third_party/WebKit/Source/platform/weborigin/SchemeRegistry.cpp - Issue 2545443002: Cleanup multiple URLSchemesSet static variables

Side by Side Diff: third_party/WebKit/Source/platform/weborigin/SchemeRegistry.cpp

Issue 2545443002: Cleanup multiple URLSchemesSet static variables (Closed)

Patch Set: Created 4 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 2010 Apple Inc. All Rights Reserved.	2 * Copyright (C) 2010 Apple Inc. All Rights Reserved.

3 *	3 *

4 * Redistribution and use in source and binary forms, with or without	4 * Redistribution and use in source and binary forms, with or without

5 * modification, are permitted provided that the following conditions	5 * modification, are permitted provided that the following conditions

6 * are met:	6 * are met:

7 * 1. Redistributions of source code must retain the above copyright	7 * 1. Redistributions of source code must retain the above copyright

8 * notice, this list of conditions and the following disclaimer.	8 * notice, this list of conditions and the following disclaimer.

9 * 2. Redistributions in binary form must reproduce the above copyright	9 * 2. Redistributions in binary form must reproduce the above copyright

10 * notice, this list of conditions and the following disclaimer in the	10 * notice, this list of conditions and the following disclaimer in the

(...skipping 17 matching lines...) Expand all Loading...
28	28

29 #include "wtf/ThreadSpecific.h"	29 #include "wtf/ThreadSpecific.h"

30 #include "wtf/Threading.h"	30 #include "wtf/Threading.h"

31 #include "wtf/ThreadingPrimitives.h"	31 #include "wtf/ThreadingPrimitives.h"

32 #include "wtf/text/StringBuilder.h"	32 #include "wtf/text/StringBuilder.h"

33	33

34 namespace blink {	34 namespace blink {

35	35

36 namespace {	36 namespace {

37	37

38 void checkIsBeforeThreadCreated() {	38 struct URLSchemesRegistry final {

	39 URLSchemesRegistry()

	40 : localSchemes({"file"}),

	41 secureSchemes({"https", "about", "data", "wss"}),

	42 schemesWithUniqueOrigins({"about", "javascript", "data"}),

	43 emptyDocumentSchemes({"about"}),

	44 CORSEnabledSchemes({"http", "https", "data"}),

	45 // For ServiceWorker schemes: HTTP is required because http://localhost

	46 // is considered secure. Additional checks are performed to ensure that

	47 // other http pages are filtered out.

	48 serviceWorkerSchemes({"http", "https"}),

	49 allowedInReferrerSchemes({"http", "https"}) {}

	50 ~URLSchemesRegistry() = default;

	51

	52 URLSchemesSet localSchemes;

	53 URLSchemesSet displayIsolatedURLSchemes;

	54 URLSchemesSet secureSchemes;

	55 URLSchemesSet schemesWithUniqueOrigins;

	56 URLSchemesSet emptyDocumentSchemes;

	57 URLSchemesSet schemesForbiddenFromDomainRelaxation;

	58 URLSchemesSet notAllowingJavascriptURLsSchemes;

	59 URLSchemesSet CORSEnabledSchemes;

	60 URLSchemesSet serviceWorkerSchemes;

	61 URLSchemesSet fetchAPISchemes;

	62 URLSchemesSet firstPartyWhenTopLevelSchemes;

	63 URLSchemesMap<SchemeRegistry::PolicyAreas>

	64 contentSecurityPolicyBypassingSchemes;

	65 URLSchemesSet secureContextBypassingSchemes;

	66 URLSchemesSet allowedInReferrerSchemes;

	67

	68 private:

	69 friend const URLSchemesRegistry& getURLSchemesRegistry();

	70 friend URLSchemesRegistry& getMutableURLSchemesRegistry();
	Mike West 2016/11/30 10:27:33 If the struct has private members and friends, per If the struct has private members and friends, perhaps it should just be a class? kinuko 2016/12/01 05:53:23 Done. Show quoted text On 2016/11/30 10:27:33, Mike West (slow) wrote: > If the struct has private members and friends, perhaps it should just be a > class? Done.
	71

