1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
6 #include "core/frame/csp/CSPSource.h"
8 #include "core/frame/csp/ContentSecurityPolicy.h"
9 #include "platform/weborigin/KURL.h"
10 #include "platform/weborigin/KnownPorts.h"
11 #include "platform/weborigin/SecurityOrigin.h"
12 #include "wtf/text/WTFString.h"
16 CSPSource::CSPSource(ContentSecurityPolicy* policy, const String& scheme, const String& host, int port, const String& path, WildcardDisposition hostWildcard, WildcardDisposition portWildcard)
22 , m_hostWildcard(hostWildcard)
23 , m_portWildcard(portWildcard)
27 bool CSPSource::matches(const KURL& url) const
29 if (!schemeMatches(url))
33 return hostMatches(url) && portMatches(url) && pathMatches(url);
36 bool CSPSource::schemeMatches(const KURL& url) const
38 if (m_scheme.isEmpty())
39 return m_policy->protocolMatchesSelf(url);
40 return equalIgnoringCase(url.protocol(), m_scheme);
43 bool CSPSource::hostMatches(const KURL& url) const
45 const String& host = url.host();
46 if (equalIgnoringCase(host, m_host))
48 return m_hostWildcard == HasWildcard && host.endsWith("." + m_host, false);
52 bool CSPSource::pathMatches(const KURL& url) const
57 String path = decodeURLEscapeSequences(url.path());
59 if (m_path.endsWith("/"))
60 return path.startsWith(m_path, false);
62 return path == m_path;
65 bool CSPSource::portMatches(const KURL& url) const
67 if (m_portWildcard == HasWildcard)
70 int port = url.port();
76 return isDefaultPortForProtocol(m_port, url.protocol());
79 return isDefaultPortForProtocol(port, url.protocol());
84 bool CSPSource::isSchemeOnly() const
86 return m_host.isEmpty();