1 | /* |
2 | * Copyright (C) 2007-2017 Apple Inc. All rights reserved. |
3 | * |
4 | * Redistribution and use in source and binary forms, with or without |
5 | * modification, are permitted provided that the following conditions |
6 | * are met: |
7 | * |
8 | * 1. Redistributions of source code must retain the above copyright |
9 | * notice, this list of conditions and the following disclaimer. |
10 | * 2. Redistributions in binary form must reproduce the above copyright |
11 | * notice, this list of conditions and the following disclaimer in the |
12 | * documentation and/or other materials provided with the distribution. |
13 | * 3. Neither the name of Apple Inc. ("Apple") nor the names of |
14 | * its contributors may be used to endorse or promote products derived |
15 | * from this software without specific prior written permission. |
16 | * |
17 | * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY |
18 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
19 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
20 | * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY |
21 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
22 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
23 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
24 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
27 | */ |
28 | |
29 | #include "config.h" |
30 | #include "SecurityOrigin.h" |
31 | |
32 | #include "BlobURL.h" |
33 | #include "OriginAccessEntry.h" |
34 | #include "PublicSuffix.h" |
35 | #include "SchemeRegistry.h" |
36 | #include "SecurityPolicy.h" |
37 | #include "TextEncoding.h" |
38 | #include "ThreadableBlobRegistry.h" |
39 | #include <wtf/FileSystem.h> |
40 | #include <wtf/MainThread.h> |
41 | #include <wtf/NeverDestroyed.h> |
42 | #include <wtf/StdLibExtras.h> |
43 | #include <wtf/URL.h> |
44 | #include <wtf/text/StringBuilder.h> |
45 | |
46 | namespace WebCore { |
47 | |
48 | static bool schemeRequiresHost(const URL& url) |
49 | { |
50 | // We expect URLs with these schemes to have authority components. If the |
51 | // URL lacks an authority component, we get concerned and mark the origin |
52 | // as unique. |
53 | return url.protocolIsInHTTPFamily() || url.protocolIs("ftp" ); |
54 | } |
55 | |
56 | bool SecurityOrigin::shouldUseInnerURL(const URL& url) |
57 | { |
58 | // FIXME: Blob URLs don't have inner URLs. Their form is "blob:<inner-origin>/<UUID>", so treating the part after "blob:" as a URL is incorrect. |
59 | if (url.protocolIsBlob()) |
60 | return true; |
61 | UNUSED_PARAM(url); |
62 | return false; |
63 | } |
64 | |
65 | // In general, extracting the inner URL varies by scheme. It just so happens |
66 | // that all the URL schemes we currently support that use inner URLs for their |
67 | // security origin can be parsed using this algorithm. |
68 | URL SecurityOrigin::(const URL& url) |
69 | { |
70 | // FIXME: Update this callsite to use the innerURL member function when |
71 | // we finish implementing it. |
72 | return { URL(), decodeURLEscapeSequences(url.path()) }; |
73 | } |
74 | |
75 | static RefPtr<SecurityOrigin> getCachedOrigin(const URL& url) |
76 | { |
77 | if (url.protocolIsBlob()) |
78 | return ThreadableBlobRegistry::getCachedOrigin(url); |
79 | return nullptr; |
80 | } |
81 | |
82 | static bool shouldTreatAsUniqueOrigin(const URL& url) |
83 | { |
84 | if (!url.isValid()) |
85 | return true; |
86 | |
