OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef URL_ORIGIN_H_ | 5 #ifndef URL_ORIGIN_H_ |
6 #define URL_ORIGIN_H_ | 6 #define URL_ORIGIN_H_ |
7 | 7 |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <string> | 10 #include <string> |
(...skipping 17 matching lines...) Expand all Loading... |
28 // network connection, use 'url::SchemeHostPort'. | 28 // network connection, use 'url::SchemeHostPort'. |
29 // | 29 // |
30 // STL;SDR: If you aren't making actual network connections, use 'url::Origin'. | 30 // STL;SDR: If you aren't making actual network connections, use 'url::Origin'. |
31 // | 31 // |
32 // 'Origin', like 'SchemeHostPort', is composed of a tuple of (scheme, host, | 32 // 'Origin', like 'SchemeHostPort', is composed of a tuple of (scheme, host, |
33 // port), but contains a number of additional concepts which make it appropriate | 33 // port), but contains a number of additional concepts which make it appropriate |
34 // for use as a security boundary and access control mechanism between contexts. | 34 // for use as a security boundary and access control mechanism between contexts. |
35 // | 35 // |
36 // This class ought to be used when code needs to determine if two resources | 36 // This class ought to be used when code needs to determine if two resources |
37 // are "same-origin", and when a canonical serialization of an origin is | 37 // are "same-origin", and when a canonical serialization of an origin is |
38 // required. Note that some origins are "unique", meaning that they are not | 38 // required. Note that some origins are "opaque", meaning that they are not |
39 // same-origin with any other origin (including themselves). | 39 // same-origin with any other origin (except themselves). This applies even if |
| 40 // their serialization is identical: Two opaque origins created from parsing the |
| 41 // same string will each be unique, and will not compare equal. |
40 // | 42 // |
41 // There are a few subtleties to note: | 43 // There are a few subtleties to note: |
42 // | 44 // |
43 // * Invalid and non-standard GURLs are parsed as unique origins. This includes | 45 // * Invalid and non-standard GURLs are parsed as opaque origins. This includes |
44 // non-hierarchical URLs like 'data:text/html,...' and 'javascript:alert(1)'. | 46 // non-hierarchical URLs like 'data:text/html,...' and 'javascript:alert(1)'. |
45 // | 47 // |
46 // * GURLs with schemes of 'filesystem' or 'blob' parse the origin out of the | 48 // * GURLs with schemes of 'filesystem' or 'blob' parse the origin out of the |
47 // internals of the URL. That is, 'filesystem:https://example.com/temporary/f' | 49 // internals of the URL. That is, 'filesystem:https://example.com/temporary/f' |
48 // is parsed as ('https', 'example.com', 443). | 50 // is parsed as ('https', 'example.com', 443). |
49 // | 51 // |
50 // * Unique origins all serialize to the string "null"; this means that the | 52 // * Unique origins all serialize to the string "null"; this means that the |
51 // serializations of two unique origins are identical to each other, though | 53 // serializations of two opaque origins are identical to each other, though |
52 // the origins themselves are not "the same". This means that origins' | 54 // the origins themselves are not "the same". This means that origins' |
53 // serializations must not be relied upon for security checks. | 55 // serializations must not be relied upon for security checks. |
54 // | 56 // |
55 // * GURLs with a 'file' scheme are tricky. They are parsed as ('file', '', 0), | 57 // * GURLs with a 'file' scheme are tricky. They are parsed as ('file', '', 0), |
56 // but their behavior may differ from embedder to embedder. | 58 // but their behavior may differ from embedder to embedder. |
57 // | 59 // |
58 // * The host component of an IPv6 address includes brackets, just like the URL | 60 // * The host component of an IPv6 address includes brackets, just like the URL |
59 // representation. | 61 // representation. |
60 // | 62 // |
61 // Usage: | 63 // Usage: |
62 // | 64 // |
63 // * Origins are generally constructed from an already-canonicalized GURL: | 65 // * Origins are generally constructed from an already-canonicalized GURL: |
