| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google Inc. All rights reserved. | 2 * Copyright (C) 2011 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * | 7 * |
| 8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
| (...skipping 28 matching lines...) Expand all Loading... |
| 39 #include "wtf/Threading.h" | 39 #include "wtf/Threading.h" |
| 40 #include "wtf/text/StringHash.h" | 40 #include "wtf/text/StringHash.h" |
| 41 #include <memory> | 41 #include <memory> |
| 42 | 42 |
| 43 namespace blink { | 43 namespace blink { |
| 44 | 44 |
| 45 using OriginAccessWhiteList = Vector<OriginAccessEntry>; | 45 using OriginAccessWhiteList = Vector<OriginAccessEntry>; |
| 46 using OriginAccessMap = HashMap<String, std::unique_ptr<OriginAccessWhiteList>>; | 46 using OriginAccessMap = HashMap<String, std::unique_ptr<OriginAccessWhiteList>>; |
| 47 using OriginSet = HashSet<String>; | 47 using OriginSet = HashSet<String>; |
| 48 | 48 |
| 49 enum ReferrerPolicyLegacyKeywordsSupport { | |
| 50 SupportReferrerPolicyLegacyKeywords, | |
| 51 DoNotSupportReferrerPolicyLegacyKeywords, | |
| 52 }; | |
| 53 | |
| 54 static OriginAccessMap& originAccessMap() { | 49 static OriginAccessMap& originAccessMap() { |
| 55 DEFINE_STATIC_LOCAL(OriginAccessMap, originAccessMap, ()); | 50 DEFINE_STATIC_LOCAL(OriginAccessMap, originAccessMap, ()); |
| 56 return originAccessMap; | 51 return originAccessMap; |
| 57 } | 52 } |
| 58 | 53 |
| 59 static OriginSet& trustworthyOriginSet() { | 54 static OriginSet& trustworthyOriginSet() { |
| 60 DEFINE_STATIC_LOCAL(OriginSet, trustworthyOriginSet, ()); | 55 DEFINE_STATIC_LOCAL(OriginSet, trustworthyOriginSet, ()); |
| 61 return trustworthyOriginSet; | 56 return trustworthyOriginSet; |
| 62 } | 57 } |
| 63 | 58 |
| 64 static bool referrerPolicyFromStringImpl( | |
| 65 const String& policy, | |
| 66 ReferrerPolicyLegacyKeywordsSupport legacyKeywordsSupport, | |
| 67 ReferrerPolicy* result) { | |
| 68 DCHECK(!policy.isNull()); | |
| 69 bool supportLegacyKeywords = | |
| 70 (legacyKeywordsSupport == SupportReferrerPolicyLegacyKeywords); | |
| 71 | |
| 72 if (equalIgnoringASCIICase(policy, "no-referrer") || | |
| 73 (supportLegacyKeywords && equalIgnoringASCIICase(policy, "never"))) { | |
| 74 *result = ReferrerPolicyNever; | |
| 75 return true; | |
| 76 } | |
| 77 if (equalIgnoringASCIICase(policy, "unsafe-url") || | |
| 78 (supportLegacyKeywords && equalIgnoringASCIICase(policy, "always"))) { | |
| 79 *result = ReferrerPolicyAlways; | |
| 80 return true; | |
| 81 } | |
| 82 if (equalIgnoringASCIICase(policy, "origin")) { | |
| 83 *result = ReferrerPolicyOrigin; | |
| 84 return true; | |
| 85 } | |
| 86 if (equalIgnoringASCIICase(policy, "origin-when-cross-origin") || | |
| 87 (supportLegacyKeywords && | |
| 88 equalIgnoringASCIICase(policy, "origin-when-crossorigin"))) { | |
| 89 *result = ReferrerPolicyOriginWhenCrossOrigin; | |
| 90 return true; | |
| 91 } | |
| 92 if (equalIgnoringASCIICase(policy, "no-referrer-when-downgrade") || | |
| 93 (supportLegacyKeywords && equalIgnoringASCIICase(policy, "default"))) { | |
| 94 *result = ReferrerPolicyNoReferrerWhenDowngrade; | |
| 95 return true; | |
| 96 } | |
| 97 return false; | |
| 98 } | |
| 99 | |
| 100 void SecurityPolicy::init() { | 59 void SecurityPolicy::init() { |
| 101 originAccessMap(); | 60 originAccessMap(); |
| 102 trustworthyOriginSet(); | 61 trustworthyOriginSet(); |
| 103 } | 62 } |
| 104 | 63 |
| 105 bool SecurityPolicy::shouldHideReferrer(const KURL& url, const KURL& referrer) { | 64 bool SecurityPolicy::shouldHideReferrer(const KURL& url, const KURL& referrer) { |
