Index: content/common/feature_policy/feature_policy.h |
diff --git a/content/common/feature_policy/feature_policy.h b/content/common/feature_policy/feature_policy.h |
index b49e1a4489597d53939355aedb756057935296c0..60b689e158295c93f4fa91e39a8cef4537aad161 100644 |
--- a/content/common/feature_policy/feature_policy.h |
+++ b/content/common/feature_policy/feature_policy.h |
@@ -5,14 +5,77 @@ |
#ifndef CONTENT_COMMON_FEATURE_POLICY_FEATURE_POLICY_H_ |
#define CONTENT_COMMON_FEATURE_POLICY_FEATURE_POLICY_H_ |
+#include <map> |
+#include <memory> |
#include <string> |
#include <vector> |
+#include "base/macros.h" |
#include "content/common/content_export.h" |
+#include "third_party/WebKit/public/platform/WebFeaturePolicy.h" |
#include "url/origin.h" |
namespace content { |
+// Feature Policy is a mechanism for controlling the availability of web |
+// platform features in a frame, including all embedded frames. It can be used |
+// to remove features, automatically refuse API permission requests, or modify |
+// the behaviour of features. (The specific changes which are made depend on the |
+// feature; see the specification for details). |
+// |
+// Policies can be defined in the HTTP header stream, with the |Feature-Policy| |
+// HTTP header, or can be set by the |allow| attributes on the iframe element |
+// which embeds the document. |
+// |
+// See https://wicg.github.io/FeaturePolicy/ |
+// |
+// Key concepts: |
+// |
+// Features |
+// -------- |
+// Features which can be controlled by policy are defined by instances of the |
+// FeaturePolicy::Feature struct. The features are referenced by the |
+// |WebFeaturePolicyFeature| enum, declared in |WebFeaturePolicy.h|. |
+// |
+// Whitelists |
+// ---------- |
+// Whitelists are collections of origins, although two special terms can be used |
+// when declaring them: |
+// "self" refers to the orgin of the frame which is declaring the policy. |
+// "*" refers to all origins; any origin will match a whitelist which contains |
+// it. |
+// |
+// Declarations |
+// ------------ |
+// A feature policy declaration is a mapping of a feature name to a whitelist. |
+// A set of declarations is a declared policy. |
+// |
+// Inherited Policy |
+// ---------------- |
+// In addition to the declared policy (which may be empty), every frame has |
+// an inherited policy, which is determined by the context in which it is |
+// embedded, or by the defaults for each feature in the case of the top-level |
+// document. |
+// |
+// Defaults |
+// -------- |
+// Each defined feature has a default policy, which determines whether the |
+// feature is available when no policy has been declared, ans determines how the |
+// feature is inherited across origin boundaries. |
+// |
+// If the default policy is in effect for a frame, then it controls how the |
+// feature is inherited by any cross-origin iframes embedded by the frame. (See |
+// the comments below in FeaturePolicy::DefaultPolicy for specifics) |
+// |
+// Policy Inheritance |
+// ------------------ |
+// Policies in effect for a frame are inherited by any child frames it embeds. |
+// Unless another policy is declared in the child, all same-origin children will |
+// receive the same set of enables features as the parent frame. Whether or not |
+// features are inherited by cross-origin iframes without an explicit policy is |
+// determined by the feature's default policy. (Again, see the comments in |
+// FeaturePolicy::DefaultPolicy for details) |
+ |
// This struct holds feature policy whitelist data that needs to be replicated |
// between a RenderFrame and any of its associated RenderFrameProxies. A list of |
// these form a ParsedFeaturePolicyHeader. |
@@ -33,6 +96,114 @@ struct CONTENT_EXPORT ParsedFeaturePolicyDeclaration { |
using ParsedFeaturePolicyHeader = std::vector<ParsedFeaturePolicyDeclaration>; |
+class CONTENT_EXPORT FeaturePolicy { |
+ public: |
+ // Represents a collection of origins which make up a whitelist in a feature |
+ // policy. This collection may be set to match every origin (corresponding to |
