OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef FeaturePolicy_h | 5 #ifndef FeaturePolicy_h |
6 #define FeaturePolicy_h | 6 #define FeaturePolicy_h |
7 | 7 |
8 #include "platform/PlatformExport.h" | 8 #include "platform/PlatformExport.h" |
9 #include "platform/weborigin/SecurityOrigin.h" | 9 #include "platform/weborigin/SecurityOrigin.h" |
10 #include "public/platform/WebFeaturePolicy.h" | 10 #include "public/platform/WebFeaturePolicy.h" |
11 #include "wtf/RefPtr.h" | 11 #include "wtf/RefPtr.h" |
12 #include "wtf/Vector.h" | 12 #include "wtf/Vector.h" |
13 #include "wtf/text/WTFString.h" | 13 #include "wtf/text/WTFString.h" |
14 | 14 |
15 #include <memory> | 15 #include <memory> |
16 | 16 |
17 namespace blink { | 17 namespace blink { |
18 | 18 |
19 // Feature Policy is a mechanism for controlling the availability of web | 19 // Returns the corresponding WebFeaturePolicyFeature enum given a feature |
20 // platform features in a frame, including all embedded frames. It can be used | 20 // string. |
21 // to remove features, automatically refuse API permission requests, or modify | 21 PLATFORM_EXPORT WebFeaturePolicyFeature |
22 // the behaviour of features. (The specific changes which are made depend on the | 22 getWebFeaturePolicyFeature(const String& feature); |
23 // feature; see the specification for details). | |
24 // | |
25 // Policies can be defined in the HTTP header stream, with the |Feature-Policy| | |
26 // HTTP header, or can be set by |enable| and |disable| attributes on the iframe | |
27 // element which embeds the document. | |
28 // | |
29 // See https://wicg.github.io/FeaturePolicy/ | |
30 // | |
31 // Key concepts: | |
32 // | |
33 // Features | |
34 // -------- | |
35 // Features which can be controlled by policy are defined as instances of the | |
36 // FeaturePoliicy::Feature struct. The features are referenced by pointer, so | |
37 // only a single instance of each feature should be defined. The features which | |
38 // are declared in the feature policy specification are all defined in | |
39 // |FeaturePolicy.cpp|. | |
40 // | |
41 // Whitelists | |
42 // ---------- | |
43 // Policies are defined as a mapping of feaure names to whitelists. Whitelists | |
44 // are collections of origins, although two special terms can be used when | |
45 // declaring them: | |
46 // "self" refers to the orgin of the frame which is declaring the policy. | |
47 // "*" refers to all origins; any origin will match a whitelist which contains | |
48 // it. | |
49 // | |
50 // Declarations | |
51 // ------------ | |
52 // A feature policy declaration is a mapping of a feature name to a whitelist. | |
53 // A set of declarations is a declared policy. | |
54 // | |
55 // Inherited Policy | |
56 // ---------------- | |
57 // In addition to the declared policy (which may be empty), every frame has | |
58 // an inherited policy, which is determined by the context in which it is | |
59 // embedded, or by the defaults for each feature in the case of the top-level | |
60 // document. | |
61 // | |
62 // Container Policy | |
63 // ---------------- | |
64 // A declared policy can be set on a specific frame by the embedding page using | |
65 // the iframe "allow" attribute, or through attributes such as "allowfullscreen" | |
66 // or "allowpaymentrequest". This is the container policy for the embedded | |
67 // frame. | |
68 // | |
69 // Defaults | |
70 // -------- | |
71 // Each defined feature has a default policy, which determines whether the | |
72 // feature is available when no policy has been declared, ans determines how the | |
73 // feature is inherited across origin boundaries. | |
74 // | |
75 // If the default policy is in effect for a frame, then it controls how the | |
76 // feature is inherited by any cross-origin iframes embedded by the frame. (See | |
77 // the comments below in FeaturePolicy::DefaultPolicy for specifics) | |
78 // | |
79 // Policy Inheritance | |
80 // ------------------ | |
