| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2007 Apple Inc. All rights reserved. | 2 * Copyright (C) 2007 Apple Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * | 7 * |
| 8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
| (...skipping 213 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 224 bool SecurityOrigin::canAccess(const SecurityOrigin* other) const { | 224 bool SecurityOrigin::canAccess(const SecurityOrigin* other) const { |
| 225 if (m_universalAccess) | 225 if (m_universalAccess) |
| 226 return true; | 226 return true; |
| 227 | 227 |
| 228 if (this == other) | 228 if (this == other) |
| 229 return true; | 229 return true; |
| 230 | 230 |
| 231 if (isUnique() || other->isUnique()) | 231 if (isUnique() || other->isUnique()) |
| 232 return false; | 232 return false; |
| 233 | 233 |
| 234 if (hasSuborigin() != other->hasSuborigin()) |
| 235 return false; |
| 236 |
| 237 if (hasSuborigin() && suborigin()->name() != other->suborigin()->name()) |
| 238 return false; |
| 239 |
| 234 // document.domain handling, as per | 240 // document.domain handling, as per |
| 235 // https://html.spec.whatwg.org/multipage/browsers.html#dom-document-domain: | 241 // https://html.spec.whatwg.org/multipage/browsers.html#dom-document-domain: |
| 236 // | 242 // |
| 237 // 1) Neither document has set document.domain. In this case, we insist | 243 // 1) Neither document has set document.domain. In this case, we insist |
| 238 // that the scheme, host, and port of the URLs match. | 244 // that the scheme, host, and port of the URLs match. |
| 239 // | 245 // |
| 240 // 2) Both documents have set document.domain. In this case, we insist | 246 // 2) Both documents have set document.domain. In this case, we insist |
| 241 // that the documents have set document.domain to the same value and | 247 // that the documents have set document.domain to the same value and |
| 242 // that the scheme of the URLs match. Ports do not need to match. | 248 // that the scheme of the URLs match. Ports do not need to match. |
| 243 bool canAccess = false; | 249 bool canAccess = false; |
| 244 if (m_protocol == other->m_protocol) { | 250 if (m_protocol == other->m_protocol) { |
| 245 if (!m_domainWasSetInDOM && !other->m_domainWasSetInDOM) { | 251 if (!m_domainWasSetInDOM && !other->m_domainWasSetInDOM) { |
| 246 if (m_host == other->m_host && m_port == other->m_port) | 252 if (m_host == other->m_host && m_port == other->m_port) |
| 247 canAccess = true; | 253 canAccess = true; |
| 248 } else if (m_domainWasSetInDOM && other->m_domainWasSetInDOM) { | 254 } else if (m_domainWasSetInDOM && other->m_domainWasSetInDOM) { |
| 249 if (m_domain == other->m_domain) | 255 if (m_domain == other->m_domain) |
| 250 canAccess = true; | 256 canAccess = true; |
| 251 } | 257 } |
| 252 } | 258 } |
| 253 | 259 |
| 254 if (canAccess && isLocal()) | 260 if (canAccess && isLocal()) |
| 255 canAccess = passesFileCheck(other); | 261 canAccess = passesFileCheck(other); |
| 256 | 262 |
| 257 return canAccess; | 263 return canAccess; |
| 258 } | 264 } |
| 259 | 265 |
| 260 bool SecurityOrigin::canAccessCheckSuborigins( | |
| 261 const SecurityOrigin* other) const { | |
| 262 if (hasSuborigin() != other->hasSuborigin()) | |
| 263 return false; | |
| 264 | |
| 265 if (hasSuborigin() && suborigin()->name() != other->suborigin()->name()) | |
| 266 return false; | |
| 267 | |
| 268 return canAccess(other); | |
| 269 } | |
| 270 | |
| 271 bool SecurityOrigin::passesFileCheck(const SecurityOrigin* other) const { | 266 bool SecurityOrigin::passesFileCheck(const SecurityOrigin* other) const { |
| 272 ASSERT(isLocal() && other->isLocal()); | 267 ASSERT(isLocal() && other->isLocal()); |
| 273 | 268 |
| 274 return !m_blockLocalAccessFromLocalOrigin && | 269 return !m_blockLocalAccessFromLocalOrigin && |
| 275 !other->m_blockLocalAccessFromLocalOrigin; | 270 !other->m_blockLocalAccessFromLocalOrigin; |
| 276 } | 271 } |
| 277 | 272 |
| 278 bool SecurityOrigin::canRequest(const KURL& url) const { | 273 bool SecurityOrigin::canRequest(const KURL& url) const { |
| 279 if (m_universalAccess) | 274 if (m_universalAccess) |
| 280 return true; | 275 return true; |
| (...skipping 337 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 618 utf8.data(), url::Component(0, utf8.length()), &canonOutput, &outHost); | 613 utf8.data(), url::Component(0, utf8.length()), &canonOutput, &outHost); |
| 619 } else { | 614 } else { |
| 620 *success = url::CanonicalizeHost(host.characters16(), | 615 *success = url::CanonicalizeHost(host.characters16(), |
| 621 url::Component(0, host.length()), | 616 url::Component(0, host.length()), |
| 622 &canonOutput, &outHost); | 617 &canonOutput, &outHost); |
| 623 } | 618 } |
| 624 return String::fromUTF8(canonOutput.data(), canonOutput.length()); | 619 return String::fromUTF8(canonOutput.data(), canonOutput.length()); |
| 625 } | 620 } |
| 626 | 621 |
| 627 } // namespace blink | 622 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2805683005:
Merge SecurityOrigin::canAccessCheckSuborigins into canAccess (Closed)