87 | // FIXME: Do we need to unwrap the URL further? |
88 | URL innerURL = SecurityOrigin::shouldUseInnerURL(url) ? SecurityOrigin::extractInnerURL(url) : url; |
89 | |
90 | // FIXME: Check whether innerURL is valid. |
91 | |
92 | // For edge case URLs that were probably misparsed, make sure that the origin is unique. |
93 | // This is an additional safety net against bugs in URL parsing, and for network back-ends that parse URLs differently, |
94 | // and could misinterpret another component for hostname. |
95 | if (schemeRequiresHost(innerURL) && innerURL.host().isEmpty()) |
96 | return true; |
97 | |
98 | if (SchemeRegistry::shouldTreatURLSchemeAsNoAccess(innerURL.protocol().toStringWithoutCopying())) |
99 | return true; |
100 | |
101 | // This is the common case. |
102 | return false; |
103 | } |
104 | |
105 | static bool isLoopbackIPAddress(StringView host) |
106 | { |
107 | // The IPv6 loopback address is 0:0:0:0:0:0:0:1, which compresses to ::1. |
108 | if (host == "[::1]" ) |
109 | return true; |
110 | |
111 | // Check to see if it's a valid IPv4 address that has the form 127.*.*.*. |
112 | if (!host.startsWith("127." )) |
113 | return false; |
114 | size_t dotsFound = 0; |
115 | for (size_t i = 0; i < host.length(); ++i) { |
116 | if (host[i] == '.') { |
117 | dotsFound++; |
118 | continue; |
119 | } |
120 | if (!isASCIIDigit(host[i])) |
121 | return false; |
122 | } |
123 | return dotsFound == 3; |
124 | } |
125 | |
126 | // https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy (Editor's Draft, 17 November 2016) |
127 | static bool shouldTreatAsPotentiallyTrustworthy(const String& protocol, const String& host) |
128 | { |
129 | if (SchemeRegistry::shouldTreatURLSchemeAsSecure(protocol)) |
130 | return true; |
131 | |
132 | if (SecurityOrigin::isLocalHostOrLoopbackIPAddress(host)) |
133 | return true; |
134 | |
135 | if (SchemeRegistry::shouldTreatURLSchemeAsLocal(protocol)) |
136 | return true; |
137 | |
138 | return false; |
139 | } |
140 | |
141 | bool shouldTreatAsPotentiallyTrustworthy(const URL& url) |
142 | { |
143 | return shouldTreatAsPotentiallyTrustworthy(url.protocol().toStringWithoutCopying(), url.host().toStringWithoutCopying()); |
144 | } |
145 | |
146 | SecurityOrigin::SecurityOrigin(const URL& url) |
147 | : m_data(SecurityOriginData::fromURL(url)) |
148 | , m_isLocal(SchemeRegistry::shouldTreatURLSchemeAsLocal(m_data.protocol)) |
149 | { |
150 | // document.domain starts as m_data.host, but can be set by the DOM. |
151 | m_domain = m_data.host; |
152 | |
153 | if (m_data.port && WTF::isDefaultPortForProtocol(m_data.port.value(), m_data.protocol)) |
154 | m_data.port = WTF::nullopt; |
155 | |
156 | // By default, only local SecurityOrigins can load local resources. |
157 | m_canLoadLocalResources = isLocal(); |
158 | |
159 | if (m_canLoadLocalResources) |
160 | m_filePath = url.fileSystemPath(); // In case enforceFilePathSeparation() is called. |
161 | |
162 | m_isPotentiallyTrustworthy = shouldTreatAsPotentiallyTrustworthy(url); |
163 | } |
164 | |
165 | SecurityOrigin::SecurityOrigin() |
166 | : m_data { emptyString(), emptyString(), WTF::nullopt } |
167 | , m_domain { emptyString() } |
168 | , m_isUnique { true } |
169 | , m_isPotentiallyTrustworthy { true } |
170 | { |
171 | } |
172 | |
173 | SecurityOrigin::SecurityOrigin(const SecurityOrigin* other) |
174 | : m_data { other->m_data.isolatedCopy() } |
