Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2323)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/platform/weborigin/SecurityOrigin.cpp

Issue 27073003: CSP Suborigins Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Rebase Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« Source/platform/weborigin/SecurityOrigin.h ('K') | « Source/platform/weborigin/SecurityOrigin.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/platform/weborigin/SecurityOrigin.cpp
diff --git a/Source/platform/weborigin/SecurityOrigin.cpp b/Source/platform/weborigin/SecurityOrigin.cpp
index c6e3dd40fc39b15a8fd71cfb6b02a7e53683cbad..21206f460753b4d8e0558d0ebcd054a99c1c8dd5 100644
--- a/Source/platform/weborigin/SecurityOrigin.cpp
+++ b/Source/platform/weborigin/SecurityOrigin.cpp
@@ -62,6 +62,12 @@ static SecurityOrigin* cachedOrigin(const KURL& url)
return 0;
}
+static bool sameSuborigin(const SecurityOrigin* origin1, const SecurityOrigin* origin2)
+{
+ // If either origin has a suborigin set, both must have the same suborigin.
+ return (!origin1->hasSuborigin() && !origin2->hasSuborigin()) || (origin1->suboriginName() == origin2->suboriginName());
+}
+
bool SecurityOrigin::shouldUseInnerURL(const KURL& url)
{
// FIXME: Blob URLs don't have inner URLs. Their form is "blob:<inner-origin>/<UUID>", so treating the part after "blob:" as a URL is incorrect.
@@ -119,6 +125,7 @@ static bool shouldTreatAsUniqueOrigin(const KURL& url)
SecurityOrigin::SecurityOrigin(const KURL& url)
: m_protocol(url.protocol().isNull() ? "" : url.protocol().lower())
, m_host(url.host().isNull() ? "" : url.host().lower())
+ , m_suboriginName(String())
abarth-chromium 2014/07/31 04:56:47 The compiler will generate this code for you.
jww 2014/10/21 23:51:06 Done.
, m_port(url.port())
, m_isUnique(false)
, m_universalAccess(false)
@@ -143,6 +150,7 @@ SecurityOrigin::SecurityOrigin()
: m_protocol("")
, m_host("")
, m_domain("")
+ , m_suboriginName(String())
abarth-chromium 2014/07/31 04:56:47 ditto
jww 2014/10/21 23:51:06 Done.
, m_port(InvalidPort)
, m_isUnique(true)
, m_universalAccess(false)
@@ -158,6 +166,7 @@ SecurityOrigin::SecurityOrigin(const SecurityOrigin* other)
, m_host(other->m_host.isolatedCopy())
, m_domain(other->m_domain.isolatedCopy())
, m_filePath(other->m_filePath.isolatedCopy())
+ , m_suboriginName(other->m_suboriginName)
, m_port(other->m_port)
, m_isUnique(other->m_isUnique)
, m_universalAccess(other->m_universalAccess)
@@ -200,6 +209,15 @@ PassRefPtr<SecurityOrigin> SecurityOrigin::createUnique()
return origin.release();
}
+void SecurityOrigin::addSuborigin(const String& suborigin)
+{
+ // Changing suborigins midstream is bad. Very bad. It should not happen.
+ // This is, in fact, one of the very basic invariants that makes suborigins
+ // an effective security tool.
+ RELEASE_ASSERT(m_suboriginName.isNull());
+ m_suboriginName = suborigin;
+}
+
PassRefPtr<SecurityOrigin> SecurityOrigin::isolatedCopy() const
{
return adoptRef(new SecurityOrigin(this));
@@ -235,6 +253,9 @@ bool SecurityOrigin::canAccess(const SecurityOrigin* other) const
if (isUnique() || other->isUnique())
return false;
+ if (!sameSuborigin(this, other))
+ return false;
+
// Here are two cases where we should permit access:
//
// 1) Neither document has set document.domain. In this case, we insist
@@ -298,6 +319,9 @@ bool SecurityOrigin::canRequest(const KURL& url) const
if (targetOrigin->isUnique())
return false;
+ if (!sameSuborigin(this, targetOrigin.get()))
+ return false;
+
// We call isSameSchemeHostPort here instead of canAccess because we want
// to ignore document.domain effects.
if (isSameSchemeHostPort(targetOrigin.get()))
@@ -388,6 +412,8 @@ SecurityOrigin::Policy SecurityOrigin::canShowNotifications() const
return AlwaysAllow;
if (isUnique())
return AlwaysDeny;
+ if (hasSuborigin())
+ return AlwaysDeny;
return Ask;
}
@@ -479,7 +505,14 @@ AtomicString SecurityOrigin::toRawAtomicString() const
inline void SecurityOrigin::buildRawString(StringBuilder& builder) const
{
- builder.reserveCapacity(m_protocol.length() + m_host.length() + 10);
+ if (hasSuborigin()) {
+ builder.reserveCapacity(11 + m_suboriginName.length() + m_protocol.length() + m_host.length() + 10);
+ builder.appendLiteral("suborigin:");
+ builder.append(m_suboriginName);
+ builder.append('+');
+ } else {
+ builder.reserveCapacity(m_protocol.length() + m_host.length() + 10);
+ }
builder.append(m_protocol);
builder.appendLiteral("://");
builder.append(m_host);
@@ -505,6 +538,9 @@ PassRefPtr<SecurityOrigin> SecurityOrigin::create(const String& protocol, const
bool SecurityOrigin::isSameSchemeHostPort(const SecurityOrigin* other) const
{
+ if (!sameSuborigin(this, other))
+ return false;
+
if (m_host != other->m_host)
return false;
« Source/platform/weborigin/SecurityOrigin.h ('K') | « Source/platform/weborigin/SecurityOrigin.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698