	72 static URLSchemesRegistry& getInstance() {
	Charlie Harrison 2016/11/30 13:24:27 To avoid needing friend functions or private metho To avoid needing friend functions or private methods, you could rename this method getMutableInstance(), make it public, and provide a second static method getInstance() which calls into this one. kinuko 2016/12/01 05:53:23 We want to call isBeforeThreadCreated check in mut Show quoted text On 2016/11/30 13:24:27, Charlie Harrison wrote: > To avoid needing friend functions or private methods, you could rename this > method getMutableInstance(), make it public, and provide a second static method > getInstance() which calls into this one. We want to call isBeforeThreadCreated check in mutable one but not in non-mutable one, so we can't simply/directly make the non-mutable one call the mutable one.
	73 DEFINE_STATIC_LOCAL(URLSchemesRegistry, schemes, ());

	74 return schemes;

	75 }

	76 };

	77

	78 const URLSchemesRegistry& getURLSchemesRegistry() {

	79 return URLSchemesRegistry::getInstance();

	80 }

	81

	82 URLSchemesRegistry& getMutableURLSchemesRegistry() {

39 #if DCHECK_IS_ON()	83 #if DCHECK_IS_ON()

40 DCHECK(WTF::isBeforeThreadCreated());	84 DCHECK(WTF::isBeforeThreadCreated());

41 #endif	85 #endif

	86 return URLSchemesRegistry::getInstance();

42 }	87 }

43	88

44 } // namespace	89 } // namespace

45	90

46 static URLSchemesSet& localURLSchemes() {	91 // Must be called before we create other threads to avoid racy static local

47 DEFINE_STATIC_LOCAL(URLSchemesSet, localSchemes, ());	92 // initialization.

48	93 void SchemeRegistry::initialize() {

49 if (localSchemes.isEmpty())	94 getURLSchemesRegistry();

50 localSchemes.add("file");

51

52 return localSchemes;

53 }

54

55 static URLSchemesSet& displayIsolatedURLSchemes() {

56 DEFINE_STATIC_LOCAL(URLSchemesSet, displayIsolatedSchemes, ());

57 return displayIsolatedSchemes;

58 }

59

60 static URLSchemesSet& secureSchemes() {

61 DEFINE_STATIC_LOCAL(URLSchemesSet, secureSchemes,

62 ({

63 "https", "about", "data", "wss",

64 }));

65 return secureSchemes;

66 }

67

68 static URLSchemesSet& schemesWithUniqueOrigins() {

69 DEFINE_STATIC_LOCAL(URLSchemesSet, schemesWithUniqueOrigins,

70 ({

71 "about", "javascript", "data",

72 }));

73 return schemesWithUniqueOrigins;

74 }

75

76 static URLSchemesSet& emptyDocumentSchemes() {

77 DEFINE_STATIC_LOCAL(URLSchemesSet, emptyDocumentSchemes, ({

78 "about",

79 }));

80 return emptyDocumentSchemes;

81 }

82

83 static HashSet<String>& schemesForbiddenFromDomainRelaxation() {

84 DEFINE_STATIC_LOCAL(HashSet<String>, schemes, ());

85 return schemes;

86 }

87

88 static URLSchemesSet& notAllowingJavascriptURLsSchemes() {

89 DEFINE_STATIC_LOCAL(URLSchemesSet, notAllowingJavascriptURLsSchemes, ());

90 return notAllowingJavascriptURLsSchemes;

91 }	95 }

92	96

93 void SchemeRegistry::registerURLSchemeAsLocal(const String& scheme) {	97 void SchemeRegistry::registerURLSchemeAsLocal(const String& scheme) {

94 checkIsBeforeThreadCreated();

95 DCHECK_EQ(scheme, scheme.lower());	98 DCHECK_EQ(scheme, scheme.lower());

96 localURLSchemes().add(scheme);	99 getMutableURLSchemesRegistry().localSchemes.add(scheme);

97 }

98

99 const URLSchemesSet& SchemeRegistry::localSchemes() {

100 return localURLSchemes();

101 }

102

103 static URLSchemesSet& CORSEnabledSchemes() {

104 DEFINE_STATIC_LOCAL(URLSchemesSet, CORSEnabledSchemes, ());

105

106 if (CORSEnabledSchemes.isEmpty()) {

107 CORSEnabledSchemes.add("http");

108 CORSEnabledSchemes.add("https");

109 CORSEnabledSchemes.add("data");

110 }

111

112 return CORSEnabledSchemes;

113 }

114

115 static URLSchemesSet& serviceWorkerSchemes() {

116 DEFINE_STATIC_LOCAL(URLSchemesSet, serviceWorkerSchemes, ());

117

118 if (serviceWorkerSchemes.isEmpty()) {

119 // HTTP is required because http://localhost is considered secure.

