OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2010 Apple Inc. All Rights Reserved. | 2 * Copyright (C) 2010 Apple Inc. All Rights Reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
11 * documentation and/or other materials provided with the distribution. | 11 * documentation and/or other materials provided with the distribution. |
12 * | 12 * |
13 * THIS SOFTWARE IS PROVIDED BY APPLE, INC. ``AS IS'' AND ANY | 13 * THIS SOFTWARE IS PROVIDED BY APPLE, INC. ``AS IS'' AND ANY |
14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | 15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR | 16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR |
17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, | 17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, | 18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | 19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR |
20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY | 20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
24 * | 24 * |
25 */ | 25 */ |
26 | 26 |
27 #include "platform/weborigin/SchemeRegistry.h" | 27 #include "platform/weborigin/SchemeRegistry.h" |
28 | 28 |
| 29 #include "url/url_util.h" |
29 #include "wtf/ThreadSpecific.h" | 30 #include "wtf/ThreadSpecific.h" |
30 #include "wtf/Threading.h" | 31 #include "wtf/Threading.h" |
31 #include "wtf/ThreadingPrimitives.h" | 32 #include "wtf/ThreadingPrimitives.h" |
32 #include "wtf/text/StringBuilder.h" | 33 #include "wtf/text/StringBuilder.h" |
33 | 34 |
34 namespace blink { | 35 namespace blink { |
35 | 36 |
36 namespace { | 37 namespace { |
37 | 38 |
38 class URLSchemesRegistry final { | 39 class URLSchemesRegistry final { |
39 public: | 40 public: |
40 URLSchemesRegistry() | 41 URLSchemesRegistry() |
41 : localSchemes({"file"}), | 42 : emptyDocumentSchemes({"about"}), |
42 secureSchemes({"https", "about", "data", "wss"}), | |
43 schemesWithUniqueOrigins({"about", "javascript", "data"}), | |
44 emptyDocumentSchemes({"about"}), | |
45 CORSEnabledSchemes({"http", "https", "data"}), | |
46 // For ServiceWorker schemes: HTTP is required because http://localhost | 43 // For ServiceWorker schemes: HTTP is required because http://localhost |
47 // is considered secure. Additional checks are performed to ensure that | 44 // is considered secure. Additional checks are performed to ensure that |
48 // other http pages are filtered out. | 45 // other http pages are filtered out. |
49 serviceWorkerSchemes({"http", "https"}), | 46 serviceWorkerSchemes({"http", "https"}), |
50 fetchAPISchemes({"http", "https"}), | 47 fetchAPISchemes({"http", "https"}), |
51 allowedInReferrerSchemes({"http", "https"}) {} | 48 allowedInReferrerSchemes({"http", "https"}) { |
| 49 for (auto& scheme : url::GetLocalSchemes()) |
| 50 localSchemes.add(scheme.c_str()); |
| 51 for (auto& scheme : url::GetSecureSchemes()) |
| 52 secureSchemes.add(scheme.c_str()); |
| 53 for (auto& scheme : url::GetNoAccessSchemes()) |
| 54 schemesWithUniqueOrigins.add(scheme.c_str()); |
| 55 for (auto& scheme : url::GetCORSEnabledSchemes()) |
| 56 CORSEnabledSchemes.add(scheme.c_str()); |
| 57 } |
52 ~URLSchemesRegistry() = default; | 58 ~URLSchemesRegistry() = default; |
53 | 59 |
54 URLSchemesSet localSchemes; | 60 URLSchemesSet localSchemes; |
55 URLSchemesSet displayIsolatedURLSchemes; | 61 URLSchemesSet displayIsolatedURLSchemes; |
56 URLSchemesSet secureSchemes; | 62 URLSchemesSet secureSchemes; |
57 URLSchemesSet schemesWithUniqueOrigins; | 63 URLSchemesSet schemesWithUniqueOrigins; |
58 URLSchemesSet emptyDocumentSchemes; | 64 URLSchemesSet emptyDocumentSchemes; |
59 URLSchemesSet schemesForbiddenFromDomainRelaxation; | 65 URLSchemesSet schemesForbiddenFromDomainRelaxation; |
60 URLSchemesSet notAllowingJavascriptURLsSchemes; | 66 URLSchemesSet notAllowingJavascriptURLsSchemes; |
61 URLSchemesSet CORSEnabledSchemes; | 67 URLSchemesSet CORSEnabledSchemes; |
(...skipping 291 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
353 | 359 |
354 bool SchemeRegistry::schemeShouldBypassSecureContextCheck( | 360 bool SchemeRegistry::schemeShouldBypassSecureContextCheck( |
355 const String& scheme) { | 361 const String& scheme) { |
356 if (scheme.isEmpty()) | 362 if (scheme.isEmpty()) |
357 return false; | 363 return false; |
358 DCHECK_EQ(scheme, scheme.lower()); | 364 DCHECK_EQ(scheme, scheme.lower()); |
359 return getURLSchemesRegistry().secureContextBypassingSchemes.contains(scheme); | 365 return getURLSchemesRegistry().secureContextBypassingSchemes.contains(scheme); |
360 } | 366 } |
361 | 367 |
362 } // namespace blink | 368 } // namespace blink |
OLD | NEW |