Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(207)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/platform/weborigin/SecurityOrigin.h

Issue 299253003: [webcrypto] Only allow crypto.subtle.* to be used from "secure origins". (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: reformat comments Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « Source/modules/crypto/SubtleCrypto.cpp ('k') | Source/platform/weborigin/SecurityOrigin.cpp » ('j') | Source/platform/weborigin/SecurityOriginTest.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2007, 2008 Apple Inc. All rights reserved. 2 * Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 7 *
8 * 1. Redistributions of source code must retain the above copyright 8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright 10 * 2. Redistributions in binary form must reproduce the above copyright
(...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after
106 // Returns true if this SecurityOrigin can receive drag content from the 106 // Returns true if this SecurityOrigin can receive drag content from the
107 // initiator. For example, call this function before allowing content to be 107 // initiator. For example, call this function before allowing content to be
108 // dropped onto a target. 108 // dropped onto a target.
109 bool canReceiveDragData(const SecurityOrigin* dragInitiator) const; 109 bool canReceiveDragData(const SecurityOrigin* dragInitiator) const;
110 110
111 // Returns true if |document| can display content from the given URL (e.g., 111 // Returns true if |document| can display content from the given URL (e.g.,
112 // in an iframe or as an image). For example, web sites generally cannot 112 // in an iframe or as an image). For example, web sites generally cannot
113 // display content from the user's files system. 113 // display content from the user's files system.
114 bool canDisplay(const KURL&) const; 114 bool canDisplay(const KURL&) const;
115 115
116 // A "secure origin" as defined by [1] are those that load resources either
117 // from the local machine (necessarily trusted) or over the network from a
118 // cryptographically-authenticated server.
119 //
120 // [1] http://www.chromium.org/Home/chromium-security/security-faq#TOC-Which -origins-are-secure-
121 bool canAccessFeatureRequiringSecureOrigin() const;
122
116 // Returns true if this SecurityOrigin can load local resources, such 123 // Returns true if this SecurityOrigin can load local resources, such
117 // as images, iframes, and style sheets, and can link to local URLs. 124 // as images, iframes, and style sheets, and can link to local URLs.
118 // For example, call this function before creating an iframe to a 125 // For example, call this function before creating an iframe to a
119 // file:// URL. 126 // file:// URL.
120 // 127 //
121 // Note: A SecurityOrigin might be allowed to load local resources 128 // Note: A SecurityOrigin might be allowed to load local resources
122 // without being able to issue an XMLHttpRequest for a local URL. 129 // without being able to issue an XMLHttpRequest for a local URL.
123 // To determine whether the SecurityOrigin can issue an 130 // To determine whether the SecurityOrigin can issue an
124 // XMLHttpRequest for a URL, call canRequest(url). 131 // XMLHttpRequest for a URL, call canRequest(url).
125 bool canLoadLocalResources() const { return m_canLoadLocalResources; } 132 bool canLoadLocalResources() const { return m_canLoadLocalResources; }
126 133
127 // Explicitly grant the ability to load local resources to this 134 // Explicitly grant the ability to load local resources to this
128 // SecurityOrigin. 135 // SecurityOrigin.
129 // 136 //
130 // Note: This method exists only to support backwards compatibility 137 // Note: This method exists only to support backwards compatibility
131 // with older versions of WebKit. 138 // with older versions of WebKit.
132 void grantLoadLocalResources(); 139 void grantLoadLocalResources();
133 140
134 // Explicitly grant the ability to access very other SecurityOrigin. 141 // Explicitly grant the ability to access every other SecurityOrigin.
135 // 142 //
136 // WARNING: This is an extremely powerful ability. Use with caution! 143 // WARNING: This is an extremely powerful ability. Use with caution!
137 void grantUniversalAccess(); 144 void grantUniversalAccess();
138 145
139 bool canAccessDatabase() const { return !isUnique(); }; 146 bool canAccessDatabase() const { return !isUnique(); };
140 bool canAccessLocalStorage() const { return !isUnique(); }; 147 bool canAccessLocalStorage() const { return !isUnique(); };
141 bool canAccessSharedWorkers() const { return !isUnique(); } 148 bool canAccessSharedWorkers() const { return !isUnique(); }
142 bool canAccessCookies() const { return !isUnique(); } 149 bool canAccessCookies() const { return !isUnique(); }
143 bool canAccessPasswordManager() const { return !isUnique(); } 150 bool canAccessPasswordManager() const { return !isUnique(); }
144 bool canAccessFileSystem() const { return !isUnique(); } 151 bool canAccessFileSystem() const { return !isUnique(); }
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after
211 bool m_universalAccess; 218 bool m_universalAccess;
212 bool m_domainWasSetInDOM; 219 bool m_domainWasSetInDOM;
213 bool m_canLoadLocalResources; 220 bool m_canLoadLocalResources;
214 bool m_enforceFilePathSeparation; 221 bool m_enforceFilePathSeparation;
215 bool m_needsDatabaseIdentifierQuirkForFiles; 222 bool m_needsDatabaseIdentifierQuirkForFiles;
216 }; 223 };
217 224
218 } // namespace WebCore 225 } // namespace WebCore
219 226
220 #endif // SecurityOrigin_h 227 #endif // SecurityOrigin_h
OLDNEW
« no previous file with comments | « Source/modules/crypto/SubtleCrypto.cpp ('k') | Source/platform/weborigin/SecurityOrigin.cpp » ('j') | Source/platform/weborigin/SecurityOriginTest.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698