64 // | 66 // |
65 // GURL url("https://example.com/"); | 67 // GURL url("https://example.com/"); |
66 // url::Origin origin(url); | 68 // url::Origin origin(url); |
67 // origin.scheme(); // "https" | 69 // origin.scheme(); // "https" |
68 // origin.host(); // "example.com" | 70 // origin.host(); // "example.com" |
69 // origin.port(); // 443 | 71 // origin.port(); // 443 |
70 // origin.unique(); // false | 72 // origin.opaque(); // false |
71 // | 73 // |
72 // * To answer the question "Are |this| and |that| "same-origin" with each | 74 // * To answer the question "Are |this| and |that| "same-origin" with each |
73 // other?", use |Origin::IsSameOriginWith|: | 75 // other?", use |Origin::IsSameOriginWith|: |
74 // | 76 // |
75 // if (this.IsSameOriginWith(that)) { | 77 // if (this.IsSameOriginWith(that)) { |
76 // // Amazingness goes here. | 78 // // Amazingness goes here. |
77 // } | 79 // } |
78 class URL_EXPORT Origin { | 80 class URL_EXPORT Origin { |
79 public: | 81 public: |
80 // Creates a unique Origin. | 82 // Creates a unique opaque Origin. |
81 Origin(); | 83 Origin(); |
82 | 84 |
83 // Creates an Origin from |url|, as described at | 85 // Creates an Origin from |url|, as described at |
84 // https://url.spec.whatwg.org/#origin, with the following additions: | 86 // https://url.spec.whatwg.org/#origin, with the following additions: |
85 // | 87 // |
86 // 1. If |url| is invalid or non-standard, a unique Origin is constructed. | 88 // 1. If |url| is invalid or non-standard, a unique opaque Origin is |
| 89 // constructed. |
87 // 2. 'filesystem' URLs behave as 'blob' URLs (that is, the origin is parsed | 90 // 2. 'filesystem' URLs behave as 'blob' URLs (that is, the origin is parsed |
88 // out of everything in the URL which follows the scheme). | 91 // out of everything in the URL which follows the scheme). |
89 // 3. 'file' URLs all parse as ("file", "", 0). | 92 // 3. 'file' URLs all parse as ("file", "", 0). |
90 explicit Origin(const GURL& url); | 93 explicit Origin(const GURL& url); |
91 | 94 |
92 // Creates an Origin from a |scheme|, |host|, |port| and |suborigin|. All the | 95 // Creates an Origin from a |scheme|, |host|, |port| and |suborigin|. All the |
93 // parameters must be valid and canonicalized. Do not use this method to | 96 // parameters must be valid and canonicalized. Do not use this method to |
94 // create unique origins. Use Origin() for that. | 97 // create unique origins. Use Origin() for that. |
95 // | 98 // |
96 // This constructor should be used in order to pass 'Origin' objects back and | 99 // This constructor should be used in order to pass 'Origin' objects back and |
(...skipping 11 matching lines...) Expand all Loading... |
108 // and should NOT be used for IPC. Method takes std::strings for use with move | 111 // and should NOT be used for IPC. Method takes std::strings for use with move |
109 // operators to avoid copies. | 112 // operators to avoid copies. |
110 static Origin CreateFromNormalizedTupleWithSuborigin( | 113 static Origin CreateFromNormalizedTupleWithSuborigin( |
111 std::string scheme, | 114 std::string scheme, |
112 std::string host, | 115 std::string host, |
113 uint16_t port, | 116 uint16_t port, |
114 std::string suborigin); | 117 std::string suborigin); |
115 | 118 |
116 ~Origin(); | 119 ~Origin(); |
117 | 120 |
118 // For unique origins, these return ("", "", 0). | 121 // For opaque origins, these return ("", "", 0). |
119 const std::string& scheme() const { return tuple_.scheme(); } | 122 const std::string& scheme() const { return tuple_.scheme(); } |
120 const std::string& host() const { return tuple_.host(); } | 123 const std::string& host() const { return tuple_.host(); } |
121 uint16_t port() const { return tuple_.port(); } | 124 uint16_t port() const { return tuple_.port(); } |
122 | 125 |
123 // Note that an origin without a suborgin will return the empty string. | 126 // Note that an origin without a suborgin will return the empty string. |
124 const std::string& suborigin() const { return suborigin_; } | 127 const std::string& suborigin() const { return suborigin_; } |
125 | 128 |
126 bool unique() const { return unique_; } | 129 bool opaque() const { return opaque_; } |
