OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2007, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2007, 2008 Apple Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * | 7 * |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
106 // Returns true if this SecurityOrigin can receive drag content from the | 106 // Returns true if this SecurityOrigin can receive drag content from the |
107 // initiator. For example, call this function before allowing content to be | 107 // initiator. For example, call this function before allowing content to be |
108 // dropped onto a target. | 108 // dropped onto a target. |
109 bool canReceiveDragData(const SecurityOrigin* dragInitiator) const; | 109 bool canReceiveDragData(const SecurityOrigin* dragInitiator) const; |
110 | 110 |
111 // Returns true if |document| can display content from the given URL (e.g., | 111 // Returns true if |document| can display content from the given URL (e.g., |
112 // in an iframe or as an image). For example, web sites generally cannot | 112 // in an iframe or as an image). For example, web sites generally cannot |
113 // display content from the user's files system. | 113 // display content from the user's files system. |
114 bool canDisplay(const KURL&) const; | 114 bool canDisplay(const KURL&) const; |
115 | 115 |
| 116 // A "secure origin" as defined by [1] are those that load resources either |
| 117 // from the local machine (necessarily trusted) or over the network from a |
| 118 // cryptographically-authenticated server. |
| 119 // |
| 120 // [1] http://www.chromium.org/Home/chromium-security/security-faq#TOC-Which
-origins-are-secure- |
| 121 bool canAccessFeatureRequiringSecureOrigin() const; |
| 122 |
116 // Returns true if this SecurityOrigin can load local resources, such | 123 // Returns true if this SecurityOrigin can load local resources, such |
117 // as images, iframes, and style sheets, and can link to local URLs. | 124 // as images, iframes, and style sheets, and can link to local URLs. |
118 // For example, call this function before creating an iframe to a | 125 // For example, call this function before creating an iframe to a |
119 // file:// URL. | 126 // file:// URL. |
120 // | 127 // |
121 // Note: A SecurityOrigin might be allowed to load local resources | 128 // Note: A SecurityOrigin might be allowed to load local resources |
122 // without being able to issue an XMLHttpRequest for a local URL. | 129 // without being able to issue an XMLHttpRequest for a local URL. |
123 // To determine whether the SecurityOrigin can issue an | 130 // To determine whether the SecurityOrigin can issue an |
124 // XMLHttpRequest for a URL, call canRequest(url). | 131 // XMLHttpRequest for a URL, call canRequest(url). |
125 bool canLoadLocalResources() const { return m_canLoadLocalResources; } | 132 bool canLoadLocalResources() const { return m_canLoadLocalResources; } |
126 | 133 |
127 // Explicitly grant the ability to load local resources to this | 134 // Explicitly grant the ability to load local resources to this |
128 // SecurityOrigin. | 135 // SecurityOrigin. |
129 // | 136 // |
130 // Note: This method exists only to support backwards compatibility | 137 // Note: This method exists only to support backwards compatibility |
131 // with older versions of WebKit. | 138 // with older versions of WebKit. |
132 void grantLoadLocalResources(); | 139 void grantLoadLocalResources(); |
133 | 140 |
134 // Explicitly grant the ability to access very other SecurityOrigin. | 141 // Explicitly grant the ability to access every other SecurityOrigin. |
135 // | 142 // |
136 // WARNING: This is an extremely powerful ability. Use with caution! | 143 // WARNING: This is an extremely powerful ability. Use with caution! |
137 void grantUniversalAccess(); | 144 void grantUniversalAccess(); |
138 | 145 |
139 bool canAccessDatabase() const { return !isUnique(); }; | 146 bool canAccessDatabase() const { return !isUnique(); }; |
140 bool canAccessLocalStorage() const { return !isUnique(); }; | 147 bool canAccessLocalStorage() const { return !isUnique(); }; |
141 bool canAccessSharedWorkers() const { return !isUnique(); } | 148 bool canAccessSharedWorkers() const { return !isUnique(); } |
142 bool canAccessCookies() const { return !isUnique(); } | 149 bool canAccessCookies() const { return !isUnique(); } |
143 bool canAccessPasswordManager() const { return !isUnique(); } | 150 bool canAccessPasswordManager() const { return !isUnique(); } |
144 bool canAccessFileSystem() const { return !isUnique(); } | 151 bool canAccessFileSystem() const { return !isUnique(); } |
145 Policy canShowNotifications() const; | 152 Policy canShowNotifications() const; |
146 | 153 |
147 // Technically, we should always allow access to sessionStorage, but we | 154 // Technically, we should always allow access to sessionStorage, but we |
148 // currently don't handle creating a sessionStorage area for unique | 155 // currently don't handle creating a sessionStorage area for unique |
149 // origins. | 156 // origins. |
150 bool canAccessSessionStorage() const { return !isUnique(); } | 157 bool canAccessSessionStorage() const { return !isUnique(); } |
151 | 158 |
152 // The local SecurityOrigin is the most privileged SecurityOrigin. | 159 // The local SecurityOrigin is the most privileged SecurityOrigin. |
153 // The local SecurityOrigin can script any document, navigate to local | 160 // The local SecurityOrigin can script any document, navigate to local |
154 // resources, and can set arbitrary headers on XMLHttpRequests. | 161 // resources, and can set arbitrary headers on XMLHttpRequests. |
155 bool isLocal() const; | 162 bool isLocal() const; |
156 | 163 |
| 164 // Returns true if the host is one of 127.0.0.1/8, ::1/128, or "localhost". |
| 165 bool isLocalhost() const; |
| 166 |
157 // The origin is a globally unique identifier assigned when the Document is | 167 // The origin is a globally unique identifier assigned when the Document is |
158 // created. http://www.whatwg.org/specs/web-apps/current-work/#sandboxOrigin | 168 // created. http://www.whatwg.org/specs/web-apps/current-work/#sandboxOrigin |
159 // | 169 // |
160 // There's a subtle difference between a unique origin and an origin that | 170 // There's a subtle difference between a unique origin and an origin that |
161 // has the SandboxOrigin flag set. The latter implies the former, and, in | 171 // has the SandboxOrigin flag set. The latter implies the former, and, in |
162 // addition, the SandboxOrigin flag is inherited by iframes. | 172 // addition, the SandboxOrigin flag is inherited by iframes. |
163 bool isUnique() const { return m_isUnique; } | 173 bool isUnique() const { return m_isUnique; } |
164 | 174 |
165 // Marks a file:// origin as being in a domain defined by its path. | 175 // Marks a file:// origin as being in a domain defined by its path. |
166 // FIXME 81578: The naming of this is confusing. Files with restricted acces
s to other local files | 176 // FIXME 81578: The naming of this is confusing. Files with restricted acces
s to other local files |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
211 bool m_universalAccess; | 221 bool m_universalAccess; |
212 bool m_domainWasSetInDOM; | 222 bool m_domainWasSetInDOM; |
213 bool m_canLoadLocalResources; | 223 bool m_canLoadLocalResources; |
214 bool m_enforceFilePathSeparation; | 224 bool m_enforceFilePathSeparation; |
215 bool m_needsDatabaseIdentifierQuirkForFiles; | 225 bool m_needsDatabaseIdentifierQuirkForFiles; |
216 }; | 226 }; |
217 | 227 |
218 } // namespace WebCore | 228 } // namespace WebCore |
219 | 229 |
220 #endif // SecurityOrigin_h | 230 #endif // SecurityOrigin_h |
OLD | NEW |