Source/platform/weborigin/SecurityOrigin.h - Issue 27073003: CSP Suborigins

Unified Diff: Source/platform/weborigin/SecurityOrigin.h

Issue 27073003: CSP Suborigins Base URL: https://chromium.googlesource.com/chromium/blink.git@master

Patch Set: Address many of mkwst's comments Created 5 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« LayoutTests/http/tests/security/suborigins/suborigin-blocked-notifications.php ('K') | « Source/platform/RuntimeEnabledFeatures.in ('k') | Source/platform/weborigin/SecurityOrigin.cpp » ('j') | Source/platform/weborigin/SecurityOriginTest.cpp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: Source/platform/weborigin/SecurityOrigin.h

diff --git a/Source/platform/weborigin/SecurityOrigin.h b/Source/platform/weborigin/SecurityOrigin.h

index 9a490b6b42c28ffb1bf17732d95f08e4da2956d6..96617ffab2db6f57893ab56ff2af7a3b68ffd871 100644

--- a/Source/platform/weborigin/SecurityOrigin.h

+++ b/Source/platform/weborigin/SecurityOrigin.h

@@ -143,18 +143,18 @@ public:

// WARNING: This is an extremely powerful ability. Use with caution!

void grantUniversalAccess();

- bool canAccessDatabase() const { return !isUnique(); };

- bool canAccessLocalStorage() const { return !isUnique(); };

- bool canAccessSharedWorkers() const { return !isUnique(); }

- bool canAccessCookies() const { return !isUnique(); }

- bool canAccessPasswordManager() const { return !isUnique(); }

- bool canAccessFileSystem() const { return !isUnique(); }

+ bool canAccessDatabase() const { return !isUnique() && !hasSuborigin(); };

+ bool canAccessLocalStorage() const { return !isUnique() && !hasSuborigin(); };

+ bool canAccessSharedWorkers() const { return !isUnique() && !hasSuborigin(); }

+ bool canAccessCookies() const { return !isUnique() && !hasSuborigin(); }

+ bool canAccessPasswordManager() const { return !isUnique() && !hasSuborigin(); }

+ bool canAccessFileSystem() const { return !isUnique() && !hasSuborigin(); }

Policy canShowNotifications() const;

// Technically, we should always allow access to sessionStorage, but we

// currently don't handle creating a sessionStorage area for unique

// origins.

- bool canAccessSessionStorage() const { return !isUnique(); }

+ bool canAccessSessionStorage() const { return !isUnique() && !hasSuborigin(); }

// The local SecurityOrigin is the most privileged SecurityOrigin.

// The local SecurityOrigin can script any document, navigate to local

@@ -172,6 +172,14 @@ public:

// addition, the SandboxOrigin flag is inherited by iframes.

bool isUnique() const { return m_isUnique; }

+ // Assigns a suborigin namespace to the SecurityOrigin. addSuborigin() must

+ // only ever be called once per SecurityOrigin(). If it is called on a

+ // SecurityOrigin that has already had a suborigin assigned, it will hit a

+ // RELEASE_ASSERT().

+ void addSuborigin(const String&);

+ bool hasSuborigin() const { return !m_suboriginName.isNull(); }

+ const String& suboriginName() const { return m_suboriginName; }

// Marks a file:// origin as being in a domain defined by its path.

// FIXME 81578: The naming of this is confusing. Files with restricted access to other local files

// still can have other privileges that can be remembered, thereby not making them unique.

@@ -227,6 +235,7 @@ private:

String m_host;

String m_domain;

String m_filePath;

+ String m_suboriginName;

unsigned short m_port;

bool m_isUnique;

bool m_universalAccess;