Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(35)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/dom/SecurityContext.h

Issue 978323002: Upgrade insecure requests: Pipe navigational hosts down into nested documents. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « Source/core/dom/DocumentInit.cpp ('k') | Source/core/fetch/ResourceFetcher.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Google Inc. All Rights Reserved. 2 * Copyright (C) 2011 Google Inc. All Rights Reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 10 matching lines...) Expand all
21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 * 24 *
25 */ 25 */
26 26
27 #ifndef SecurityContext_h 27 #ifndef SecurityContext_h
28 #define SecurityContext_h 28 #define SecurityContext_h
29 29
30 #include "core/dom/SandboxFlags.h" 30 #include "core/dom/SandboxFlags.h"
31 #include "wtf/HashSet.h"
31 #include "wtf/PassRefPtr.h" 32 #include "wtf/PassRefPtr.h"
32 #include "wtf/RefPtr.h" 33 #include "wtf/RefPtr.h"
34 #include "wtf/text/StringHash.h"
33 #include "wtf/text/WTFString.h" 35 #include "wtf/text/WTFString.h"
34 36
35 namespace blink { 37 namespace blink {
36 38
37 class SecurityOrigin; 39 class SecurityOrigin;
38 class ContentSecurityPolicy; 40 class ContentSecurityPolicy;
39 class KURL; 41 class KURL;
40 42
41 class SecurityContext { 43 class SecurityContext {
42 public: 44 public:
45 using InsecureNavigationsSet = HashSet<unsigned, WTF::AlreadyHashed>;
46
43 // The ordering here is important: 'Upgrade' overrides 'DoNotUpgrade'. 47 // The ordering here is important: 'Upgrade' overrides 'DoNotUpgrade'.
44 enum InsecureRequestsPolicy { 48 enum InsecureRequestsPolicy {
45 InsecureRequestsDoNotUpgrade = 0, 49 InsecureRequestsDoNotUpgrade = 0,
46 InsecureRequestsUpgrade 50 InsecureRequestsUpgrade
47 }; 51 };
48 52
49 SecurityOrigin* securityOrigin() const { return m_securityOrigin.get(); } 53 SecurityOrigin* securityOrigin() const { return m_securityOrigin.get(); }
50 ContentSecurityPolicy* contentSecurityPolicy() const { return m_contentSecur ityPolicy.get(); } 54 ContentSecurityPolicy* contentSecurityPolicy() const { return m_contentSecur ityPolicy.get(); }
51 55
52 bool isSecureTransitionTo(const KURL&) const; 56 bool isSecureTransitionTo(const KURL&) const;
53 57
54 // Explicitly override the security origin for this security context. 58 // Explicitly override the security origin for this security context.
55 // Note: It is dangerous to change the security origin of a script context 59 // Note: It is dangerous to change the security origin of a script context
56 // that already contains content. 60 // that already contains content.
57 void setSecurityOrigin(PassRefPtr<SecurityOrigin>); 61 void setSecurityOrigin(PassRefPtr<SecurityOrigin>);
58 virtual void didUpdateSecurityOrigin() = 0; 62 virtual void didUpdateSecurityOrigin() = 0;
59 63
60 SandboxFlags sandboxFlags() const { return m_sandboxFlags; } 64 SandboxFlags sandboxFlags() const { return m_sandboxFlags; }
61 bool isSandboxed(SandboxFlags mask) const { return m_sandboxFlags & mask; } 65 bool isSandboxed(SandboxFlags mask) const { return m_sandboxFlags & mask; }
62 void enforceSandboxFlags(SandboxFlags mask); 66 void enforceSandboxFlags(SandboxFlags mask);
63 67
64 void setHostedInReservedIPRange() { m_hostedInReservedIPRange = true; } 68 void setHostedInReservedIPRange() { m_hostedInReservedIPRange = true; }
65 bool isHostedInReservedIPRange() const { return m_hostedInReservedIPRange; } 69 bool isHostedInReservedIPRange() const { return m_hostedInReservedIPRange; }
66 70
67 void setInsecureRequestsPolicy(InsecureRequestsPolicy policy) { m_insecureRe questsPolicy = policy; } 71 void setInsecureRequestsPolicy(InsecureRequestsPolicy policy) { m_insecureRe questsPolicy = policy; }
68 InsecureRequestsPolicy insecureRequestsPolicy() const { return m_insecureReq uestsPolicy; } 72 InsecureRequestsPolicy insecureRequestsPolicy() const { return m_insecureReq uestsPolicy; }
69 73
74 void addInsecureNavigationUpgrade(const String& host) { m_insecureNavigation sToUpgrade.add(host.impl()->hash()); }
75 void addInsecureNavigationUpgrade(unsigned hashedHost) { m_insecureNavigatio nsToUpgrade.add(hashedHost); }
76 InsecureNavigationsSet* insecureNavigationsToUpgrade() { return &m_insecureN avigationsToUpgrade; }
77
70 protected: 78 protected:
71 SecurityContext(); 79 SecurityContext();
72 virtual ~SecurityContext(); 80 virtual ~SecurityContext();
73 81
74 void setContentSecurityPolicy(PassRefPtr<ContentSecurityPolicy>); 82 void setContentSecurityPolicy(PassRefPtr<ContentSecurityPolicy>);
75 83
76 void didFailToInitializeSecurityOrigin() { m_haveInitializedSecurityOrigin = false; } 84 void didFailToInitializeSecurityOrigin() { m_haveInitializedSecurityOrigin = false; }
77 bool haveInitializedSecurityOrigin() const { return m_haveInitializedSecurit yOrigin; } 85 bool haveInitializedSecurityOrigin() const { return m_haveInitializedSecurit yOrigin; }
78 86
79 private: 87 private:
80 bool m_haveInitializedSecurityOrigin; 88 bool m_haveInitializedSecurityOrigin;
81 RefPtr<SecurityOrigin> m_securityOrigin; 89 RefPtr<SecurityOrigin> m_securityOrigin;
82 RefPtr<ContentSecurityPolicy> m_contentSecurityPolicy; 90 RefPtr<ContentSecurityPolicy> m_contentSecurityPolicy;
83 91
84 SandboxFlags m_sandboxFlags; 92 SandboxFlags m_sandboxFlags;
85 93
86 bool m_hostedInReservedIPRange; 94 bool m_hostedInReservedIPRange;
87 InsecureRequestsPolicy m_insecureRequestsPolicy; 95 InsecureRequestsPolicy m_insecureRequestsPolicy;
96 InsecureNavigationsSet m_insecureNavigationsToUpgrade;
88 }; 97 };
89 98
90 } // namespace blink 99 } // namespace blink
91 100
92 #endif // SecurityContext_h 101 #endif // SecurityContext_h
OLDNEW
« no previous file with comments | « Source/core/dom/DocumentInit.cpp ('k') | Source/core/fetch/ResourceFetcher.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698