OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2007, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2007, 2008 Apple Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * | 7 * |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
139 // in an iframe or as an image). For example, web sites generally cannot | 139 // in an iframe or as an image). For example, web sites generally cannot |
140 // display content from the user's files system. | 140 // display content from the user's files system. |
141 bool canDisplay(const KURL&) const; | 141 bool canDisplay(const KURL&) const; |
142 | 142 |
143 // Returns true if the origin loads resources either from the local | 143 // Returns true if the origin loads resources either from the local |
144 // machine or over the network from a | 144 // machine or over the network from a |
145 // cryptographically-authenticated origin, as described in | 145 // cryptographically-authenticated origin, as described in |
146 // https://w3c.github.io/webappsec/specs/powerfulfeatures/#is-origin-trustwort
hy. | 146 // https://w3c.github.io/webappsec/specs/powerfulfeatures/#is-origin-trustwort
hy. |
147 bool isPotentiallyTrustworthy() const; | 147 bool isPotentiallyTrustworthy() const; |
148 | 148 |
149 // Returns a human-readable error message describing that a non-secure origin'
s access to a feature is denied. | 149 // Returns a human-readable error message describing that a non-secure |
| 150 // origin's access to a feature is denied. |
150 static String isPotentiallyTrustworthyErrorMessage(); | 151 static String isPotentiallyTrustworthyErrorMessage(); |
151 | 152 |
152 // Returns true if this SecurityOrigin can load local resources, such | 153 // Returns true if this SecurityOrigin can load local resources, such |
153 // as images, iframes, and style sheets, and can link to local URLs. | 154 // as images, iframes, and style sheets, and can link to local URLs. |
154 // For example, call this function before creating an iframe to a | 155 // For example, call this function before creating an iframe to a |
155 // file:// URL. | 156 // file:// URL. |
156 // | 157 // |
157 // Note: A SecurityOrigin might be allowed to load local resources | 158 // Note: A SecurityOrigin might be allowed to load local resources |
158 // without being able to issue an XMLHttpRequest for a local URL. | 159 // without being able to issue an XMLHttpRequest for a local URL. |
159 // To determine whether the SecurityOrigin can issue an | 160 // To determine whether the SecurityOrigin can issue an |
(...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
233 // Same as toString above, but ignores Suborigin, if present. This is | 234 // Same as toString above, but ignores Suborigin, if present. This is |
234 // generally not what you want. | 235 // generally not what you want. |
235 String toPhysicalOriginString() const; | 236 String toPhysicalOriginString() const; |
236 | 237 |
237 // Similar to toString(), but does not take into account any factors that | 238 // Similar to toString(), but does not take into account any factors that |
238 // could make the string return "null". | 239 // could make the string return "null". |
239 String toRawString() const; | 240 String toRawString() const; |
240 AtomicString toRawAtomicString() const; | 241 AtomicString toRawAtomicString() const; |
241 | 242 |
242 // This method checks for equality, ignoring the value of document.domain | 243 // This method checks for equality, ignoring the value of document.domain |
243 // (and whether it was set) but considering the host. It is used for postMessa
ge. | 244 // (and whether it was set) but considering the host. It is used for |
| 245 // postMessage. |
244 bool isSameSchemeHostPort(const SecurityOrigin*) const; | 246 bool isSameSchemeHostPort(const SecurityOrigin*) const; |
245 bool isSameSchemeHostPortAndSuborigin(const SecurityOrigin*) const; | 247 bool isSameSchemeHostPortAndSuborigin(const SecurityOrigin*) const; |
246 | 248 |
247 static const KURL& urlWithUniqueSecurityOrigin(); | 249 static const KURL& urlWithUniqueSecurityOrigin(); |
248 | 250 |
249 // Transfer origin privileges from another security origin. | 251 // Transfer origin privileges from another security origin. |
250 // The following privileges are currently copied over: | 252 // The following privileges are currently copied over: |
251 // | 253 // |
252 // - Grant universal access. | 254 // - Grant universal access. |
253 // - Grant loading of local resources. | 255 // - Grant loading of local resources. |
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
295 bool m_universalAccess; | 297 bool m_universalAccess; |
296 bool m_domainWasSetInDOM; | 298 bool m_domainWasSetInDOM; |
297 bool m_canLoadLocalResources; | 299 bool m_canLoadLocalResources; |
298 bool m_blockLocalAccessFromLocalOrigin; | 300 bool m_blockLocalAccessFromLocalOrigin; |
299 bool m_isUniqueOriginPotentiallyTrustworthy; | 301 bool m_isUniqueOriginPotentiallyTrustworthy; |
300 }; | 302 }; |
301 | 303 |
302 } // namespace blink | 304 } // namespace blink |
303 | 305 |
304 #endif // SecurityOrigin_h | 306 #endif // SecurityOrigin_h |
OLD | NEW |