OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Google Inc. All Rights Reserved. | 2 * Copyright (C) 2011 Google Inc. All Rights Reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 10 matching lines...) Expand all Loading... |
21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
24 * | 24 * |
25 */ | 25 */ |
26 | 26 |
27 #ifndef SecurityContext_h | 27 #ifndef SecurityContext_h |
28 #define SecurityContext_h | 28 #define SecurityContext_h |
29 | 29 |
30 #include "core/dom/SandboxFlags.h" | 30 #include "core/dom/SandboxFlags.h" |
| 31 #include "wtf/HashSet.h" |
31 #include "wtf/PassRefPtr.h" | 32 #include "wtf/PassRefPtr.h" |
32 #include "wtf/RefPtr.h" | 33 #include "wtf/RefPtr.h" |
| 34 #include "wtf/text/StringHash.h" |
33 #include "wtf/text/WTFString.h" | 35 #include "wtf/text/WTFString.h" |
34 | 36 |
35 namespace blink { | 37 namespace blink { |
36 | 38 |
37 class SecurityOrigin; | 39 class SecurityOrigin; |
38 class ContentSecurityPolicy; | 40 class ContentSecurityPolicy; |
39 class KURL; | 41 class KURL; |
40 | 42 |
41 class SecurityContext { | 43 class SecurityContext { |
42 public: | 44 public: |
| 45 using InsecureNavigationsSet = HashSet<unsigned, WTF::AlreadyHashed>; |
| 46 |
43 // The ordering here is important: 'Upgrade' overrides 'DoNotUpgrade'. | 47 // The ordering here is important: 'Upgrade' overrides 'DoNotUpgrade'. |
44 enum InsecureRequestsPolicy { | 48 enum InsecureRequestsPolicy { |
45 InsecureRequestsDoNotUpgrade = 0, | 49 InsecureRequestsDoNotUpgrade = 0, |
46 InsecureRequestsUpgrade | 50 InsecureRequestsUpgrade |
47 }; | 51 }; |
48 | 52 |
49 SecurityOrigin* securityOrigin() const { return m_securityOrigin.get(); } | 53 SecurityOrigin* securityOrigin() const { return m_securityOrigin.get(); } |
50 ContentSecurityPolicy* contentSecurityPolicy() const { return m_contentSecur
ityPolicy.get(); } | 54 ContentSecurityPolicy* contentSecurityPolicy() const { return m_contentSecur
ityPolicy.get(); } |
51 | 55 |
52 bool isSecureTransitionTo(const KURL&) const; | 56 bool isSecureTransitionTo(const KURL&) const; |
53 | 57 |
54 // Explicitly override the security origin for this security context. | 58 // Explicitly override the security origin for this security context. |
55 // Note: It is dangerous to change the security origin of a script context | 59 // Note: It is dangerous to change the security origin of a script context |
56 // that already contains content. | 60 // that already contains content. |
57 void setSecurityOrigin(PassRefPtr<SecurityOrigin>); | 61 void setSecurityOrigin(PassRefPtr<SecurityOrigin>); |
58 virtual void didUpdateSecurityOrigin() = 0; | 62 virtual void didUpdateSecurityOrigin() = 0; |
59 | 63 |
60 SandboxFlags sandboxFlags() const { return m_sandboxFlags; } | 64 SandboxFlags sandboxFlags() const { return m_sandboxFlags; } |
61 bool isSandboxed(SandboxFlags mask) const { return m_sandboxFlags & mask; } | 65 bool isSandboxed(SandboxFlags mask) const { return m_sandboxFlags & mask; } |
62 void enforceSandboxFlags(SandboxFlags mask); | 66 void enforceSandboxFlags(SandboxFlags mask); |
63 | 67 |
64 void setHostedInReservedIPRange() { m_hostedInReservedIPRange = true; } | 68 void setHostedInReservedIPRange() { m_hostedInReservedIPRange = true; } |
65 bool isHostedInReservedIPRange() const { return m_hostedInReservedIPRange; } | 69 bool isHostedInReservedIPRange() const { return m_hostedInReservedIPRange; } |
66 | 70 |
67 void setInsecureRequestsPolicy(InsecureRequestsPolicy policy) { m_insecureRe
questsPolicy = policy; } | 71 void setInsecureRequestsPolicy(InsecureRequestsPolicy policy) { m_insecureRe
questsPolicy = policy; } |
68 InsecureRequestsPolicy insecureRequestsPolicy() const { return m_insecureReq
uestsPolicy; } | 72 InsecureRequestsPolicy insecureRequestsPolicy() const { return m_insecureReq
uestsPolicy; } |
69 | 73 |
| 74 void addInsecureNavigationUpgrade(const String& host) { m_insecureNavigation
sToUpgrade.add(host.impl()->hash()); } |
| 75 void addInsecureNavigationUpgrade(unsigned hashedHost) { m_insecureNavigatio
nsToUpgrade.add(hashedHost); } |
| 76 InsecureNavigationsSet* insecureNavigationsToUpgrade() { return &m_insecureN
avigationsToUpgrade; } |
| 77 |
70 protected: | 78 protected: |
71 SecurityContext(); | 79 SecurityContext(); |
72 virtual ~SecurityContext(); | 80 virtual ~SecurityContext(); |
73 | 81 |
74 void setContentSecurityPolicy(PassRefPtr<ContentSecurityPolicy>); | 82 void setContentSecurityPolicy(PassRefPtr<ContentSecurityPolicy>); |
75 | 83 |
76 void didFailToInitializeSecurityOrigin() { m_haveInitializedSecurityOrigin =
false; } | 84 void didFailToInitializeSecurityOrigin() { m_haveInitializedSecurityOrigin =
false; } |
77 bool haveInitializedSecurityOrigin() const { return m_haveInitializedSecurit
yOrigin; } | 85 bool haveInitializedSecurityOrigin() const { return m_haveInitializedSecurit
yOrigin; } |
78 | 86 |
79 private: | 87 private: |
80 bool m_haveInitializedSecurityOrigin; | 88 bool m_haveInitializedSecurityOrigin; |
81 RefPtr<SecurityOrigin> m_securityOrigin; | 89 RefPtr<SecurityOrigin> m_securityOrigin; |
82 RefPtr<ContentSecurityPolicy> m_contentSecurityPolicy; | 90 RefPtr<ContentSecurityPolicy> m_contentSecurityPolicy; |
83 | 91 |
84 SandboxFlags m_sandboxFlags; | 92 SandboxFlags m_sandboxFlags; |
85 | 93 |
86 bool m_hostedInReservedIPRange; | 94 bool m_hostedInReservedIPRange; |
87 InsecureRequestsPolicy m_insecureRequestsPolicy; | 95 InsecureRequestsPolicy m_insecureRequestsPolicy; |
| 96 InsecureNavigationsSet m_insecureNavigationsToUpgrade; |
88 }; | 97 }; |
89 | 98 |
90 } // namespace blink | 99 } // namespace blink |
91 | 100 |
92 #endif // SecurityContext_h | 101 #endif // SecurityContext_h |
OLD | NEW |