1/*
2 * Copyright (C) 2011 Google Inc. All Rights Reserved.
3 * Copyright (C) 2017 Apple Inc. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY GOOGLE, INC. ``AS IS'' AND ANY
15 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
17 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
18 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
19 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
20 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
21 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
22 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
24 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 *
26 */
27
28#pragma once
29
30#include <memory>
31#include <wtf/Forward.h>
32#include <wtf/OptionSet.h>
33#include <wtf/RefPtr.h>
34
35namespace WebCore {
36
37class SecurityOrigin;
38class SecurityOriginPolicy;
39class ContentSecurityPolicy;
40
41enum SandboxFlag {
42 // See http://www.whatwg.org/specs/web-apps/current-work/#attr-iframe-sandbox for a list of the sandbox flags.
43 SandboxNone = 0,
44 SandboxNavigation = 1,
45 SandboxPlugins = 1 << 1,
46 SandboxOrigin = 1 << 2,
47 SandboxForms = 1 << 3,
48 SandboxScripts = 1 << 4,
49 SandboxTopNavigation = 1 << 5,
50 SandboxPopups = 1 << 6, // See https://www.w3.org/Bugs/Public/show_bug.cgi?id=12393
51 SandboxAutomaticFeatures = 1 << 7,
52 SandboxPointerLock = 1 << 8,
53 SandboxPropagatesToAuxiliaryBrowsingContexts = 1 << 9,
54 SandboxTopNavigationByUserActivation = 1 << 10,
55 SandboxDocumentDomain = 1 << 11,
56 SandboxModals = 1 << 12,
57 SandboxStorageAccessByUserActivation = 1 << 13,
58 SandboxAll = -1 // Mask with all bits set to 1.
59};
60
61typedef int SandboxFlags;
62
63class SecurityContext {
64public:
65 SandboxFlags sandboxFlags() const { return m_sandboxFlags; }
66 ContentSecurityPolicy* contentSecurityPolicy() { return m_contentSecurityPolicy.get(); }
67
68 bool isSecureTransitionTo(const URL&) const;
69
70 void enforceSandboxFlags(SandboxFlags mask);
71 bool isSandboxed(SandboxFlags mask) const { return m_sandboxFlags & mask; }
72
73 SecurityOriginPolicy* securityOriginPolicy() const { return m_securityOriginPolicy.get(); }
74
75 // Explicitly override the security origin for this security context.
76 // Note: It is dangerous to change the security origin of a script context
77 // that already contains content.
78 void setSecurityOriginPolicy(RefPtr<SecurityOriginPolicy>&&);
79
80 WEBCORE_EXPORT SecurityOrigin* securityOrigin() const;
81
82 static SandboxFlags parseSandboxPolicy(const String& policy, String& invalidTokensErrorMessage);
83 static bool isSupportedSandboxPolicy(StringView);
84
85 enum MixedContentType {
86 Inactive = 1 << 0,
87 Active = 1 << 1,
88 };
89
90 const OptionSet<MixedContentType>& foundMixedContent() const { return m_mixedContentTypes; }
91 void setFoundMixedContent(MixedContentType type) { m_mixedContentTypes.add(type); }
92 bool geolocationAccessed() const { return m_geolocationAccessed; }
93 void setGeolocationAccessed() { m_geolocationAccessed = true; }
94 bool secureCookiesAccessed() const { return m_secureCookiesAccessed; }
95 void setSecureCookiesAccessed() { m_secureCookiesAccessed = true; }
96
97 bool isStrictMixedContentMode() const { return m_isStrictMixedContentMode; }
98 void setStrictMixedContentMode(bool strictMixedContentMode) { m_isStrictMixedContentMode = strictMixedContentMode; }
99
100 // This method implements the "Is the environment settings object settings a secure context?" algorithm from
101 // the Secure Context spec: https://w3c.github.io/webappsec-secure-contexts/#settings-object (Editor's Draft, 17 November 2016)
102 virtual bool isSecureContext() const = 0;
103
104protected:
105 SecurityContext();
106 virtual ~SecurityContext();
107
108 void setContentSecurityPolicy(std::unique_ptr<ContentSecurityPolicy>);
109
110 // It's only appropriate to call this during security context initialization; it's needed for
111 // flags that can't be disabled with allow-* attributes, such as SandboxNavigation.
112 void disableSandboxFlags(SandboxFlags mask) { m_sandboxFlags &= ~mask; }
113
114 void didFailToInitializeSecurityOrigin() { m_haveInitializedSecurityOrigin = false; }
115 bool haveInitializedSecurityOrigin() const { return m_haveInitializedSecurityOrigin; }
116
117private:
118 RefPtr<SecurityOriginPolicy> m_securityOriginPolicy;
119 std::unique_ptr<ContentSecurityPolicy> m_contentSecurityPolicy;
120 SandboxFlags m_sandboxFlags { SandboxNone };
121 OptionSet<MixedContentType> m_mixedContentTypes;
122 bool m_haveInitializedSecurityOrigin { false };
123 bool m_geolocationAccessed { false };
124 bool m_secureCookiesAccessed { false };
125 bool m_isStrictMixedContentMode { false };
126};
127
128} // namespace WebCore
129