175 | , m_domain { other->m_domain.isolatedCopy() } |
176 | , m_filePath { other->m_filePath.isolatedCopy() } |
177 | , m_isUnique { other->m_isUnique } |
178 | , m_universalAccess { other->m_universalAccess } |
179 | , m_domainWasSetInDOM { other->m_domainWasSetInDOM } |
180 | , m_canLoadLocalResources { other->m_canLoadLocalResources } |
181 | , m_storageBlockingPolicy { other->m_storageBlockingPolicy } |
182 | , m_enforcesFilePathSeparation { other->m_enforcesFilePathSeparation } |
183 | , m_needsStorageAccessFromFileURLsQuirk { other->m_needsStorageAccessFromFileURLsQuirk } |
184 | , m_isPotentiallyTrustworthy { other->m_isPotentiallyTrustworthy } |
185 | , m_isLocal { other->m_isLocal } |
186 | { |
187 | } |
188 | |
189 | Ref<SecurityOrigin> SecurityOrigin::create(const URL& url) |
190 | { |
191 | if (RefPtr<SecurityOrigin> cachedOrigin = getCachedOrigin(url)) |
192 | return cachedOrigin.releaseNonNull(); |
193 | |
194 | if (shouldTreatAsUniqueOrigin(url)) |
195 | return adoptRef(*new SecurityOrigin); |
196 | |
197 | if (shouldUseInnerURL(url)) |
198 | return adoptRef(*new SecurityOrigin(extractInnerURL(url))); |
199 | |
200 | return adoptRef(*new SecurityOrigin(url)); |
201 | } |
202 | |
203 | Ref<SecurityOrigin> SecurityOrigin::createUnique() |
204 | { |
205 | Ref<SecurityOrigin> origin(adoptRef(*new SecurityOrigin)); |
206 | ASSERT(origin.get().isUnique()); |
207 | return origin; |
208 | } |
209 | |
210 | Ref<SecurityOrigin> SecurityOrigin::createNonLocalWithAllowedFilePath(const URL& url, const String& filePath) |
211 | { |
212 | ASSERT(!url.isLocalFile()); |
213 | auto securityOrigin = SecurityOrigin::create(url); |
214 | securityOrigin->m_filePath = filePath; |
215 | return securityOrigin; |
216 | } |
217 | |
218 | Ref<SecurityOrigin> SecurityOrigin::isolatedCopy() const |
219 | { |
220 | return adoptRef(*new SecurityOrigin(this)); |
221 | } |
222 | |
223 | void SecurityOrigin::setDomainFromDOM(const String& newDomain) |
224 | { |
225 | m_domainWasSetInDOM = true; |
226 | m_domain = newDomain.convertToASCIILowercase(); |
227 | } |
228 | |
229 | bool SecurityOrigin::isSecure(const URL& url) |
230 | { |
231 | // Invalid URLs are secure, as are URLs which have a secure protocol. |
232 | if (!url.isValid() || SchemeRegistry::shouldTreatURLSchemeAsSecure(url.protocol().toStringWithoutCopying())) |
233 | return true; |
234 | |
235 | // URLs that wrap inner URLs are secure if those inner URLs are secure. |
236 | if (shouldUseInnerURL(url) && SchemeRegistry::shouldTreatURLSchemeAsSecure(extractInnerURL(url).protocol().toStringWithoutCopying())) |
237 | return true; |
238 | |
239 | return false; |
240 | } |
241 | |
242 | bool SecurityOrigin::canAccess(const SecurityOrigin& other) const |
243 | { |
244 | if (m_universalAccess) |
245 | return true; |
246 | |
247 | if (this == &other) |
248 | return true; |
249 | |
250 | if (isUnique() || other.isUnique()) |
251 | return false; |
252 | |
253 | // Here are two cases where we should permit access: |
254 | // |
255 | // 1) Neither document has set document.domain. In this case, we insist |
256 | // that the scheme, host, and port of the URLs match. |
257 | // |
258 | // 2) Both documents have set document.domain. In this case, we insist |
259 | // that the documents have set document.domain to the same value and |
260 | // that the scheme of the URLs match. |
261 | // |
262 | // This matches the behavior of Firefox 2 and Internet Explorer 6. |