+ // the "*" syntax in the policy string, in which case the Contains() method |
+ // will always return true. |
+ class Whitelist final { |
+ public: |
+ Whitelist(); |
+ ~Whitelist(); |
+ |
+ // Adds a single origin to the whitelist. |
+ void Add(const url::Origin& origin); |
+ |
+ // Adds all origins to the whitelist. |
+ void AddAll(); |
+ |
+ // Returns true if the given origin has been added to the whitelist. |
+ bool Contains(const url::Origin& origin) const; |
+ |
+ private: |
+ bool matches_all_origins_; |
+ std::vector<url::Origin> origins_; |
+ }; |
+ |
+ // The FeaturePolicy::FeatureDefault enum defines the default enable state for |
+ // a feature when neither it nor any parent frame have declared an explicit |
+ // policy. The three possibilities map directly to Feature Policy Whitelist |
+ // semantics. |
+ enum class FeatureDefault { |
+ // Equivalent to []. If this default policy is in effect for a frame, then |
+ // the feature will not be enabled for that frame or any of its children. |
+ DisableForAll, |
+ |
+ // Equivalent to ["self"]. If this default policy is in effect for a frame, |
+ // then the feature will be enabled for that frame, and any same-origin |
+ // child frames, but not for any cross-origin child frames. |
+ EnableForSelf, |
+ |
+ // Equivalent to ["*"]. If in effect for a frame, then the feature is |
+ // enabled for that frame and all of its children. |
+ EnableForAll |
+ }; |
+ |
+ // The FeaturePolicy::Feature struct is used to define all features under |
+ // control of Feature Policy. There should only be one instance of this struct |
+ // for any given feature (declared below). |
+ struct Feature { |
+ // The name of the feature, as it should appear in a policy string |
+ const char* const feature_name; |
+ |
+ // Controls whether the feature should be available in the platform by |
+ // default, in the absence of any declared policy. |
+ FeatureDefault default_policy; |
+ }; |
+ |
+ using FeatureList = |
+ std::map<blink::WebFeaturePolicyFeature, const FeaturePolicy::Feature*>; |
+ |
+ ~FeaturePolicy(); |
+ |
+ static std::unique_ptr<FeaturePolicy> CreateFromParentPolicy( |
+ const FeaturePolicy* parent_policy, |
+ const url::Origin& origin); |
+ |
+ // Returns whether or not the given feature is enabled by this policy. |
+ bool IsFeatureEnabledForOrigin(blink::WebFeaturePolicyFeature feature, |
+ const url::Origin& origin) const; |
+ |
+ // Returns whether or not the given feature is enabled for the origin of the |
+ // document that owns the policy. |
+ bool IsFeatureEnabled(blink::WebFeaturePolicyFeature feature) const; |
+ |
+ // Sets the declared policy from the parsed Feature-Policy HTTP header. |
+ // Unrecognized features will be ignored. |
+ void SetHeaderPolicy(const ParsedFeaturePolicyHeader& parsed_header); |
+ |
+ private: |
+ friend class FeaturePolicyTest; |
+ |
+ explicit FeaturePolicy(url::Origin origin); |
+ FeaturePolicy(url::Origin origin, const FeatureList& feature_list); |
+ static std::unique_ptr<FeaturePolicy> CreateFromParentPolicy( |
+ const FeaturePolicy* parent_policy, |
+ const url::Origin& origin, |
+ const FeatureList& features); |
+ |
+ // Returns the list of features which can be controlled by Feature Policy. |
+ static const FeatureList& getDefaultFeatureList(); |
+ |
+ url::Origin origin_; |
+ |
+ // Map of feature names to declared whitelists. Any feature which is missing |
+ // from this map should use the inherited policy. |
+ std::map<blink::WebFeaturePolicyFeature, std::unique_ptr<Whitelist>> |
+ whitelists_; |
+ |
+ // Records whether or not each feature was enabled for this frame by its |
+ // parent frame. |
+ // TODO(iclelland): Generate, instead of this map, a set of bool flags, one |
+ // for each feature, as all features are supposed to be represented here. |
+ std::map<blink::WebFeaturePolicyFeature, bool> inherited_policies_; |
+ |
+ const FeatureList& feature_list_; |
+ |
+ DISALLOW_COPY_AND_ASSIGN(FeaturePolicy); |
+}; |
+ |
} // namespace content |
#endif // CONTENT_COMMON_FEATURE_POLICY_FEATURE_POLICY_H_ |