120 // Additional checks are performed to ensure that other http pages

121 // are filtered out.

122 serviceWorkerSchemes.add("http");

123 serviceWorkerSchemes.add("https");

124 }

125

126 return serviceWorkerSchemes;

127 }

128

129 static URLSchemesSet& fetchAPISchemes() {

130 DEFINE_STATIC_LOCAL(URLSchemesSet, fetchAPISchemes, ());

131

132 if (fetchAPISchemes.isEmpty()) {

133 fetchAPISchemes.add("http");

134 fetchAPISchemes.add("https");

135 }

136

137 return fetchAPISchemes;

138 }

139

140 static URLSchemesSet& firstPartyWhenTopLevelSchemes() {

141 DEFINE_STATIC_LOCAL(URLSchemesSet, firstPartyWhenTopLevelSchemes, ());

142 return firstPartyWhenTopLevelSchemes;

143 }

144

145 static URLSchemesMap<SchemeRegistry::PolicyAreas>&

146 ContentSecurityPolicyBypassingSchemes() {

147 DEFINE_STATIC_LOCAL(URLSchemesMap<SchemeRegistry::PolicyAreas>, schemes, ());

148 return schemes;

149 }

150

151 static URLSchemesSet& secureContextBypassingSchemes() {

152 DEFINE_STATIC_LOCAL(URLSchemesSet, secureContextBypassingSchemes, ());

153 return secureContextBypassingSchemes;

154 }

155

156 static URLSchemesSet& allowedInReferrerSchemes() {

157 DEFINE_STATIC_LOCAL(URLSchemesSet, allowedInReferrerSchemes, ());

158

159 if (allowedInReferrerSchemes.isEmpty()) {

160 allowedInReferrerSchemes.add("http");

161 allowedInReferrerSchemes.add("https");

162 }

163

164 return allowedInReferrerSchemes;

165 }

166

167 // All new maps should be added here. Must be called before we create other

168 // threads to avoid racy static local initialization.

169 void SchemeRegistry::initialize() {

170 localURLSchemes();

171 displayIsolatedURLSchemes();

172 secureSchemes();

173 schemesWithUniqueOrigins();

174 emptyDocumentSchemes();

175 schemesForbiddenFromDomainRelaxation();

176 notAllowingJavascriptURLsSchemes();

177 CORSEnabledSchemes();

178 serviceWorkerSchemes();

179 fetchAPISchemes();

180 firstPartyWhenTopLevelSchemes();

181 ContentSecurityPolicyBypassingSchemes();

182 secureContextBypassingSchemes();

183 allowedInReferrerSchemes();

184 }	100 }

185	101

186 bool SchemeRegistry::shouldTreatURLSchemeAsLocal(const String& scheme) {	102 bool SchemeRegistry::shouldTreatURLSchemeAsLocal(const String& scheme) {

187 DCHECK_EQ(scheme, scheme.lower());	103 DCHECK_EQ(scheme, scheme.lower());

188 if (scheme.isEmpty())	104 if (scheme.isEmpty())

189 return false;	105 return false;

190 return localURLSchemes().contains(scheme);	106 return getURLSchemesRegistry().localSchemes.contains(scheme);

191 }	107 }

192	108

193 void SchemeRegistry::registerURLSchemeAsNoAccess(const String& scheme) {	109 void SchemeRegistry::registerURLSchemeAsNoAccess(const String& scheme) {

194 checkIsBeforeThreadCreated();

195 DCHECK_EQ(scheme, scheme.lower());	110 DCHECK_EQ(scheme, scheme.lower());

196 schemesWithUniqueOrigins().add(scheme);	111 getMutableURLSchemesRegistry().schemesWithUniqueOrigins.add(scheme);

