OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2011 Google Inc. All rights reserved. | 2 * Copyright (C) 2011 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * | 7 * |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 11 matching lines...) Expand all Loading... | |
22 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | 22 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND | 23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
24 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 24 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
27 */ | 27 */ |
28 | 28 |
29 #include "config.h" | 29 #include "config.h" |
30 #include "platform/weborigin/SecurityPolicy.h" | 30 #include "platform/weborigin/SecurityPolicy.h" |
31 | 31 |
32 #include "platform/RuntimeEnabledFeatures.h" | |
32 #include "platform/weborigin/KURL.h" | 33 #include "platform/weborigin/KURL.h" |
33 #include "platform/weborigin/OriginAccessEntry.h" | 34 #include "platform/weborigin/OriginAccessEntry.h" |
34 #include "platform/weborigin/SecurityOrigin.h" | 35 #include "platform/weborigin/SecurityOrigin.h" |
35 #include "wtf/HashMap.h" | 36 #include "wtf/HashMap.h" |
36 #include "wtf/MainThread.h" | 37 #include "wtf/MainThread.h" |
37 #include "wtf/OwnPtr.h" | 38 #include "wtf/OwnPtr.h" |
38 #include "wtf/PassOwnPtr.h" | 39 #include "wtf/PassOwnPtr.h" |
39 #include "wtf/text/StringHash.h" | 40 #include "wtf/text/StringHash.h" |
40 | 41 |
41 namespace blink { | 42 namespace blink { |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
79 case ReferrerPolicyAlways: | 80 case ReferrerPolicyAlways: |
80 return Referrer(referrer, referrerPolicy); | 81 return Referrer(referrer, referrerPolicy); |
81 case ReferrerPolicyOrigin: { | 82 case ReferrerPolicyOrigin: { |
82 String origin = SecurityOrigin::createFromString(referrer)->toString(); | 83 String origin = SecurityOrigin::createFromString(referrer)->toString(); |
83 if (origin == "null") | 84 if (origin == "null") |
84 return Referrer(String(), referrerPolicy); | 85 return Referrer(String(), referrerPolicy); |
85 // A security origin is not a canonical URL as it lacks a path. Add / | 86 // A security origin is not a canonical URL as it lacks a path. Add / |
86 // to turn it into a canonical URL we can use as referrer. | 87 // to turn it into a canonical URL we can use as referrer. |
87 return Referrer(origin + "/", referrerPolicy); | 88 return Referrer(origin + "/", referrerPolicy); |
88 } | 89 } |
89 case ReferrerPolicyDefault: | 90 case ReferrerPolicyDefault: { |
91 // If the flag is enabled, and we're dealing with a cross-origin request , strip it. | |
92 // Otherwise fallthrough to NoReferrerWhenDowngrade behavior. | |
93 RefPtr<SecurityOrigin> referrerOrigin = SecurityOrigin::createFromString (referrer); | |
94 RefPtr<SecurityOrigin> urlOrigin = SecurityOrigin::create(url); | |
95 if (RuntimeEnabledFeatures::reducedReferrerGranularityEnabled() && !urlO rigin->isSameSchemeHostPort(referrerOrigin.get())) { | |
96 String origin = referrerOrigin->toString(); | |
97 if (origin == "null") | |
98 return Referrer(String(), referrerPolicy); | |
99 return Referrer(shouldHideReferrer(url, referrer) ? String() : origi n + "/", referrerPolicy); | |
jochen (gone - plz use gerrit)
2014/11/10 14:53:19
why not NoReferrerWhenDowngrade instead of referre
jochen (gone - plz use gerrit)
2014/11/10 14:53:19
why not NoReferrerWhenDowngrade instead of referre
Mike West
2014/11/10 15:13:45
Because that would break the eventual redirect pro
| |
100 } | |
101 } | |
90 case ReferrerPolicyNoReferrerWhenDowngrade: | 102 case ReferrerPolicyNoReferrerWhenDowngrade: |
91 break; | 103 break; |
92 } | 104 } |
93 | 105 |
94 return Referrer(shouldHideReferrer(url, referrer) ? String() : referrer, ref errerPolicy); | 106 return Referrer(shouldHideReferrer(url, referrer) ? String() : referrer, ref errerPolicy); |
95 } | 107 } |
96 | 108 |
97 bool SecurityPolicy::isAccessWhiteListed(const SecurityOrigin* activeOrigin, con st SecurityOrigin* targetOrigin) | 109 bool SecurityPolicy::isAccessWhiteListed(const SecurityOrigin* activeOrigin, con st SecurityOrigin* targetOrigin) |
98 { | 110 { |
99 if (OriginAccessWhiteList* list = originAccessMap().get(activeOrigin->toStri ng())) { | 111 if (OriginAccessWhiteList* list = originAccessMap().get(activeOrigin->toStri ng())) { |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
151 map.remove(it); | 163 map.remove(it); |
152 } | 164 } |
153 | 165 |
154 void SecurityPolicy::resetOriginAccessWhitelists() | 166 void SecurityPolicy::resetOriginAccessWhitelists() |
155 { | 167 { |
156 ASSERT(isMainThread()); | 168 ASSERT(isMainThread()); |
157 originAccessMap().clear(); | 169 originAccessMap().clear(); |
158 } | 170 } |
159 | 171 |
160 } // namespace blink | 172 } // namespace blink |
OLD | NEW |