OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2007 Apple Inc. All rights reserved. | 2 * Copyright (C) 2007 Apple Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * | 7 * |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 357 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
368 | 368 |
369 if (SchemeRegistry::shouldTreatURLSchemeAsDisplayIsolated(protocol)) | 369 if (SchemeRegistry::shouldTreatURLSchemeAsDisplayIsolated(protocol)) |
370 return m_protocol == protocol || SecurityPolicy::isAccessToURLWhiteListe d(this, url); | 370 return m_protocol == protocol || SecurityPolicy::isAccessToURLWhiteListe d(this, url); |
371 | 371 |
372 if (SchemeRegistry::shouldTreatURLSchemeAsLocal(protocol)) | 372 if (SchemeRegistry::shouldTreatURLSchemeAsLocal(protocol)) |
373 return canLoadLocalResources() || SecurityPolicy::isAccessToURLWhiteList ed(this, url); | 373 return canLoadLocalResources() || SecurityPolicy::isAccessToURLWhiteList ed(this, url); |
374 | 374 |
375 return true; | 375 return true; |
376 } | 376 } |
377 | 377 |
378 bool SecurityOrigin::canAccessFeatureRequiringSecureOrigin() const | |
379 { | |
380 if (isLocal()) | |
381 return true; | |
382 | |
383 if (SchemeRegistry::shouldTreatURLSchemeAsSecure(m_protocol)) | |
384 return true; | |
385 | |
386 // FIXME: According to http://www.chromium.org/Home/chromium-security/securi ty-faq#TOC-Which-origins-are-secure- should match all of 127/8 and ::1/8 | |
palmer
2014/05/24 01:44:30
Should be ::1/128. Also provide a reference to htt
| |
387 if (m_protocol != "" && !m_domainWasSetInDOM && (m_domain == "localhost" || m_domain == "127.0.0.1" || m_domain == "[::1]")) | |
388 return true; | |
389 | |
390 return false; | |
391 } | |
392 | |
378 SecurityOrigin::Policy SecurityOrigin::canShowNotifications() const | 393 SecurityOrigin::Policy SecurityOrigin::canShowNotifications() const |
379 { | 394 { |
380 if (m_universalAccess) | 395 if (m_universalAccess) |
381 return AlwaysAllow; | 396 return AlwaysAllow; |
382 if (isUnique()) | 397 if (isUnique()) |
383 return AlwaysDeny; | 398 return AlwaysDeny; |
384 return Ask; | 399 return Ask; |
385 } | 400 } |
386 | 401 |
387 void SecurityOrigin::grantLoadLocalResources() | 402 void SecurityOrigin::grantLoadLocalResources() |
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
491 } | 506 } |
492 | 507 |
493 const String& SecurityOrigin::urlWithUniqueSecurityOrigin() | 508 const String& SecurityOrigin::urlWithUniqueSecurityOrigin() |
494 { | 509 { |
495 ASSERT(isMainThread()); | 510 ASSERT(isMainThread()); |
496 DEFINE_STATIC_LOCAL(const String, uniqueSecurityOriginURL, ("data:,")); | 511 DEFINE_STATIC_LOCAL(const String, uniqueSecurityOriginURL, ("data:,")); |
497 return uniqueSecurityOriginURL; | 512 return uniqueSecurityOriginURL; |
498 } | 513 } |
499 | 514 |
500 } // namespace WebCore | 515 } // namespace WebCore |
OLD | NEW |