197 }	112 }

198	113

199 bool SchemeRegistry::shouldTreatURLSchemeAsNoAccess(const String& scheme) {	114 bool SchemeRegistry::shouldTreatURLSchemeAsNoAccess(const String& scheme) {

200 DCHECK_EQ(scheme, scheme.lower());	115 DCHECK_EQ(scheme, scheme.lower());

201 if (scheme.isEmpty())	116 if (scheme.isEmpty())

202 return false;	117 return false;

203 return schemesWithUniqueOrigins().contains(scheme);	118 return getURLSchemesRegistry().schemesWithUniqueOrigins.contains(scheme);

204 }	119 }

205	120

206 void SchemeRegistry::registerURLSchemeAsDisplayIsolated(const String& scheme) {	121 void SchemeRegistry::registerURLSchemeAsDisplayIsolated(const String& scheme) {

207 checkIsBeforeThreadCreated();

208 DCHECK_EQ(scheme, scheme.lower());	122 DCHECK_EQ(scheme, scheme.lower());

209 displayIsolatedURLSchemes().add(scheme);	123 getMutableURLSchemesRegistry().displayIsolatedURLSchemes.add(scheme);

210 }	124 }

211	125

212 bool SchemeRegistry::shouldTreatURLSchemeAsDisplayIsolated(	126 bool SchemeRegistry::shouldTreatURLSchemeAsDisplayIsolated(

213 const String& scheme) {	127 const String& scheme) {

214 DCHECK_EQ(scheme, scheme.lower());	128 DCHECK_EQ(scheme, scheme.lower());

215 if (scheme.isEmpty())	129 if (scheme.isEmpty())

216 return false;	130 return false;

217 return displayIsolatedURLSchemes().contains(scheme);	131 return getURLSchemesRegistry().displayIsolatedURLSchemes.contains(scheme);

218 }	132 }

219	133

220 bool SchemeRegistry::shouldTreatURLSchemeAsRestrictingMixedContent(	134 bool SchemeRegistry::shouldTreatURLSchemeAsRestrictingMixedContent(

221 const String& scheme) {	135 const String& scheme) {

222 DCHECK_EQ(scheme, scheme.lower());	136 DCHECK_EQ(scheme, scheme.lower());

223 return scheme == "https";	137 return scheme == "https";

224 }	138 }

225	139

226 void SchemeRegistry::registerURLSchemeAsSecure(const String& scheme) {	140 void SchemeRegistry::registerURLSchemeAsSecure(const String& scheme) {

227 checkIsBeforeThreadCreated();

228 DCHECK_EQ(scheme, scheme.lower());	141 DCHECK_EQ(scheme, scheme.lower());

229 secureSchemes().add(scheme);	142 getMutableURLSchemesRegistry().secureSchemes.add(scheme);

230 }	143 }

231	144

232 bool SchemeRegistry::shouldTreatURLSchemeAsSecure(const String& scheme) {	145 bool SchemeRegistry::shouldTreatURLSchemeAsSecure(const String& scheme) {

233 DCHECK_EQ(scheme, scheme.lower());	146 DCHECK_EQ(scheme, scheme.lower());

234 if (scheme.isEmpty())	147 if (scheme.isEmpty())

235 return false;	148 return false;

236 return secureSchemes().contains(scheme);	149 return getURLSchemesRegistry().secureSchemes.contains(scheme);

237 }	150 }

238	151

239 void SchemeRegistry::registerURLSchemeAsEmptyDocument(const String& scheme) {	152 void SchemeRegistry::registerURLSchemeAsEmptyDocument(const String& scheme) {

240 checkIsBeforeThreadCreated();

241 DCHECK_EQ(scheme, scheme.lower());	153 DCHECK_EQ(scheme, scheme.lower());

242 emptyDocumentSchemes().add(scheme);	154 getMutableURLSchemesRegistry().emptyDocumentSchemes.add(scheme);

243 }	155 }

244	156

245 bool SchemeRegistry::shouldLoadURLSchemeAsEmptyDocument(const String& scheme) {	157 bool SchemeRegistry::shouldLoadURLSchemeAsEmptyDocument(const String& scheme) {