| 106 bool referrerIsSecureURL = referrer.protocolIs("https"); | 65 bool referrerIsSecureURL = referrer.protocolIs("https"); |
| 107 bool schemeIsAllowed = | 66 bool schemeIsAllowed = |
| 108 SchemeRegistry::shouldTreatURLSchemeAsAllowedForReferrer( | 67 SchemeRegistry::shouldTreatURLSchemeAsAllowedForReferrer( |
| 109 referrer.protocol()); | 68 referrer.protocol()); |
| (...skipping 180 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 290 | 249 |
| 291 if (list->isEmpty()) | 250 if (list->isEmpty()) |
| 292 map.remove(it); | 251 map.remove(it); |
| 293 } | 252 } |
| 294 | 253 |
| 295 void SecurityPolicy::resetOriginAccessWhitelists() { | 254 void SecurityPolicy::resetOriginAccessWhitelists() { |
| 296 ASSERT(isMainThread()); | 255 ASSERT(isMainThread()); |
| 297 originAccessMap().clear(); | 256 originAccessMap().clear(); |
| 298 } | 257 } |
| 299 | 258 |
| 300 bool SecurityPolicy::referrerPolicyFromString(const String& policy, | 259 bool SecurityPolicy::referrerPolicyFromString( |
| 301 ReferrerPolicy* result) { | 260 const String& policy, |
| 302 return referrerPolicyFromStringImpl( | 261 ReferrerPolicyLegacyKeywordsSupport legacyKeywordsSupport, |
| 303 policy, DoNotSupportReferrerPolicyLegacyKeywords, result); | 262 ReferrerPolicy* result) { |
| 263 DCHECK(!policy.isNull()); |
| 264 bool supportLegacyKeywords = |
| 265 (legacyKeywordsSupport == SupportReferrerPolicyLegacyKeywords); |
| 266 |
| 267 if (equalIgnoringASCIICase(policy, "no-referrer") || |
| 268 (supportLegacyKeywords && equalIgnoringASCIICase(policy, "never"))) { |
| 269 *result = ReferrerPolicyNever; |
| 270 return true; |
| 271 } |
| 272 if (equalIgnoringASCIICase(policy, "unsafe-url") || |
| 273 (supportLegacyKeywords && equalIgnoringASCIICase(policy, "always"))) { |
| 274 *result = ReferrerPolicyAlways; |
| 275 return true; |
| 276 } |
| 277 if (equalIgnoringASCIICase(policy, "origin")) { |
| 278 *result = ReferrerPolicyOrigin; |
| 279 return true; |
| 280 } |
| 281 if (equalIgnoringASCIICase(policy, "origin-when-cross-origin") || |
| 282 (supportLegacyKeywords && |
| 283 equalIgnoringASCIICase(policy, "origin-when-crossorigin"))) { |
| 284 *result = ReferrerPolicyOriginWhenCrossOrigin; |
| 285 return true; |
| 286 } |
| 287 if (equalIgnoringASCIICase(policy, "no-referrer-when-downgrade") || |
| 288 (supportLegacyKeywords && equalIgnoringASCIICase(policy, "default"))) { |
| 289 *result = ReferrerPolicyNoReferrerWhenDowngrade; |
| 290 return true; |
| 291 } |
| 292 return false; |
| 304 } | 293 } |
| 305 | 294 |
| 306 bool SecurityPolicy::referrerPolicyFromStringWithLegacyKeywords( | 295 bool SecurityPolicy::referrerPolicyFromHeaderValue( |
| 307 const String& policy, | 296 const String& headerValue, |
| 297 ReferrerPolicyLegacyKeywordsSupport legacyKeywordsSupport, |
| 308 ReferrerPolicy* result) { | 298 ReferrerPolicy* result) { |
| 309 return referrerPolicyFromStringImpl( | 299 ReferrerPolicy referrerPolicy = ReferrerPolicyDefault; |
| 310 policy, SupportReferrerPolicyLegacyKeywords, result); | 300 |
| 301 Vector<String> tokens; |
| 302 headerValue.split(',', true, tokens); |
| 303 for (const auto& token : tokens) { |
| 304 ReferrerPolicy currentResult; |
| 305 if (SecurityPolicy::referrerPolicyFromString(token, legacyKeywordsSupport, |
| 306 ¤tResult)) { |
| 307 referrerPolicy = currentResult; |
| 308 } |
| 309 } |
| 310 |
| 311 if (referrerPolicy == ReferrerPolicyDefault) |
| 312 return false; |
| 313 |
| 314 *result = referrerPolicy; |
| 315 return true; |
| 311 } | 316 } |
| 312 | 317 |
| 313 } // namespace blink | 318 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2674973006:
Move parsing of referrer policy header values to SecurityPolicy (Closed)
