Index: third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.h |
diff --git a/third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.h b/third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.h |
new file mode 100644 |
index 0000000000000000000000000000000000000000..147e32810cc81a11f325f3c12303acc7f820d764 |
--- /dev/null |
+++ b/third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.h |
@@ -0,0 +1,140 @@ |
+// Copyright 2016 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#ifndef FeaturePolicy_h |
+#define FeaturePolicy_h |
+ |
+#include "platform/PlatformExport.h" |
+#include "platform/heap/Handle.h" |
+#include "platform/weborigin/SecurityOrigin.h" |
+#include "wtf/RefPtr.h" |
+#include "wtf/Vector.h" |
+#include "wtf/text/WTFString.h" |
+ |
+namespace blink { |
+ |
+// The FeaturePolicyFeatureDefault enum defines the default enable state for a |
+// feature when neither it nor any parent frame have declared an explicit |
+// policy. The three possibilities map directly to Feature Policy Whitelist |
+// semantics. |
+enum FeaturePolicyFeatureDefault { |
+ // Equivalent to []. The feature is never available by default, and can only |
+ // be enabled by an explicit policy. |
+ kDisableFeatureForAllOrigins, |
+ |
+ // Equivalent to ["self"]. The feature is enabled for top-level frames, but |
raymes
2016/10/18 02:42:31
nit: I think "top-level" is a bit misleading, beca
iclelland
2016/10/19 12:51:55
I think that's the point, though -- it's not true
raymes
2016/10/19 23:47:36
I guess my main concern with the wording was that
iclelland
2016/10/21 13:38:25
The wording is wrong, now that I've given it some
|
+ // must be delegated to child frames in order for them to have access. |
+ kEnableFeatureForSelf, |
+ |
+ // Equivalent to ["*"]. The feature is enabled by default for all frames, but |
raymes
2016/10/18 02:42:31
all frames->for the current frame and all child fr
iclelland
2016/10/21 13:38:25
I don't think "the current frame" means anything w
|
+ // can be disabled through policy by any frame, at which point it cannot be |
+ // reenabled by any of that frame's children. |
raymes
2016/10/18 02:42:31
nit: these 2 lines are a little confusing. I think
iclelland
2016/10/21 13:38:25
Done.
|
+ kEnableFeatureForAllOrigins |
+}; |
+ |
+// The FeaturePolicyFeature struct is used to define all features under control |
+// of Feature Policy. There should only be one instance of this struct for any |
+// given feature (declared below.) |
raymes
2016/10/18 02:42:31
nit: declared below).
iclelland
2016/10/19 12:51:55
Done.
|
+struct FeaturePolicyFeature { |
+ // The name of the feature, as it should appear in a policy string |
+ const char* featureName; |
+ |
+ // Controls whether the feature should be available in the platform by |
+ // default, in the absence of any declared policy. |
+ FeaturePolicyFeatureDefault defaultPolicy; |
+}; |
+ |
+// Declarations for all features currently under control of the Feature Policy |
+// mechanism should be placed here. |
+extern const PLATFORM_EXPORT FeaturePolicyFeature kDocumentCookie; |
+extern const PLATFORM_EXPORT FeaturePolicyFeature kDocumentDomain; |
+extern const PLATFORM_EXPORT FeaturePolicyFeature kDocumentWrite; |
+extern const PLATFORM_EXPORT FeaturePolicyFeature kGeolocationFeature; |
+extern const PLATFORM_EXPORT FeaturePolicyFeature kMidiFeature; |
+extern const PLATFORM_EXPORT FeaturePolicyFeature kNotificationsFeature; |
+extern const PLATFORM_EXPORT FeaturePolicyFeature kPaymentFeature; |
+extern const PLATFORM_EXPORT FeaturePolicyFeature kPushFeature; |
+extern const PLATFORM_EXPORT FeaturePolicyFeature kSyncScript; |
+extern const PLATFORM_EXPORT FeaturePolicyFeature kSyncXHR; |
+extern const PLATFORM_EXPORT FeaturePolicyFeature kUsermedia; |
+extern const PLATFORM_EXPORT FeaturePolicyFeature kVibrateFeature; |
+extern const PLATFORM_EXPORT FeaturePolicyFeature kWebRTC; |
+ |
+class PLATFORM_EXPORT FeaturePolicy final |
+ : public GarbageCollectedFinalized<FeaturePolicy> { |
+ public: |
+ static FeaturePolicy* createFromParentPolicy(const FeaturePolicy* parent, |
+ RefPtr<SecurityOrigin>); |
+ |
+ // Adds a policy to a frame, taking into account any existing or default |
+ // policy which applies. |
+ void addPolicyFromString(const String& policy); |
+ |
+ // Returns whether or not the given feature is enabled by this policy. |
+ bool isFeatureEnabledForOrigin(const FeaturePolicyFeature*, |
+ const SecurityOrigin*) const; |
+ |
+ // Returns whether or not the given feature is enabled for the policy's |
raymes
2016/10/18 02:42:31
nit: for the origin of the frame that owns the pol
iclelland
2016/10/19 12:51:55
Done.
|
+ // origin. |
+ bool isFeatureEnabled(const FeaturePolicyFeature*) const; |
+ |
+ // Returns the global feature registry; the set of all features which can be |
+ // controlled by Feature Policy. |
+ static Vector<const FeaturePolicyFeature*>& getFeatureRegistry(); |
+ |
+ String toString(); |
+ |
+ DECLARE_VIRTUAL_TRACE(); |
+ |
+ private: |
+ // Represents a collection of origins which make up a whitelist in a feature |
+ // policy. This collection may be set to match every origin (corresponding to |
+ // the "*" syntax in the policy string, in which case the contains() method |
+ // will always return true. |
+ class Whitelist final : public GarbageCollectedFinalized<Whitelist> { |
+ public: |
+ Whitelist(); |
+ |
+ // Adds a single origin to the whitelist. |
+ void add(RefPtr<SecurityOrigin>); |
+ |
+ // Adds all origins to the whitelist. |
+ void addAll(); |
+ |
+ // Returns true if the given origin has been added to the whitelist. |
+ bool contains(const SecurityOrigin*) const; |
+ String toString(); |
+ |
+ DEFINE_INLINE_VIRTUAL_TRACE() {} |
+ |
+ private: |
+ bool m_matchesAllOrigins; |
+ Vector<RefPtr<SecurityOrigin>> m_origins; |
+ }; |
+ |
+ explicit FeaturePolicy(PassRefPtr<SecurityOrigin>); |
+ |
+ // Parses a policy string into a set of whitelists for features. |
+ HeapHashMap<const FeaturePolicyFeature*, Member<Whitelist>> parse( |
+ const String&); |
+ |
+ RefPtr<SecurityOrigin> m_origin; |
+ |
+ // Records whether or not each feature was enabled for this frame by its |
+ // parent frame. |
+ // TODO(iclelland): Generate, instead of this map, a set of bool flags, one |
+ // for each feature, as all features are supposed to be represented here. |
+ HashMap<const FeaturePolicyFeature*, bool> m_inheritedFeatures; |
+ |
+ // Map of feature names to declared whitelists. Any feature which is missing |
+ // from this map should use the inherited policy. |
+ HeapHashMap<const FeaturePolicyFeature*, Member<Whitelist>> |
+ m_declaredWhitelists; |
+ |
+ DISALLOW_COPY_AND_ASSIGN(FeaturePolicy); |
+}; |
+ |
+} // namespace blink |
+ |
+#endif // FeaturePolicy_h |