OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef FeaturePolicy_h | |
6 #define FeaturePolicy_h | |
7 | |
8 #include "platform/PlatformExport.h" | |
9 #include "platform/weborigin/SecurityOrigin.h" | |
10 #include "wtf/RefPtr.h" | |
11 #include "wtf/Vector.h" | |
12 #include "wtf/text/WTFString.h" | |
13 | |
14 #include <memory> | |
15 | |
16 namespace blink { | |
17 | |
18 // The FeaturePolicyFeatureDefault enum defines the default enable state for a | |
19 // feature when neither it nor any parent frame have declared an explicit | |
20 // policy. The three possibilities map directly to Feature Policy Whitelist | |
21 // semantics. | |
22 enum class FeaturePolicyFeatureDefault { | |
23 // Equivalent to []. The feature is never available by default, and can only | |
24 // be enabled by an explicit policy. | |
25 DisableForAll, | |
26 | |
27 // Equivalent to ["self"]. The feature is enabled for top-level frames, and | |
28 // their same-origin children. It must be explicitly delegated to cross-origin | |
29 // child frames. | |
raymes
2016/10/23 23:31:05
Preface: Since this is just comments I don't feel
iclelland
2016/10/24 05:14:32
Thanks, I'll incorporate that -- I think it may ma
| |
30 EnableForSelf, | |
31 | |
32 // Equivalent to ["*"]. The feature is enabled by default for all frames. | |
33 EnableForAll | |
34 }; | |
35 | |
36 // The FeaturePolicyFeature struct is used to define all features under control | |
37 // of Feature Policy. There should only be one instance of this struct for any | |
38 // given feature (declared below). | |
39 struct FeaturePolicyFeature { | |
raymes
2016/10/23 23:31:05
nit (optional): if we move the enum above and this
iclelland
2016/10/24 05:14:32
Done.
| |
40 // The name of the feature, as it should appear in a policy string | |
41 const char* featureName; | |
42 | |
43 // Controls whether the feature should be available in the platform by | |
44 // default, in the absence of any declared policy. | |
45 FeaturePolicyFeatureDefault defaultPolicy; | |
46 }; | |
47 | |
48 // Declarations for all features currently under control of the Feature Policy | |
49 // mechanism should be placed here. | |
50 extern const PLATFORM_EXPORT FeaturePolicyFeature kDocumentCookie; | |
51 extern const PLATFORM_EXPORT FeaturePolicyFeature kDocumentDomain; | |
52 extern const PLATFORM_EXPORT FeaturePolicyFeature kDocumentWrite; | |
53 extern const PLATFORM_EXPORT FeaturePolicyFeature kGeolocationFeature; | |
54 extern const PLATFORM_EXPORT FeaturePolicyFeature kMidiFeature; | |
55 extern const PLATFORM_EXPORT FeaturePolicyFeature kNotificationsFeature; | |
56 extern const PLATFORM_EXPORT FeaturePolicyFeature kPaymentFeature; | |
57 extern const PLATFORM_EXPORT FeaturePolicyFeature kPushFeature; | |
58 extern const PLATFORM_EXPORT FeaturePolicyFeature kSyncScript; | |
59 extern const PLATFORM_EXPORT FeaturePolicyFeature kSyncXHR; | |
60 extern const PLATFORM_EXPORT FeaturePolicyFeature kUsermedia; | |
61 extern const PLATFORM_EXPORT FeaturePolicyFeature kVibrateFeature; | |
62 extern const PLATFORM_EXPORT FeaturePolicyFeature kWebRTC; | |
63 | |
64 using FeatureList = const Vector<const FeaturePolicyFeature*>; | |
65 | |
66 class PLATFORM_EXPORT FeaturePolicy final { | |
67 public: | |
68 // Represents a collection of origins which make up a whitelist in a feature | |
69 // policy. This collection may be set to match every origin (corresponding to | |
70 // the "*" syntax in the policy string, in which case the contains() method | |
71 // will always return true. | |
72 class Whitelist final { | |
73 public: | |
74 Whitelist(); | |
75 | |
76 // Adds a single origin to the whitelist. | |
77 void add(RefPtr<SecurityOrigin>); | |
78 | |
79 // Adds all origins to the whitelist. | |
80 void addAll(); | |
81 | |
82 // Returns true if the given origin has been added to the whitelist. | |
83 bool contains(const SecurityOrigin&) const; | |
84 String toString(); | |
85 | |
86 private: | |
87 bool m_matchesAllOrigins; | |
88 Vector<RefPtr<SecurityOrigin>> m_origins; | |
89 }; | |
90 | |
91 static FeaturePolicy* createFromParentPolicy(const FeaturePolicy* parent, | |
92 RefPtr<SecurityOrigin>, | |
93 FeatureList& features); | |
raymes
2016/10/23 23:31:05
Is this just for testing? It might be better to ma
iclelland
2016/10/24 05:14:32
Yes, this interface is just for testing, although
| |
94 | |
95 static FeaturePolicy* createFromParentPolicy(const FeaturePolicy* parent, | |
96 RefPtr<SecurityOrigin>); | |
97 | |
98 // Sets the declared policy from the Feature-Policy HTTP header. If the header | |
99 // cannot be parsed, errors will be appended to the |messages| vector. | |
100 void setHeaderPolicy(const String&, Vector<String>& messages); | |
101 | |
102 // Returns whether or not the given feature is enabled by this policy. | |
103 bool isFeatureEnabledForOrigin(const FeaturePolicyFeature*, | |
104 const SecurityOrigin&) const; | |
105 | |
106 // Returns whether or not the given feature is enabled for the frame that owns | |
107 // the policy. | |
108 bool isFeatureEnabled(const FeaturePolicyFeature*) const; | |
109 | |
110 // Returns the list of features which can be controlled by Feature Policy. | |
111 static FeatureList& getDefaultFeatureList(); | |
112 | |
113 String toString(); | |
114 | |
115 private: | |
116 FeaturePolicy(RefPtr<SecurityOrigin>, FeatureList& features); | |
117 | |
118 // Parses a policy string into a set of whitelists for features. | |
119 HashMap<const FeaturePolicyFeature*, std::unique_ptr<Whitelist>> parse( | |
120 const String&); | |
121 | |
122 RefPtr<SecurityOrigin> m_origin; | |
123 | |
124 // Records whether or not each feature was enabled for this frame by its | |
125 // parent frame. | |
126 // TODO(iclelland): Generate, instead of this map, a set of bool flags, one | |
127 // for each feature, as all features are supposed to be represented here. | |
128 HashMap<const FeaturePolicyFeature*, bool> m_inheritedFeatures; | |
129 | |
130 // Map of feature names to declared whitelists. Any feature which is missing | |
131 // from this map should use the inherited policy. | |
132 HashMap<const FeaturePolicyFeature*, std::unique_ptr<Whitelist>> | |
133 m_headerWhitelists; | |
134 | |
135 // Contains the set of all features which can be controlled by this policy. | |
136 FeatureList& m_features; | |
137 | |
138 DISALLOW_COPY_AND_ASSIGN(FeaturePolicy); | |
139 }; | |
140 | |
141 } // namespace blink | |
142 | |
143 #endif // FeaturePolicy_h | |
OLD | NEW |