| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef FeaturePolicy_h | 5 #ifndef FeaturePolicy_h |
| 6 #define FeaturePolicy_h | 6 #define FeaturePolicy_h |
| 7 | 7 |
| 8 #include "platform/PlatformExport.h" | 8 #include "platform/PlatformExport.h" |
| 9 #include "platform/weborigin/SecurityOrigin.h" | 9 #include "platform/weborigin/SecurityOrigin.h" |
| 10 #include "public/platform/WebFeaturePolicy.h" | 10 #include "public/platform/WebFeaturePolicy.h" |
| 11 #include "wtf/RefPtr.h" | 11 #include "wtf/RefPtr.h" |
| 12 #include "wtf/Vector.h" | 12 #include "wtf/Vector.h" |
| 13 #include "wtf/text/WTFString.h" | 13 #include "wtf/text/WTFString.h" |
| 14 | 14 |
| 15 #include <memory> | 15 #include <memory> |
| 16 | 16 |
| 17 namespace blink { | 17 namespace blink { |
| 18 | 18 |
| 19 // Feature Policy is a mechanism for controlling the availability of web | 19 // Converts a JSON feature policy string into a vector of whitelists, one for |
| 20 // platform features in a frame, including all embedded frames. It can be used | 20 // each feature specified. Unrecognized features are parsed and included |
| 21 // to remove features, automatically refuse API permission requests, or modify | 21 // but will be filtered out when the policy is constructed. If |messages| is |
| 22 // the behaviour of features. (The specific changes which are made depend on the | 22 // not null, then any errors in the input will cause an error message to be |
| 23 // feature; see the specification for details). | 23 // appended to it. |
| 24 // | 24 PLATFORM_EXPORT WebParsedFeaturePolicyHeader |
| 25 // Policies can be defined in the HTTP header stream, with the |Feature-Policy| | 25 parseFeaturePolicy(const String& policy, |
| 26 // HTTP header, or can be set by |enable| and |disable| attributes on the iframe | 26 RefPtr<SecurityOrigin>, |
| 27 // element which embeds the document. | 27 Vector<String>* messages); |
| 28 // | |
| 29 // See https://wicg.github.io/FeaturePolicy/ | |
| 30 // | |
| 31 // Key concepts: | |
| 32 // | |
| 33 // Features | |
| 34 // -------- | |
| 35 // Features which can be controlled by policy are defined as instances of the | |
| 36 // FeaturePoliicy::Feature struct. The features are referenced by pointer, so | |
| 37 // only a single instance of each feature should be defined. The features which | |
| 38 // are declared in the feature policy specification are all defined in | |
| 39 // |FeaturePolicy.cpp|. | |
| 40 // | |
| 41 // Whitelists | |
| 42 // ---------- | |
| 43 // Policies are defined as a mapping of feaure names to whitelists. Whitelists | |
| 44 // are collections of origins, although two special terms can be used when | |
| 45 // declaring them: | |
| 46 // "self" refers to the orgin of the frame which is declaring the policy. | |
| 47 // "*" refers to all origins; any origin will match a whitelist which contains | |
| 48 // it. | |
| 49 // | |
| 50 // Defaults | |
| 51 // -------- | |
| 52 // Each defined feature has a default policy, which determines whether the | |
| 53 // feature is available when no policy has been declared, ans determines how the | |
| 54 // feature is inherited across origin boundaries. | |
| 55 // | |
| 56 // If the default policy is in effect for a frame, then it controls how the | |
| 57 // feature is inherited by any cross-origin iframes embedded by the frame. (See | |
| 58 // the comments below in FeaturePolicy::DefaultPolicy for specifics) | |
| 59 // | |
| 60 // Policy Inheritance | |
| 61 // ------------------ | |
| 62 // Policies in effect for a frame are inherited by any child frames it embeds. | |
