2 * Copyright (C) 2011 Google Inc. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of Google, Inc. ("Google") nor the names of
14 * its contributors may be used to endorse or promote products derived
15 * from this software without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY GOOGLE AND ITS CONTRIBUTORS "AS IS" AND ANY
18 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
19 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
20 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
21 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
22 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
24 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 #include "SecurityPolicy.h"
33 #include <wtf/MainThread.h>
34 #include "OriginAccessEntry.h"
35 #include "SecurityOrigin.h"
36 #include <wtf/OwnPtr.h>
37 #include <wtf/PassOwnPtr.h>
38 #include <wtf/text/StringHash.h>
42 static SecurityPolicy::LocalLoadPolicy localLoadPolicy = SecurityPolicy::AllowLocalLoadsForLocalOnly;
44 typedef Vector<OriginAccessEntry> OriginAccessWhiteList;
45 typedef HashMap<String, OwnPtr<OriginAccessWhiteList> > OriginAccessMap;
47 static OriginAccessMap& originAccessMap()
49 DEFINE_STATIC_LOCAL(OriginAccessMap, originAccessMap, ());
50 return originAccessMap;
53 bool SecurityPolicy::shouldHideReferrer(const KURL& url, const String& referrer)
55 bool referrerIsSecureURL = protocolIs(referrer, "https");
56 bool referrerIsWebURL = referrerIsSecureURL || protocolIs(referrer, "http");
58 if (!referrerIsWebURL)
61 if (!referrerIsSecureURL)
64 bool URLIsSecureURL = url.protocolIs("https");
66 return !URLIsSecureURL;
69 String SecurityPolicy::generateReferrerHeader(ReferrerPolicy referrerPolicy, const KURL& url, const String& referrer)
71 if (referrer.isEmpty())
74 switch (referrerPolicy) {
75 case ReferrerPolicyNever:
77 case ReferrerPolicyAlways:
79 case ReferrerPolicyOrigin: {
80 String origin = SecurityOrigin::createFromString(referrer)->toString();
83 // A security origin is not a canonical URL as it lacks a path. Add /
84 // to turn it into a canonical URL we can use as referrer.
87 case ReferrerPolicyDefault:
91 return shouldHideReferrer(url, referrer) ? String() : referrer;
94 void SecurityPolicy::setLocalLoadPolicy(LocalLoadPolicy policy)
96 localLoadPolicy = policy;
99 bool SecurityPolicy::restrictAccessToLocal()
101 return localLoadPolicy != SecurityPolicy::AllowLocalLoadsForAll;
104 bool SecurityPolicy::allowSubstituteDataAccessToLocal()
106 return localLoadPolicy != SecurityPolicy::AllowLocalLoadsForLocalOnly;
109 bool SecurityPolicy::isAccessWhiteListed(const SecurityOrigin* activeOrigin, const SecurityOrigin* targetOrigin)
111 if (OriginAccessWhiteList* list = originAccessMap().get(activeOrigin->toString())) {
112 for (size_t i = 0; i < list->size(); ++i) {
113 if (list->at(i).matchesOrigin(*targetOrigin))
120 bool SecurityPolicy::isAccessToURLWhiteListed(const SecurityOrigin* activeOrigin, const KURL& url)
122 RefPtr<SecurityOrigin> targetOrigin = SecurityOrigin::create(url);
123 return isAccessWhiteListed(activeOrigin, targetOrigin.get());
126 void SecurityPolicy::addOriginAccessWhitelistEntry(const SecurityOrigin& sourceOrigin, const String& destinationProtocol, const String& destinationDomain, bool allowDestinationSubdomains)
128 ASSERT(isMainThread());
129 ASSERT(!sourceOrigin.isUnique());
130 if (sourceOrigin.isUnique())
133 String sourceString = sourceOrigin.toString();
134 OriginAccessMap::AddResult result = originAccessMap().add(sourceString, nullptr);
135 if (result.isNewEntry)
136 result.iterator->second = adoptPtr(new OriginAccessWhiteList);
138 OriginAccessWhiteList* list = result.iterator->second.get();
139 list->append(OriginAccessEntry(destinationProtocol, destinationDomain, allowDestinationSubdomains ? OriginAccessEntry::AllowSubdomains : OriginAccessEntry::DisallowSubdomains));
142 void SecurityPolicy::removeOriginAccessWhitelistEntry(const SecurityOrigin& sourceOrigin, const String& destinationProtocol, const String& destinationDomain, bool allowDestinationSubdomains)
144 ASSERT(isMainThread());
145 ASSERT(!sourceOrigin.isUnique());
146 if (sourceOrigin.isUnique())
149 String sourceString = sourceOrigin.toString();
150 OriginAccessMap& map = originAccessMap();
151 OriginAccessMap::iterator it = map.find(sourceString);
155 OriginAccessWhiteList* list = it->second.get();
156 size_t index = list->find(OriginAccessEntry(destinationProtocol, destinationDomain, allowDestinationSubdomains ? OriginAccessEntry::AllowSubdomains : OriginAccessEntry::DisallowSubdomains));
157 if (index == notFound)
166 void SecurityPolicy::resetOriginAccessWhitelists()
168 ASSERT(isMainThread());
169 originAccessMap().clear();
172 } // namespace WebCore