246 DCHECK_EQ(scheme, scheme.lower());	158 DCHECK_EQ(scheme, scheme.lower());

247 if (scheme.isEmpty())	159 if (scheme.isEmpty())

248 return false;	160 return false;

249 return emptyDocumentSchemes().contains(scheme);	161 return getURLSchemesRegistry().emptyDocumentSchemes.contains(scheme);

250 }	162 }

251	163

252 void SchemeRegistry::setDomainRelaxationForbiddenForURLScheme(	164 void SchemeRegistry::setDomainRelaxationForbiddenForURLScheme(

253 bool forbidden,	165 bool forbidden,

254 const String& scheme) {	166 const String& scheme) {

255 checkIsBeforeThreadCreated();

256 DCHECK_EQ(scheme, scheme.lower());	167 DCHECK_EQ(scheme, scheme.lower());

257 if (scheme.isEmpty())	168 if (scheme.isEmpty())

258 return;	169 return;

259	170

260 if (forbidden)	171 if (forbidden) {

261 schemesForbiddenFromDomainRelaxation().add(scheme);	172 getMutableURLSchemesRegistry().schemesForbiddenFromDomainRelaxation.add(

262 else	173 scheme);

263 schemesForbiddenFromDomainRelaxation().remove(scheme);	174 } else {

	175 getMutableURLSchemesRegistry().schemesForbiddenFromDomainRelaxation.remove(

	176 scheme);

	177 }

264 }	178 }

265	179

266 bool SchemeRegistry::isDomainRelaxationForbiddenForURLScheme(	180 bool SchemeRegistry::isDomainRelaxationForbiddenForURLScheme(

267 const String& scheme) {	181 const String& scheme) {

268 DCHECK_EQ(scheme, scheme.lower());	182 DCHECK_EQ(scheme, scheme.lower());

269 if (scheme.isEmpty())	183 if (scheme.isEmpty())

270 return false;	184 return false;

271 return schemesForbiddenFromDomainRelaxation().contains(scheme);	185 return getURLSchemesRegistry().schemesForbiddenFromDomainRelaxation.contains(

	186 scheme);

272 }	187 }

273	188

274 bool SchemeRegistry::canDisplayOnlyIfCanRequest(const String& scheme) {	189 bool SchemeRegistry::canDisplayOnlyIfCanRequest(const String& scheme) {

275 DCHECK_EQ(scheme, scheme.lower());	190 DCHECK_EQ(scheme, scheme.lower());

276 return scheme == "blob" \|\| scheme == "filesystem";	191 return scheme == "blob" \|\| scheme == "filesystem";

277 }	192 }

278	193

279 void SchemeRegistry::registerURLSchemeAsNotAllowingJavascriptURLs(	194 void SchemeRegistry::registerURLSchemeAsNotAllowingJavascriptURLs(

280 const String& scheme) {	195 const String& scheme) {

281 checkIsBeforeThreadCreated();

282 DCHECK_EQ(scheme, scheme.lower());	196 DCHECK_EQ(scheme, scheme.lower());

283 notAllowingJavascriptURLsSchemes().add(scheme);	197 getMutableURLSchemesRegistry().notAllowingJavascriptURLsSchemes.add(scheme);

284 }	198 }

285	199

286 bool SchemeRegistry::shouldTreatURLSchemeAsNotAllowingJavascriptURLs(	200 bool SchemeRegistry::shouldTreatURLSchemeAsNotAllowingJavascriptURLs(

287 const String& scheme) {	201 const String& scheme) {

288 DCHECK_EQ(scheme, scheme.lower());	202 DCHECK_EQ(scheme, scheme.lower());

289 if (scheme.isEmpty())	203 if (scheme.isEmpty())

290 return false;	204 return false;

291 return notAllowingJavascriptURLsSchemes().contains(scheme);	205 return getURLSchemesRegistry().notAllowingJavascriptURLsSchemes.contains(

	206 scheme);

292 }	207 }

293	208

294 void SchemeRegistry::registerURLSchemeAsCORSEnabled(const String& scheme) {	209 void SchemeRegistry::registerURLSchemeAsCORSEnabled(const String& scheme) {

295 checkIsBeforeThreadCreated();

