OLD | NEW |
| (Empty) |
1 /* | |
2 * Copyright (C) 2011 Google Inc. All rights reserved. | |
3 * | |
4 * Redistribution and use in source and binary forms, with or without | |
5 * modification, are permitted provided that the following conditions | |
6 * are met: | |
7 * | |
8 * 1. Redistributions of source code must retain the above copyright | |
9 * notice, this list of conditions and the following disclaimer. | |
10 * 2. Redistributions in binary form must reproduce the above copyright | |
11 * notice, this list of conditions and the following disclaimer in the | |
12 * documentation and/or other materials provided with the distribution. | |
13 * 3. Neither the name of Google, Inc. ("Google") nor the names of | |
14 * its contributors may be used to endorse or promote products derived | |
15 * from this software without specific prior written permission. | |
16 * | |
17 * THIS SOFTWARE IS PROVIDED BY GOOGLE AND ITS CONTRIBUTORS "AS IS" AND ANY | |
18 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
19 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
20 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY | |
21 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
22 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | |
24 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
27 */ | |
28 | |
29 #ifndef SecurityPolicy_h | |
30 #define SecurityPolicy_h | |
31 | |
32 #include "weborigin/ReferrerPolicy.h" | |
33 #include "weborigin/WebOriginExport.h" | |
34 #include "wtf/text/WTFString.h" | |
35 | |
36 namespace WebCore { | |
37 | |
38 class KURL; | |
39 class SecurityOrigin; | |
40 | |
41 class WEBORIGIN_EXPORT SecurityPolicy { | |
42 public: | |
43 // True if the referrer should be omitted according to the | |
44 // ReferrerPolicyDefault. If you intend to send a referrer header, you | |
45 // should use generateReferrerHeader instead. | |
46 static bool shouldHideReferrer(const KURL&, const String& referrer); | |
47 | |
48 // Returns the referrer modified according to the referrer policy for a | |
49 // navigation to a given URL. If the referrer returned is empty, the | |
50 // referrer header should be omitted. | |
51 static String generateReferrerHeader(ReferrerPolicy, const KURL&, const Stri
ng& referrer); | |
52 | |
53 static void addOriginAccessWhitelistEntry(const SecurityOrigin& sourceOrigin
, const String& destinationProtocol, const String& destinationDomain, bool allow
DestinationSubdomains); | |
54 static void removeOriginAccessWhitelistEntry(const SecurityOrigin& sourceOri
gin, const String& destinationProtocol, const String& destinationDomain, bool al
lowDestinationSubdomains); | |
55 static void resetOriginAccessWhitelists(); | |
56 | |
57 static bool isAccessWhiteListed(const SecurityOrigin* activeOrigin, const Se
curityOrigin* targetOrigin); | |
58 static bool isAccessToURLWhiteListed(const SecurityOrigin* activeOrigin, con
st KURL&); | |
59 }; | |
60 | |
61 } // namespace WebCore | |
62 | |
63 #endif // SecurityPolicy_h | |
OLD | NEW |