81 // Policies in effect for a frame are inherited by any child frames it embeds. | |
82 // Unless another policy is declared in the child, all same-origin children will | |
83 // receive the same set of enables features as the parent frame. Whether or not | |
84 // features are inherited by cross-origin iframes without an explicit policy is | |
85 // determined by the feature's default policy. (Again, see the comments in | |
86 // FeaturePolicy::DefaultPolicy for details) | |
87 | 23 |
88 class PLATFORM_EXPORT FeaturePolicy final { | 24 // Converts a JSON feature policy string into a vector of whitelists, one for |
89 public: | 25 // each feature specified. Unrecognized features are parsed and included |
90 // Represents a collection of origins which make up a whitelist in a feature | 26 // but will be filtered out when the policy is constructed. If |messages| is |
91 // policy. This collection may be set to match every origin (corresponding to | 27 // not null, then any errors in the input will cause an error message to be |
92 // the "*" syntax in the policy string, in which case the contains() method | 28 // appended to it. |
93 // will always return true. | 29 PLATFORM_EXPORT WebParsedFeaturePolicyHeader |
94 class Whitelist final { | 30 parseFeaturePolicy(const String& policy, |
95 public: | 31 RefPtr<SecurityOrigin>, |
96 static std::unique_ptr<Whitelist> from( | 32 Vector<String>* messages); |
97 const WebParsedFeaturePolicyDeclaration&); | |
98 | |
99 Whitelist(); | |
100 | |
101 // Adds a single origin to the whitelist. | |
102 void add(RefPtr<SecurityOrigin>); | |
103 | |
104 // Adds all origins to the whitelist. | |
105 void addAll(); | |
106 | |
107 // Returns true if the given origin has been added to the whitelist. | |
108 bool contains(const SecurityOrigin&) const; | |
109 String toString(); | |
110 | |
111 private: | |
112 bool m_matchesAllOrigins; | |
113 Vector<RefPtr<SecurityOrigin>> m_origins; | |
114 }; | |
115 | |
116 // The FeaturePolicy::FeatureDefault enum defines the default enable state for | |
117 // a feature when neither it nor any parent frame have declared an explicit | |
118 // policy. The three possibilities map directly to Feature Policy Whitelist | |
119 // semantics. | |
120 enum class FeatureDefault { | |
121 // Equivalent to []. If this default policy is in effect for a frame, then | |
122 // the feature will not be enabled for that frame or any of its children. | |
123 DisableForAll, | |
124 | |
125 // Equivalent to ["self"]. If this default policy is in effect for a frame, | |
126 // then the feature will be enabled for that frame, and any same-origin | |
127 // child frames, but not for any cross-origin child frames. | |
128 EnableForSelf, | |
129 | |
130 // Equivalent to ["*"]. If in effect for a frame, then the feature is | |
131 // enabled for that frame and all of its children. | |
132 EnableForAll | |
133 }; | |
134 | |
135 // The FeaturePolicy::Feature struct is used to define all features under | |
136 // control of Feature Policy. There should only be one instance of this struct | |
137 // for any given feature (declared below). | |
138 struct Feature { | |
139 // The name of the feature, as it should appear in a policy string | |
140 const char* const featureName; | |
141 | |
142 // Controls whether the feature should be available in the platform by | |
143 // default, in the absence of any declared policy. | |
144 FeatureDefault defaultPolicy; | |
145 }; | |
146 | |
147 using FeatureList = const Vector<const FeaturePolicy::Feature*>; | |
148 | |
149 // Converts a JSON feature policy string into a vector of whitelists, one for | |
150 // each feature specified. Unrecognized features are parsed and included | |
151 // but will be filtered out when the policy is constructed. If |messages| is | |
152 // not null, then any errors in the input will cause an error message to be | |
153 // appended to it. | |
154 static WebParsedFeaturePolicyHeader parseFeaturePolicy( | |
155 const String& policy, | |
156 RefPtr<SecurityOrigin>, | |