296 DCHECK_EQ(scheme, scheme.lower());	210 DCHECK_EQ(scheme, scheme.lower());

297 CORSEnabledSchemes().add(scheme);	211 getMutableURLSchemesRegistry().CORSEnabledSchemes.add(scheme);

298 }	212 }

299	213

300 bool SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(const String& scheme) {	214 bool SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(const String& scheme) {

301 DCHECK_EQ(scheme, scheme.lower());	215 DCHECK_EQ(scheme, scheme.lower());

302 if (scheme.isEmpty())	216 if (scheme.isEmpty())

303 return false;	217 return false;

304 return CORSEnabledSchemes().contains(scheme);	218 return getURLSchemesRegistry().CORSEnabledSchemes.contains(scheme);

305 }	219 }

306	220

307 String SchemeRegistry::listOfCORSEnabledURLSchemes() {	221 String SchemeRegistry::listOfCORSEnabledURLSchemes() {

308 StringBuilder builder;	222 StringBuilder builder;

309 bool addSeparator = false;	223 bool addSeparator = false;

310 for (const auto& scheme : CORSEnabledSchemes()) {	224 for (const auto& scheme : getURLSchemesRegistry().CORSEnabledSchemes) {

311 if (addSeparator)	225 if (addSeparator)

312 builder.append(", ");	226 builder.append(", ");

313 else	227 else

314 addSeparator = true;	228 addSeparator = true;

315	229

316 builder.append(scheme);	230 builder.append(scheme);

317 }	231 }

318 return builder.toString();	232 return builder.toString();

319 }	233 }

320	234

321 bool SchemeRegistry::shouldTreatURLSchemeAsLegacy(const String& scheme) {	235 bool SchemeRegistry::shouldTreatURLSchemeAsLegacy(const String& scheme) {

322 return scheme == "ftp" \|\| scheme == "gopher";	236 return scheme == "ftp" \|\| scheme == "gopher";

323 }	237 }

324	238

325 void SchemeRegistry::registerURLSchemeAsAllowingServiceWorkers(	239 void SchemeRegistry::registerURLSchemeAsAllowingServiceWorkers(

326 const String& scheme) {	240 const String& scheme) {

327 checkIsBeforeThreadCreated();

328 DCHECK_EQ(scheme, scheme.lower());	241 DCHECK_EQ(scheme, scheme.lower());

329 serviceWorkerSchemes().add(scheme);	242 getMutableURLSchemesRegistry().serviceWorkerSchemes.add(scheme);

330 }	243 }

331	244

332 bool SchemeRegistry::shouldTreatURLSchemeAsAllowingServiceWorkers(	245 bool SchemeRegistry::shouldTreatURLSchemeAsAllowingServiceWorkers(

333 const String& scheme) {	246 const String& scheme) {

334 DCHECK_EQ(scheme, scheme.lower());	247 DCHECK_EQ(scheme, scheme.lower());

335 if (scheme.isEmpty())	248 if (scheme.isEmpty())

336 return false;	249 return false;

337 return serviceWorkerSchemes().contains(scheme);	250 return getURLSchemesRegistry().serviceWorkerSchemes.contains(scheme);

338 }	251 }

339	252

340 void SchemeRegistry::registerURLSchemeAsSupportingFetchAPI(	253 void SchemeRegistry::registerURLSchemeAsSupportingFetchAPI(

341 const String& scheme) {	254 const String& scheme) {

342 checkIsBeforeThreadCreated();

343 DCHECK_EQ(scheme, scheme.lower());	255 DCHECK_EQ(scheme, scheme.lower());

344 fetchAPISchemes().add(scheme);	256 getMutableURLSchemesRegistry().fetchAPISchemes.add(scheme);

345 }	257 }

346	258

347 bool SchemeRegistry::shouldTreatURLSchemeAsSupportingFetchAPI(	259 bool SchemeRegistry::shouldTreatURLSchemeAsSupportingFetchAPI(

348 const String& scheme) {	260 const String& scheme) {

349 DCHECK_EQ(scheme, scheme.lower());	261 DCHECK_EQ(scheme, scheme.lower());

350 if (scheme.isEmpty())	262 if (scheme.isEmpty())

351 return false;	263 return false;

