Chromium Code Reviews Chromium Code Reviews
Issue 27073003:
CSP Suborigins
Base URL: https://chromium.googlesource.com/chromium/blink.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2007, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2007, 2008 Apple Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * | 7 * |
| 8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
| (...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 136 // | 136 // |
| 137 // Note: This method exists only to support backwards compatibility | 137 // Note: This method exists only to support backwards compatibility |
| 138 // with older versions of WebKit. | 138 // with older versions of WebKit. |
| 139 void grantLoadLocalResources(); | 139 void grantLoadLocalResources(); |
| 140 | 140 |
| 141 // Explicitly grant the ability to access every other SecurityOrigin. | 141 // Explicitly grant the ability to access every other SecurityOrigin. |
| 142 // | 142 // |
| 143 // WARNING: This is an extremely powerful ability. Use with caution! | 143 // WARNING: This is an extremely powerful ability. Use with caution! |
| 144 void grantUniversalAccess(); | 144 void grantUniversalAccess(); |
| 145 | 145 |
| 146 bool canAccessDatabase() const { return !isUnique(); }; | 146 bool canAccessDatabase() const { return !isUnique() && !hasSuborigin(); }; |
| 147 bool canAccessLocalStorage() const { return !isUnique(); }; | 147 bool canAccessLocalStorage() const { return !isUnique() && !hasSuborigin(); }; |
| 148 bool canAccessSharedWorkers() const { return !isUnique(); } | 148 bool canAccessSharedWorkers() const { return !isUnique() && !hasSuborigin(); } |
| 149 bool canAccessCookies() const { return !isUnique(); } | 149 bool canAccessCookies() const { return !isUnique() && !hasSuborigin(); } |
| 150 bool canAccessPasswordManager() const { return !isUnique(); } | 150 bool canAccessPasswordManager() const { return !isUnique() && !hasSuborigin( ); } |
| 151 bool canAccessFileSystem() const { return !isUnique(); } | 151 bool canAccessFileSystem() const { return !isUnique() && !hasSuborigin(); } |
| 152 Policy canShowNotifications() const; | 152 Policy canShowNotifications() const; |
| 153 | 153 |
| 154 // Technically, we should always allow access to sessionStorage, but we | 154 // Technically, we should always allow access to sessionStorage, but we |
| 155 // currently don't handle creating a sessionStorage area for unique | 155 // currently don't handle creating a sessionStorage area for unique |
| 156 // origins. | 156 // origins. |
| 157 bool canAccessSessionStorage() const { return !isUnique(); } | 157 bool canAccessSessionStorage() const { return !isUnique(); } |
| 158 | 158 |
| 159 // The local SecurityOrigin is the most privileged SecurityOrigin. | 159 // The local SecurityOrigin is the most privileged SecurityOrigin. |
| 160 // The local SecurityOrigin can script any document, navigate to local | 160 // The local SecurityOrigin can script any document, navigate to local |
| 161 // resources, and can set arbitrary headers on XMLHttpRequests. | 161 // resources, and can set arbitrary headers on XMLHttpRequests. |
| 162 bool isLocal() const; | 162 bool isLocal() const; |
| 163 | 163 |
| 164 // Returns true if the host is one of 127.0.0.1/8, ::1/128, or "localhost". | 164 // Returns true if the host is one of 127.0.0.1/8, ::1/128, or "localhost". |
| 165 bool isLocalhost() const; | 165 bool isLocalhost() const; |
| 166 | 166 |
| 167 // The origin is a globally unique identifier assigned when the Document is | 167 // The origin is a globally unique identifier assigned when the Document is |
| 168 // created. http://www.whatwg.org/specs/web-apps/current-work/#sandboxOrigin | 168 // created. http://www.whatwg.org/specs/web-apps/current-work/#sandboxOrigin |
| 169 // | 169 // |
| 170 // There's a subtle difference between a unique origin and an origin that | 170 // There's a subtle difference between a unique origin and an origin that |
| 171 // has the SandboxOrigin flag set. The latter implies the former, and, in | 171 // has the SandboxOrigin flag set. The latter implies the former, and, in |
| 172 // addition, the SandboxOrigin flag is inherited by iframes. | 172 // addition, the SandboxOrigin flag is inherited by iframes. |
| 173 bool isUnique() const { return m_isUnique; } | 173 bool isUnique() const { return m_isUnique; } |
| 174 | 174 |
| 175 void addSuborigin(const String&); | |
| 176 bool hasSuborigin() const { return !m_suboriginName.isNull(); } | |
| 177 String suboriginName() const { return m_suboriginName; } | |
|
abarth-chromium
2014/07/31 04:56:48
const String&
jww
2014/10/21 23:51:06
Done.
| |
| 178 | |
| 175 // Marks a file:// origin as being in a domain defined by its path. | 179 // Marks a file:// origin as being in a domain defined by its path. |
| 176 // FIXME 81578: The naming of this is confusing. Files with restricted acces s to other local files | 180 // FIXME 81578: The naming of this is confusing. Files with restricted acces s to other local files |
| 177 // still can have other privileges that can be remembered, thereby not makin g them unique. | 181 // still can have other privileges that can be remembered, thereby not makin g them unique. |
| 178 void enforceFilePathSeparation(); | 182 void enforceFilePathSeparation(); |
| 179 | 183 |
| 180 // Convert this SecurityOrigin into a string. The string | 184 // Convert this SecurityOrigin into a string. The string |
| 181 // representation of a SecurityOrigin is similar to a URL, except it | 185 // representation of a SecurityOrigin is similar to a URL, except it |
| 182 // lacks a path component. The string representation does not encode | 186 // lacks a path component. The string representation does not encode |
| 183 // the value of the SecurityOrigin's domain property. | 187 // the value of the SecurityOrigin's domain property. |
| 184 // | 188 // |
| (...skipping 24 matching lines...) Expand all Loading... | |
| 209 explicit SecurityOrigin(const SecurityOrigin*); | 213 explicit SecurityOrigin(const SecurityOrigin*); |
| 210 | 214 |
| 211 // FIXME: Rename this function to something more semantic. | 215 // FIXME: Rename this function to something more semantic. |
| 212 bool passesFileCheck(const SecurityOrigin*) const; | 216 bool passesFileCheck(const SecurityOrigin*) const; |
| 213 void buildRawString(StringBuilder&) const; | 217 void buildRawString(StringBuilder&) const; |
| 214 | 218 |
| 215 String m_protocol; | 219 String m_protocol; |
| 216 String m_host; | 220 String m_host; |
| 217 String m_domain; | 221 String m_domain; |
| 218 String m_filePath; | 222 String m_filePath; |
| 223 String m_suboriginName; | |
| 219 unsigned short m_port; | 224 unsigned short m_port; |
| 220 bool m_isUnique; | 225 bool m_isUnique; |
| 221 bool m_universalAccess; | 226 bool m_universalAccess; |
| 222 bool m_domainWasSetInDOM; | 227 bool m_domainWasSetInDOM; |
| 223 bool m_canLoadLocalResources; | 228 bool m_canLoadLocalResources; |
| 224 bool m_enforceFilePathSeparation; | 229 bool m_enforceFilePathSeparation; |
| 225 bool m_needsDatabaseIdentifierQuirkForFiles; | 230 bool m_needsDatabaseIdentifierQuirkForFiles; |
| 226 }; | 231 }; |
| 227 | 232 |
| 228 } // namespace WebCore | 233 } // namespace WebCore |
| 229 | 234 |
| 230 #endif // SecurityOrigin_h | 235 #endif // SecurityOrigin_h |
| OLD | NEW |