157 Vector<String>* messages); | |
158 | |
159 static std::unique_ptr<FeaturePolicy> createFromParentPolicy( | |
160 const FeaturePolicy* parent, | |
161 const WebParsedFeaturePolicyHeader* containerPolicy, | |
162 RefPtr<SecurityOrigin>); | |
163 | |
164 // Sets the declared policy from the parsed Feature-Policy HTTP header. | |
165 // Unrecognized features will be ignored. | |
166 void setHeaderPolicy(const WebParsedFeaturePolicyHeader&); | |
167 | |
168 // Returns whether or not the given feature is enabled by this policy. | |
169 bool isFeatureEnabledForOrigin(const Feature&, const SecurityOrigin&) const; | |
170 | |
171 // Returns whether or not the given feature is enabled for the frame that owns | |
172 // the policy. | |
173 bool isFeatureEnabled(const Feature&) const; | |
174 | |
175 // Returns the list of features which can be controlled by Feature Policy. | |
176 static FeatureList& getDefaultFeatureList(); | |
177 | |
178 String toString(); | |
179 | |
180 // Returns the corresponding WebFeaturePolicyFeature enum given a feature | |
181 // string. | |
182 static WebFeaturePolicyFeature getWebFeaturePolicyFeature( | |
183 const String& feature); | |
184 | |
185 private: | |
186 friend class FeaturePolicyTest; | |
187 friend class FeaturePolicyInFrameTest; | |
188 | |
189 FeaturePolicy(RefPtr<SecurityOrigin>, FeatureList& features); | |
190 | |
191 static std::unique_ptr<FeaturePolicy> createFromParentPolicy( | |
192 const FeaturePolicy* parent, | |
193 const WebParsedFeaturePolicyHeader* containerPolicy, | |
194 RefPtr<SecurityOrigin>, | |
195 FeatureList& features); | |
196 | |
197 // Updates the inherited policy with the declarations from the iframe allow* | |
198 // attributes. | |
199 void addContainerPolicy(const WebParsedFeaturePolicyHeader* containerPolicy, | |
200 const FeaturePolicy* parent); | |
201 | |
202 RefPtr<SecurityOrigin> m_origin; | |
203 | |
204 // Records whether or not each feature was enabled for this frame by its | |
205 // parent frame. | |
206 // TODO(iclelland): Generate, instead of this map, a set of bool flags, one | |
207 // for each feature, as all features are supposed to be represented here. | |
208 HashMap<const Feature*, bool> m_inheritedFeatures; | |
209 | |
210 // Map of feature names to declared whitelists. Any feature which is missing | |
211 // from this map should use the inherited policy. | |
212 HashMap<const Feature*, std::unique_ptr<Whitelist>> m_headerWhitelists; | |
213 | |
214 // Contains the set of all features which can be controlled by this policy. | |
215 FeatureList& m_features; | |
216 | |
217 DISALLOW_COPY_AND_ASSIGN(FeaturePolicy); | |
218 }; | |
219 | |
220 // Declarations for all features currently under control of the Feature Policy | |
221 // mechanism should be placed here. | |
222 extern const PLATFORM_EXPORT FeaturePolicy::Feature kDocumentCookie; | |
223 extern const PLATFORM_EXPORT FeaturePolicy::Feature kDocumentDomain; | |
224 extern const PLATFORM_EXPORT FeaturePolicy::Feature kDocumentWrite; | |
225 extern const PLATFORM_EXPORT FeaturePolicy::Feature kGeolocationFeature; | |
226 extern const PLATFORM_EXPORT FeaturePolicy::Feature kFullscreenFeature; | |
227 extern const PLATFORM_EXPORT FeaturePolicy::Feature kMidiFeature; | |
228 extern const PLATFORM_EXPORT FeaturePolicy::Feature kNotificationsFeature; | |
229 extern const PLATFORM_EXPORT FeaturePolicy::Feature kPaymentFeature; | |
230 extern const PLATFORM_EXPORT FeaturePolicy::Feature kPushFeature; | |
231 extern const PLATFORM_EXPORT FeaturePolicy::Feature kSyncScript; | |
232 extern const PLATFORM_EXPORT FeaturePolicy::Feature kSyncXHR; | |
233 extern const PLATFORM_EXPORT FeaturePolicy::Feature kUsermedia; | |
234 extern const PLATFORM_EXPORT FeaturePolicy::Feature kVibrateFeature; | |
235 extern const PLATFORM_EXPORT FeaturePolicy::Feature kWebRTC; | |
236 | 33 |
237 } // namespace blink | 34 } // namespace blink |
238 | 35 |
239 #endif // FeaturePolicy_h | 36 #endif // FeaturePolicy_h |
OLD | NEW |