352 return fetchAPISchemes().contains(scheme);	264 return getURLSchemesRegistry().fetchAPISchemes.contains(scheme);

353 }	265 }

354	266

355 void SchemeRegistry::registerURLSchemeAsFirstPartyWhenTopLevel(	267 void SchemeRegistry::registerURLSchemeAsFirstPartyWhenTopLevel(

356 const String& scheme) {	268 const String& scheme) {

357 checkIsBeforeThreadCreated();

358 DCHECK_EQ(scheme, scheme.lower());	269 DCHECK_EQ(scheme, scheme.lower());

359 firstPartyWhenTopLevelSchemes().add(scheme);	270 getMutableURLSchemesRegistry().firstPartyWhenTopLevelSchemes.add(scheme);

360 }	271 }

361	272

362 void SchemeRegistry::removeURLSchemeAsFirstPartyWhenTopLevel(	273 void SchemeRegistry::removeURLSchemeAsFirstPartyWhenTopLevel(

363 const String& scheme) {	274 const String& scheme) {

364 checkIsBeforeThreadCreated();

365 DCHECK_EQ(scheme, scheme.lower());	275 DCHECK_EQ(scheme, scheme.lower());

366 firstPartyWhenTopLevelSchemes().remove(scheme);	276 getMutableURLSchemesRegistry().firstPartyWhenTopLevelSchemes.remove(scheme);

367 }	277 }

368	278

369 bool SchemeRegistry::shouldTreatURLSchemeAsFirstPartyWhenTopLevel(	279 bool SchemeRegistry::shouldTreatURLSchemeAsFirstPartyWhenTopLevel(

370 const String& scheme) {	280 const String& scheme) {

371 DCHECK_EQ(scheme, scheme.lower());	281 DCHECK_EQ(scheme, scheme.lower());

372 if (scheme.isEmpty())	282 if (scheme.isEmpty())

373 return false;	283 return false;

374 return firstPartyWhenTopLevelSchemes().contains(scheme);	284 return getURLSchemesRegistry().firstPartyWhenTopLevelSchemes.contains(scheme);

375 }	285 }

376	286

377 void SchemeRegistry::registerURLSchemeAsAllowedForReferrer(	287 void SchemeRegistry::registerURLSchemeAsAllowedForReferrer(

378 const String& scheme) {	288 const String& scheme) {

379 checkIsBeforeThreadCreated();

380 DCHECK_EQ(scheme, scheme.lower());	289 DCHECK_EQ(scheme, scheme.lower());

381 allowedInReferrerSchemes().add(scheme);	290 getMutableURLSchemesRegistry().allowedInReferrerSchemes.add(scheme);

382 }	291 }

383	292

384 void SchemeRegistry::removeURLSchemeAsAllowedForReferrer(const String& scheme) {	293 void SchemeRegistry::removeURLSchemeAsAllowedForReferrer(const String& scheme) {

385 checkIsBeforeThreadCreated();	294 getMutableURLSchemesRegistry().allowedInReferrerSchemes.remove(scheme);

386 allowedInReferrerSchemes().remove(scheme);

387 }	295 }

388	296

389 bool SchemeRegistry::shouldTreatURLSchemeAsAllowedForReferrer(	297 bool SchemeRegistry::shouldTreatURLSchemeAsAllowedForReferrer(

390 const String& scheme) {	298 const String& scheme) {

391 DCHECK_EQ(scheme, scheme.lower());	299 DCHECK_EQ(scheme, scheme.lower());

392 if (scheme.isEmpty())	300 if (scheme.isEmpty())

393 return false;	301 return false;

394 return allowedInReferrerSchemes().contains(scheme);	302 return getURLSchemesRegistry().allowedInReferrerSchemes.contains(scheme);

395 }	303 }

396	304

397 void SchemeRegistry::registerURLSchemeAsBypassingContentSecurityPolicy(	305 void SchemeRegistry::registerURLSchemeAsBypassingContentSecurityPolicy(

398 const String& scheme,	306 const String& scheme,

399 PolicyAreas policyAreas) {	307 PolicyAreas policyAreas) {

400 checkIsBeforeThreadCreated();

