chrome/common/secure_origin_whitelist.h - Issue 2622693002: Cleanup of static lists of schemes & origins that are created at startup.

Side by Side Diff: chrome/common/secure_origin_whitelist.h

Issue 2622693002: Cleanup of static lists of schemes & origins that are created at startup. (Closed)

Patch Set: use struct Created 3 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« no previous file with comments | « chrome/common/chrome_content_client_ios.mm ('k') | chrome/common/secure_origin_whitelist.cc » ('j') | content/common/url_schemes.h » ('J')

OLD	NEW
1 // Copyright 2015 The Chromium Authors. All rights reserved.	1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef CHROME_COMMON_SECURE_ORIGIN_WHITELIST_H_	5 #ifndef CHROME_COMMON_SECURE_ORIGIN_WHITELIST_H_

6 #define CHROME_COMMON_SECURE_ORIGIN_WHITELIST_H_	6 #define CHROME_COMMON_SECURE_ORIGIN_WHITELIST_H_

7	7

8 #include <set>	8 #include <set>

	9 #include <string>

	10 #include <vector>

9	11

10 #include "url/gurl.h"	12 #include "url/gurl.h"

11	13

12 // \|origins\| is a return value parameter that gets a whitelist of origins that	14 // \|origins\| is a return value parameter that gets a whitelist of origins that

13 // need to be considered trustworthy. The whitelist is given by	15 // need to be considered trustworthy. The whitelist is given by

14 // kUnsafelyTreatInsecureOriginAsSecure command-line option.	16 // kUnsafelyTreatInsecureOriginAsSecure command-line option.

15 // See https://www.w3.org/TR/powerful-features/#is-origin-trustworthy.	17 // See https://www.w3.org/TR/powerful-features/#is-origin-trustworthy.

16 void GetSecureOriginWhitelist(std::set<GURL>* origins);	18 void GetSecureOriginWhitelist(std::vector<std::string>* origins);
	brettw 2017/01/10 18:58:17 Why did the type change to string? The results loo Why did the type change to string? The results look like they're just given to GURL constructor. If we're passing URLs around, I think they should be GURL objects. (vector change seems good) Optional: if we are changing this a return value is cleaner. Then in the caller you can even do: for (auto& origin : GetSecureOriginWhitelist()) ... jam 2017/01/10 19:16:33 This is for consistency with all the other paramet Show quoted text On 2017/01/10 18:58:17, brettw (ping after 24h) wrote: > Why did the type change to string? The results look like they're just given to > GURL constructor. If we're passing URLs around, I think they should be GURL > objects. (vector change seems good) This is for consistency with all the other parameters to the ContentClient method which are strings. Since the source data for all these parameters are string constants, it didn't seem to matter whether the caller wraps it with a GURL or the receiver does it in this one case. Show quoted text > > Optional: if we are changing this a return value is cleaner. Then in the caller > you can even do: > for (auto& origin : GetSecureOriginWhitelist()) ... changed to return value and the method below while i was at it brettw 2017/01/10 20:19:45 But the other things in the list are schemes which But the other things in the list are schemes which aren't URLs. In fact, when I saw the Schemes object and that one of them was listed as "origins", I questioned what exactly that meant. Is it canonical? Does it have a slash after the host name? What can you compare it to? Sending as a GURL resolves all of these questions with no documentation. jam 2017/01/10 21:01:37 ok, done Show quoted text On 2017/01/10 20:19:45, brettw (ping after 24h) wrote: > But the other things in the list are schemes which aren't URLs. In fact, when I > saw the Schemes object and that one of them was listed as "origins", I > questioned what exactly that meant. Is it canonical? Does it have a slash after > the host name? What can you compare it to? > > Sending as a GURL resolves all of these questions with no documentation. ok, done
17	19

18 // \|schemes\| is a return value parameter that gets a whitelist of schemes that	20 // \|schemes\| is a return value parameter that gets a whitelist of schemes that

19 // should bypass the Is Privileged Context check.	21 // should bypass the Is Privileged Context check.

20 // See http://www.w3.org/TR/powerful-features/#settings-privileged	22 // See http://www.w3.org/TR/powerful-features/#settings-privileged

21 void GetSchemesBypassingSecureContextCheckWhitelist(	23 void GetSchemesBypassingSecureContextCheckWhitelist(

22 std::set<std::string>* schemes);	24 std::set<std::string>* schemes);

23	25

24 #endif // CHROME_COMMON_SECURE_ORIGIN_WHITELIST_H_	26 #endif // CHROME_COMMON_SECURE_ORIGIN_WHITELIST_H_

OLD	NEW