Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(21)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/platform/weborigin/SecurityPolicy.cpp

Issue 2278823004: Stop supporting legacy keywords in Referrer-Policy header (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: jochen comment Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/platform/weborigin/SecurityPolicy.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Google Inc. All rights reserved. 2 * Copyright (C) 2011 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 7 *
8 * 1. Redistributions of source code must retain the above copyright 8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright 10 * 2. Redistributions in binary form must reproduce the above copyright
(...skipping 28 matching lines...) Expand all
39 #include "wtf/Threading.h" 39 #include "wtf/Threading.h"
40 #include "wtf/text/StringHash.h" 40 #include "wtf/text/StringHash.h"
41 #include <memory> 41 #include <memory>
42 42
43 namespace blink { 43 namespace blink {
44 44
45 using OriginAccessWhiteList = Vector<OriginAccessEntry>; 45 using OriginAccessWhiteList = Vector<OriginAccessEntry>;
46 using OriginAccessMap = HashMap<String, std::unique_ptr<OriginAccessWhiteList>>; 46 using OriginAccessMap = HashMap<String, std::unique_ptr<OriginAccessWhiteList>>;
47 using OriginSet = HashSet<String>; 47 using OriginSet = HashSet<String>;
48 48
49 enum ReferrerPolicyLegacyKeywordsSupport {
50 SupportReferrerPolicyLegacyKeywords,
51 DoNotSupportReferrerPolicyLegacyKeywords,
52 };
53
49 static OriginAccessMap& originAccessMap() 54 static OriginAccessMap& originAccessMap()
50 { 55 {
51 DEFINE_STATIC_LOCAL(OriginAccessMap, originAccessMap, ()); 56 DEFINE_STATIC_LOCAL(OriginAccessMap, originAccessMap, ());
52 return originAccessMap; 57 return originAccessMap;
53 } 58 }
54 59
55 static OriginSet& trustworthyOriginSet() 60 static OriginSet& trustworthyOriginSet()
56 { 61 {
57 DEFINE_STATIC_LOCAL(OriginSet, trustworthyOriginSet, ()); 62 DEFINE_STATIC_LOCAL(OriginSet, trustworthyOriginSet, ());
58 return trustworthyOriginSet; 63 return trustworthyOriginSet;
59 } 64 }
60 65
66 static bool referrerPolicyFromStringImpl(const String& policy, ReferrerPolicyLeg acyKeywordsSupport legacyKeywordsSupport, ReferrerPolicy* result)
67 {
68 DCHECK(!policy.isNull());
69 bool supportLegacyKeywords = (legacyKeywordsSupport == SupportReferrerPolicy LegacyKeywords);
70
71 if (equalIgnoringCase(policy, "no-referrer") || (supportLegacyKeywords && eq ualIgnoringCase(policy, "never"))) {
72 *result = ReferrerPolicyNever;
73 return true;
74 }
75 if (equalIgnoringCase(policy, "unsafe-url") || (supportLegacyKeywords && equ alIgnoringCase(policy, "always"))) {
76 *result = ReferrerPolicyAlways;
77 return true;
78 }
79 if (equalIgnoringCase(policy, "origin")) {
80 *result = ReferrerPolicyOrigin;
81 return true;
82 }
83 if (equalIgnoringCase(policy, "origin-when-cross-origin") || (supportLegacyK eywords && equalIgnoringCase(policy, "origin-when-crossorigin"))) {
84 *result = ReferrerPolicyOriginWhenCrossOrigin;
85 return true;
86 }
87 if (equalIgnoringCase(policy, "no-referrer-when-downgrade") || (supportLegac yKeywords && equalIgnoringCase(policy, "default"))) {
88 *result = ReferrerPolicyNoReferrerWhenDowngrade;
89 return true;
90 }
91 return false;
92 }
93
61 void SecurityPolicy::init() 94 void SecurityPolicy::init()
62 { 95 {
63 originAccessMap(); 96 originAccessMap();
64 trustworthyOriginSet(); 97 trustworthyOriginSet();
65 } 98 }
66 99
67 bool SecurityPolicy::shouldHideReferrer(const KURL& url, const String& referrer) 100 bool SecurityPolicy::shouldHideReferrer(const KURL& url, const String& referrer)
68 { 101 {
69 bool referrerIsSecureURL = protocolIs(referrer, "https"); 102 bool referrerIsSecureURL = protocolIs(referrer, "https");
70 String scheme = KURL(KURL(), referrer).protocol(); 103 String scheme = KURL(KURL(), referrer).protocol();
(...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after
218 } 251 }
219 252
220 void SecurityPolicy::resetOriginAccessWhitelists() 253 void SecurityPolicy::resetOriginAccessWhitelists()
221 { 254 {
222 ASSERT(isMainThread()); 255 ASSERT(isMainThread());
223 originAccessMap().clear(); 256 originAccessMap().clear();
224 } 257 }
225 258
226 bool SecurityPolicy::referrerPolicyFromString(const String& policy, ReferrerPoli cy* result) 259 bool SecurityPolicy::referrerPolicyFromString(const String& policy, ReferrerPoli cy* result)
227 { 260 {
228 ASSERT(!policy.isNull()); 261 return referrerPolicyFromStringImpl(policy, DoNotSupportReferrerPolicyLegacy Keywords, result);
262 }
229 263
230 if (equalIgnoringCase(policy, "no-referrer") || equalIgnoringCase(policy, "n ever")) { 264 bool SecurityPolicy::referrerPolicyFromStringWithLegacyKeywords(const String& po licy, ReferrerPolicy* result)
231 *result = ReferrerPolicyNever; 265 {
232 return true; 266 return referrerPolicyFromStringImpl(policy, SupportReferrerPolicyLegacyKeywo rds, result);
233 }
234 if (equalIgnoringCase(policy, "unsafe-url") || equalIgnoringCase(policy, "al ways")) {
235 *result = ReferrerPolicyAlways;
236 return true;
237 }
238 if (equalIgnoringCase(policy, "origin")) {
239 *result = ReferrerPolicyOrigin;
240 return true;
241 }
242 if (equalIgnoringCase(policy, "origin-when-cross-origin") || equalIgnoringCa se(policy, "origin-when-crossorigin")) {
243 *result = ReferrerPolicyOriginWhenCrossOrigin;
244 return true;
245 }
246 if (equalIgnoringCase(policy, "no-referrer-when-downgrade") || equalIgnoring Case(policy, "default")) {
247 *result = ReferrerPolicyNoReferrerWhenDowngrade;
248 return true;
249 }
250 return false;
251 } 267 }
252 268
253 } // namespace blink 269 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/platform/weborigin/SecurityPolicy.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698