401 DCHECK_EQ(scheme, scheme.lower());	308 DCHECK_EQ(scheme, scheme.lower());

402 ContentSecurityPolicyBypassingSchemes().add(scheme, policyAreas);	309 getMutableURLSchemesRegistry().contentSecurityPolicyBypassingSchemes.add(

	310 scheme, policyAreas);

403 }	311 }

404	312

405 void SchemeRegistry::removeURLSchemeRegisteredAsBypassingContentSecurityPolicy(	313 void SchemeRegistry::removeURLSchemeRegisteredAsBypassingContentSecurityPolicy(

406 const String& scheme) {	314 const String& scheme) {

407 checkIsBeforeThreadCreated();

408 DCHECK_EQ(scheme, scheme.lower());	315 DCHECK_EQ(scheme, scheme.lower());

409 ContentSecurityPolicyBypassingSchemes().remove(scheme);	316 getMutableURLSchemesRegistry().contentSecurityPolicyBypassingSchemes.remove(

	317 scheme);

410 }	318 }

411	319

412 bool SchemeRegistry::schemeShouldBypassContentSecurityPolicy(	320 bool SchemeRegistry::schemeShouldBypassContentSecurityPolicy(

413 const String& scheme,	321 const String& scheme,

414 PolicyAreas policyAreas) {	322 PolicyAreas policyAreas) {

415 ASSERT(policyAreas != PolicyAreaNone);	323 ASSERT(policyAreas != PolicyAreaNone);

416 if (scheme.isEmpty() \|\| policyAreas == PolicyAreaNone)	324 if (scheme.isEmpty() \|\| policyAreas == PolicyAreaNone)

417 return false;	325 return false;

418	326

419 // get() returns 0 (PolicyAreaNone) if there is no entry in the map.	327 // get() returns 0 (PolicyAreaNone) if there is no entry in the map.

420 // Thus by default, schemes do not bypass CSP.	328 // Thus by default, schemes do not bypass CSP.

421 return (ContentSecurityPolicyBypassingSchemes().get(scheme) & policyAreas) ==	329 return (getURLSchemesRegistry().contentSecurityPolicyBypassingSchemes.get(

422 policyAreas;	330 scheme) &

	331 policyAreas) == policyAreas;

423 }	332 }

424	333

425 void SchemeRegistry::registerURLSchemeBypassingSecureContextCheck(	334 void SchemeRegistry::registerURLSchemeBypassingSecureContextCheck(

426 const String& scheme) {	335 const String& scheme) {

427 checkIsBeforeThreadCreated();

428 DCHECK_EQ(scheme, scheme.lower());	336 DCHECK_EQ(scheme, scheme.lower());

429 secureContextBypassingSchemes().add(scheme.lower());	337 getMutableURLSchemesRegistry().secureContextBypassingSchemes.add(

	338 scheme.lower());
	Charlie Harrison 2016/11/30 13:24:27 Remove call to lower(). Remove call to lower(). kinuko 2016/12/01 05:53:23 Done. Show quoted text On 2016/11/30 13:24:27, Charlie Harrison wrote: > Remove call to lower(). Done.
430 }	339 }

431	340

432 bool SchemeRegistry::schemeShouldBypassSecureContextCheck(	341 bool SchemeRegistry::schemeShouldBypassSecureContextCheck(

433 const String& scheme) {	342 const String& scheme) {

434 if (scheme.isEmpty())	343 if (scheme.isEmpty())

435 return false;	344 return false;

436 return secureContextBypassingSchemes().contains(scheme.lower());	345 return getURLSchemesRegistry().secureContextBypassingSchemes.contains(

	346 scheme.lower());
	Charlie Harrison 2016/11/30 13:24:27 Remove call to lower(), it is only called with a S Remove call to lower(), it is only called with a SecurityOrigin::protocol. Feel free to add a DCHECK here too that the input is lowercase. kinuko 2016/12/01 05:53:23 Done. Show quoted text On 2016/11/30 13:24:27, Charlie Harrison wrote: > Remove call to lower(), it is only called with a SecurityOrigin::protocol. Feel > free to add a DCHECK here too that the input is lowercase. Done.
437 }	347 }

438	348

439 } // namespace blink	349 } // namespace blink

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »