaturePolicyFeature kDocumentDomain; | |
52 extern const PLATFORM_EXPORT FeaturePolicyFeature kDocumentWrite; | |
53 extern const PLATFORM_EXPORT FeaturePolicyFeature kGeolocationFeature; | |
54 extern const PLATFORM_EXPORT FeaturePolicyFeature kMidiFeature; | |
55 extern const PLATFORM_EXPORT FeaturePolicyFeature kNotificationsFeature; | |
56 extern const PLATFORM_EXPORT FeaturePolicyFeature kPaymentFeature; | |
57 extern const PLATFORM_EXPORT FeaturePolicyFeature kPushFeature; | |
58 extern const PLATFORM_EXPORT FeaturePolicyFeature kSyncScript; | |
59 extern const PLATFORM_EXPORT FeaturePolicyFeature kSyncXHR; | |
60 extern const PLATFORM_EXPORT FeaturePolicyFeature kUsermedia; | |
61 extern const PLATFORM_EXPORT FeaturePolicyFeature kVibrateFeature; | |
62 extern const PLATFORM_EXPORT FeaturePolicyFeature kWebRTC; | |
63 | |
64 class PLATFORM_EXPORT FeaturePolicy final | |
65 : public GarbageCollectedFinalized<FeaturePolicy> { | |
66 public: | |
67 static FeaturePolicy* createFromParentPolicy(const FeaturePolicy* parent, | |
68 RefPtr<SecurityOrigin>); | |
69 | |
70 // Adds a policy to a frame, taking into account any existing or default | |
71 // policy which applies. | |
72 void addPolicyFromString(const String& policy); | |
73 | |
74 // Returns whether or not the given feature is enabled by this policy. | |
75 bool isFeatureEnabledForOrigin(const FeaturePolicyFeature*, | |
76 const SecurityOrigin*) const; | |
77 | |
78 // Returns whether or not the given feature is enabled for the policy's | |
raymes
2016/10/18 02:42:31
nit: for the origin of the frame that owns the pol
iclelland
2016/10/19 12:51:55
Done.
| |
79 // origin. | |
80 bool isFeatureEnabled(const FeaturePolicyFeature*) const; | |
81 | |
82 // Returns the global feature registry; the set of all features which can be | |
83 // controlled by Feature Policy. | |
84 static Vector<const FeaturePolicyFeature*>& getFeatureRegistry(); | |
85 | |
86 String toString(); | |
87 | |
88 DECLARE_VIRTUAL_TRACE(); | |
89 | |
90 private: | |
91 // Represents a collection of origins which make up a whitelist in a feature | |
92 // policy. This collection may be set to match every origin (corresponding to | |
93 // the "*" syntax in the policy string, in which case the contains() method | |
94 // will always return true. | |
95 class Whitelist final : public GarbageCollectedFinalized<Whitelist> { | |
96 public: | |
97 Whitelist(); | |
98 | |
99 // Adds a single origin to the whitelist. | |
100 void add(RefPtr<SecurityOrigin>); | |
101 | |
102 // Adds all origins to the whitelist. | |
103 void addAll(); | |
104 | |
105 // Returns true if the given origin has been added to the whitelist. | |
106 bool contains(const SecurityOrigin*) const; | |
107 String toString(); | |
108 | |
109 DEFINE_INLINE_VIRTUAL_TRACE() {} | |
110 | |
111 private: | |
112 bool m_matchesAllOrigins; | |
113 Vector<RefPtr<SecurityOrigin>> m_origins; | |
114 }; | |
115 | |
116 explicit FeaturePolicy(PassRefPtr<SecurityOrigin>); | |
117 | |
118 // Parses a policy string into a set of whitelists for features. | |
119 HeapHashMap<const FeaturePolicyFeature*, Member<Whitelist>> parse( | |
120 const String&); | |
121 | |
122 RefPtr<SecurityOrigin> m_origin; | |
123 | |
124 // Records whether or not each feature was enabled for this frame by its | |
125 // parent frame. | |
126 // TODO(iclelland): Generate, instead of this map, a set of bool flags, one | |
127 // for each feature, as all features are supposed to be represented here. | |
128 HashMap<const FeaturePolicyFeature*, bool> m_inheritedFeatures; | |
129 | |
130 // Map of feature names to declared whitelists. Any feature which is missing | |
131 // from this map should use the inherited policy. | |
132 HeapHashMap<const FeaturePolicyFeature*, Member<Whitelist>> | |
133 m_declaredWhitelists; | |
134 | |
135 DISALLOW_COPY_AND_ASSIGN(FeaturePolicy); | |
136 }; | |
137 | |
138 } // namespace blink | |
139 | |
140 #endif // FeaturePolicy_h | |
OLD | NEW |