| 63 // Unless another policy is declared in the child, all same-origin children will | |
| 64 // receive the same set of enables features as the parent frame. Whether or not | |
| 65 // features are inherited by cross-origin iframes without an explicit policy is | |
| 66 // determined by the feature's default policy. (Again, see the comments in | |
| 67 // FeaturePolicy::DefaultPolicy for details) | |
| 68 | |
| 69 class PLATFORM_EXPORT FeaturePolicy final { | |
| 70 public: | |
| 71 // Represents a collection of origins which make up a whitelist in a feature | |
| 72 // policy. This collection may be set to match every origin (corresponding to | |
| 73 // the "*" syntax in the policy string, in which case the contains() method | |
| 74 // will always return true. | |
| 75 class Whitelist final { | |
| 76 public: | |
| 77 static std::unique_ptr<Whitelist> from( | |
| 78 const WebFeaturePolicy::ParsedWhitelist&); | |
| 79 | |
| 80 Whitelist(); | |
| 81 | |
| 82 // Adds a single origin to the whitelist. | |
| 83 void add(RefPtr<SecurityOrigin>); | |
| 84 | |
| 85 // Adds all origins to the whitelist. | |
| 86 void addAll(); | |
| 87 | |
| 88 // Returns true if the given origin has been added to the whitelist. | |
| 89 bool contains(const SecurityOrigin&) const; | |
| 90 String toString(); | |
| 91 | |
| 92 private: | |
| 93 bool m_matchesAllOrigins; | |
| 94 Vector<RefPtr<SecurityOrigin>> m_origins; | |
| 95 }; | |
| 96 | |
| 97 // The FeaturePolicy::FeatureDefault enum defines the default enable state for | |
| 98 // a feature when neither it nor any parent frame have declared an explicit | |
| 99 // policy. The three possibilities map directly to Feature Policy Whitelist | |
| 100 // semantics. | |
| 101 enum class FeatureDefault { | |
| 102 // Equivalent to []. If this default policy is in effect for a frame, then | |
| 103 // the feature will not be enabled for that frame or any of its children. | |
| 104 DisableForAll, | |
| 105 | |
| 106 // Equivalent to ["self"]. If this default policy is in effect for a frame, | |
| 107 // then the feature will be enabled for that frame, and any same-origin | |
| 108 // child frames, but not for any cross-origin child frames. | |
| 109 EnableForSelf, | |
| 110 | |
| 111 // Equivalent to ["*"]. If in effect for a frame, then the feature is | |
| 112 // enabled for that frame and all of its children. | |
| 113 EnableForAll | |
| 114 }; | |
| 115 | |
| 116 // The FeaturePolicy::Feature struct is used to define all features under | |
| 117 // control of Feature Policy. There should only be one instance of this struct | |
| 118 // for any given feature (declared below). | |
| 119 struct Feature { | |
| 120 // The name of the feature, as it should appear in a policy string | |
| 121 const char* const featureName; | |
| 122 | |
| 123 // Controls whether the feature should be available in the platform by | |
| 124 // default, in the absence of any declared policy. | |
| 125 FeatureDefault defaultPolicy; | |
| 126 }; | |
| 127 | |
| 128 using FeatureList = const Vector<const FeaturePolicy::Feature*>; | |
| 129 | |
| 130 // Converts a JSON feature policy string into a vector of whitelists, one for | |
| 131 // each feature specified. Unrecognized features are parsed and included | |
| 132 // but will be filtered out when the policy is constructed. If |messages| is | |
| 133 // not null, then any errors in the input will cause an error message to be | |
| 134 // appended to it. | |
| 135 static WebParsedFeaturePolicy parseFeaturePolicy(const String& policy, | |
| 136 RefPtr<SecurityOrigin>, | |
| 137 Vector<String>* messages); | |
| 138 | |