127 | 130 |
128 // An ASCII serialization of the Origin as per Section 6.2 of RFC 6454, with | 131 // An ASCII serialization of the Origin as per Section 6.2 of RFC 6454, with |
129 // the addition that all Origins with a 'file' scheme serialize to "file://". | 132 // the addition that all Origins with a 'file' scheme serialize to "file://". |
130 // If the Origin has a suborigin, it will be serialized per | 133 // If the Origin has a suborigin, it will be serialized per |
131 // https://w3c.github.io/webappsec-suborigins/#serializing. | 134 // https://w3c.github.io/webappsec-suborigins/#serializing. |
132 std::string Serialize() const; | 135 std::string Serialize() const; |
133 | 136 |
134 // Returns the physical origin for Origin. If the suborigin is empty, this | 137 // Returns the physical origin for Origin. If the suborigin is empty, this |
135 // will just return a copy of the Origin. If it has a suborigin, will return | 138 // will just return a copy of the Origin. If it has a suborigin, will return |
136 // the Origin of just the scheme/host/port tuple, without the suborigin. See | 139 // the Origin of just the scheme/host/port tuple, without the suborigin. See |
137 // https://w3c.github.io/webappsec-suborigins/. | 140 // https://w3c.github.io/webappsec-suborigins/. |
138 Origin GetPhysicalOrigin() const; | 141 Origin GetPhysicalOrigin() const; |
139 | 142 |
140 // Two Origins are "same-origin" if their schemes, hosts, and ports are exact | 143 // Two Origins are "same-origin" if they are the same opaque origin, or if |
141 // matches; and neither is unique. If either of the origins have suborigins, | 144 // their schemes, hosts, and ports are exact matches; and neither is opaque. |
142 // the suborigins also must be exact matches. | 145 // If either of the origins have suborigins, the suborigins also must be exact |
| 146 // matches. |
143 bool IsSameOriginWith(const Origin& other) const; | 147 bool IsSameOriginWith(const Origin& other) const; |
144 bool operator==(const Origin& other) const { | 148 bool operator==(const Origin& other) const { |
145 return IsSameOriginWith(other); | 149 return IsSameOriginWith(other); |
146 } | 150 } |
147 | 151 |
148 // Same as above, but ignores suborigins if they exist. | 152 // Same as above, but ignores suborigins if they exist. |
149 bool IsSamePhysicalOriginWith(const Origin& other) const; | 153 bool IsSamePhysicalOriginWith(const Origin& other) const; |
150 | 154 |
151 // Efficiently returns what GURL(Serialize()) would without re-parsing the | 155 // Efficiently returns what GURL(Serialize()) would without re-parsing the |
152 // URL. This can be used for the (rare) times a GURL representation is needed | 156 // URL. This can be used for the (rare) times a GURL representation is needed |
(...skipping 16 matching lines...) Expand all Loading... |
169 uint16_t port, | 173 uint16_t port, |
170 base::StringPiece suborigin, | 174 base::StringPiece suborigin, |
171 SchemeHostPort::ConstructPolicy policy); | 175 SchemeHostPort::ConstructPolicy policy); |
172 Origin(std::string scheme, | 176 Origin(std::string scheme, |
173 std::string host, | 177 std::string host, |
174 uint16_t port, | 178 uint16_t port, |
175 std::string suborigin, | 179 std::string suborigin, |
176 SchemeHostPort::ConstructPolicy policy); | 180 SchemeHostPort::ConstructPolicy policy); |
177 | 181 |
178 SchemeHostPort tuple_; | 182 SchemeHostPort tuple_; |
179 bool unique_; | 183 bool opaque_; |
180 std::string suborigin_; | 184 std::string suborigin_; |
181 }; | 185 }; |
182 | 186 |
183 URL_EXPORT std::ostream& operator<<(std::ostream& out, const Origin& origin); | 187 URL_EXPORT std::ostream& operator<<(std::ostream& out, const Origin& origin); |
184 | 188 |
185 URL_EXPORT bool IsSameOriginWith(const GURL& a, const GURL& b); | 189 URL_EXPORT bool IsSameOriginWith(const GURL& a, const GURL& b); |
186 URL_EXPORT bool IsSamePhysicalOriginWith(const GURL& a, const GURL& b); | 190 URL_EXPORT bool IsSamePhysicalOriginWith(const GURL& a, const GURL& b); |
187 | 191 |
188 } // namespace url | 192 } // namespace url |
189 | 193 |
190 #endif // URL_ORIGIN_H_ | 194 #endif // URL_ORIGIN_H_ |
OLD | NEW |