| 139 static std::unique_ptr<FeaturePolicy> createFromParentPolicy( | |
| 140 const FeaturePolicy* parent, | |
| 141 RefPtr<SecurityOrigin>); | |
| 142 | |
| 143 // Sets the declared policy from the parsed Feature-Policy HTTP header. | |
| 144 // Unrecognized features will be ignored. | |
| 145 void setHeaderPolicy(const WebParsedFeaturePolicy&); | |
| 146 | |
| 147 // Returns whether or not the given feature is enabled by this policy. | |
| 148 bool isFeatureEnabledForOrigin(const Feature&, const SecurityOrigin&) const; | |
| 149 | |
| 150 // Returns whether or not the given feature is enabled for the frame that owns | |
| 151 // the policy. | |
| 152 bool isFeatureEnabled(const Feature&) const; | |
| 153 | |
| 154 // Returns the list of features which can be controlled by Feature Policy. | |
| 155 static FeatureList& getDefaultFeatureList(); | |
| 156 | |
| 157 String toString(); | |
| 158 | |
| 159 private: | |
| 160 friend class FeaturePolicyTest; | |
| 161 friend class FeaturePolicyInFrameTest; | |
| 162 | |
| 163 FeaturePolicy(RefPtr<SecurityOrigin>, FeatureList& features); | |
| 164 | |
| 165 static std::unique_ptr<FeaturePolicy> createFromParentPolicy( | |
| 166 const FeaturePolicy* parent, | |
| 167 RefPtr<SecurityOrigin>, | |
| 168 FeatureList& features); | |
| 169 | |
| 170 RefPtr<SecurityOrigin> m_origin; | |
| 171 | |
| 172 // Records whether or not each feature was enabled for this frame by its | |
| 173 // parent frame. | |
| 174 // TODO(iclelland): Generate, instead of this map, a set of bool flags, one | |
| 175 // for each feature, as all features are supposed to be represented here. | |
| 176 HashMap<const Feature*, bool> m_inheritedFeatures; | |
| 177 | |
| 178 // Map of feature names to declared whitelists. Any feature which is missing | |
| 179 // from this map should use the inherited policy. | |
| 180 HashMap<const Feature*, std::unique_ptr<Whitelist>> m_headerWhitelists; | |
| 181 | |
| 182 // Contains the set of all features which can be controlled by this policy. | |
| 183 FeatureList& m_features; | |
| 184 | |
| 185 DISALLOW_COPY_AND_ASSIGN(FeaturePolicy); | |
| 186 }; | |
| 187 | |
| 188 // Declarations for all features currently under control of the Feature Policy | |
| 189 // mechanism should be placed here. | |
| 190 extern const PLATFORM_EXPORT FeaturePolicy::Feature kDocumentCookie; | |
| 191 extern const PLATFORM_EXPORT FeaturePolicy::Feature kDocumentDomain; | |
| 192 extern const PLATFORM_EXPORT FeaturePolicy::Feature kDocumentWrite; | |
| 193 extern const PLATFORM_EXPORT FeaturePolicy::Feature kGeolocationFeature; | |
| 194 extern const PLATFORM_EXPORT FeaturePolicy::Feature kFullscreenFeature; | |
| 195 extern const PLATFORM_EXPORT FeaturePolicy::Feature kMidiFeature; | |
| 196 extern const PLATFORM_EXPORT FeaturePolicy::Feature kNotificationsFeature; | |
| 197 extern const PLATFORM_EXPORT FeaturePolicy::Feature kPaymentFeature; | |
| 198 extern const PLATFORM_EXPORT FeaturePolicy::Feature kPushFeature; | |
| 199 extern const PLATFORM_EXPORT FeaturePolicy::Feature kSyncScript; | |
| 200 extern const PLATFORM_EXPORT FeaturePolicy::Feature kSyncXHR; | |
| 201 extern const PLATFORM_EXPORT FeaturePolicy::Feature kUsermedia; | |
| 202 extern const PLATFORM_EXPORT FeaturePolicy::Feature kVibrateFeature; | |
| 203 extern const PLATFORM_EXPORT FeaturePolicy::Feature kWebRTC; | |
| 204 | 28 |
| 205 } // namespace blink | 29 } // namespace blink |
| 206 | 30 |
| 207 #endif // FeaturePolicy_h | 31 #endif // FeaturePolicy_h |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2636843003:
Move most Feature Policy code into content/ (Closed)