263 | // |
264 | // Internet Explorer 7 and Opera 9 are more strict in that they require |
265 | // the port numbers to match when both pages have document.domain set. |
266 | // |
267 | // FIXME: Evaluate whether we can tighten this policy to require matched |
268 | // port numbers. |
269 | // |
270 | // Opera 9 allows access when only one page has set document.domain, but |
271 | // this is a security vulnerability. |
272 | |
273 | bool canAccess = false; |
274 | if (m_data.protocol == other.m_data.protocol) { |
275 | if (!m_domainWasSetInDOM && !other.m_domainWasSetInDOM) { |
276 | if (m_data.host == other.m_data.host && m_data.port == other.m_data.port) |
277 | canAccess = true; |
278 | } else if (m_domainWasSetInDOM && other.m_domainWasSetInDOM) { |
279 | if (m_domain == other.m_domain) |
280 | canAccess = true; |
281 | } |
282 | } |
283 | |
284 | if (canAccess && isLocal()) |
285 | canAccess = passesFileCheck(other); |
286 | |
287 | return canAccess; |
288 | } |
289 | |
290 | bool SecurityOrigin::passesFileCheck(const SecurityOrigin& other) const |
291 | { |
292 | ASSERT(isLocal() && other.isLocal()); |
293 | |
294 | return !m_enforcesFilePathSeparation && !other.m_enforcesFilePathSeparation; |
295 | } |
296 | |
297 | bool SecurityOrigin::canRequest(const URL& url) const |
298 | { |
299 | if (m_universalAccess) |
300 | return true; |
301 | |
302 | if (getCachedOrigin(url) == this) |
303 | return true; |
304 | |
305 | if (isUnique()) |
306 | return false; |
307 | |
308 | Ref<SecurityOrigin> targetOrigin(SecurityOrigin::create(url)); |
309 | |
310 | if (targetOrigin->isUnique()) |
311 | return false; |
312 | |
313 | // We call isSameSchemeHostPort here instead of canAccess because we want |
314 | // to ignore document.domain effects. |
315 | if (isSameSchemeHostPort(targetOrigin.get())) |
316 | return true; |
317 | |
318 | if (SecurityPolicy::isAccessWhiteListed(this, &targetOrigin.get())) |
319 | return true; |
320 | |
321 | return false; |
322 | } |
323 | |
324 | bool SecurityOrigin::canReceiveDragData(const SecurityOrigin& dragInitiator) const |
325 | { |
326 | if (this == &dragInitiator) |
327 | return true; |
328 | |
329 | return canAccess(dragInitiator); |
330 | } |
331 | |
332 | // This is a hack to allow keep navigation to http/https feeds working. To remove this |
333 | // we need to introduce new API akin to registerURLSchemeAsLocal, that registers a |
334 | // protocols navigation policy. |
335 | // feed(|s|search): is considered a 'nesting' scheme by embedders that support it, so it can be |
336 | // local or remote depending on what is nested. Currently we just check if we are nesting |
337 | // http or https, otherwise we ignore the nesting for the purpose of a security check. We need |
338 | // a facility for registering nesting schemes, and some generalized logic for them. |
339 | // This function should be removed as an outcome of https://bugs.webkit.org/show_bug.cgi?id=69196 |
340 | static bool isFeedWithNestedProtocolInHTTPFamily(const URL& url) |
341 | { |
342 | const String& string = url.string(); |
343 | if (!startsWithLettersIgnoringASCIICase(string, "feed" )) |
344 | return false; |
345 | return startsWithLettersIgnoringASCIICase(string, "feed://" ) |
346 | || startsWithLettersIgnoringASCIICase(string, "feed:http:" ) |
347 | || startsWithLettersIgnoringASCIICase(string, "feed:https:" ) |
348 | || startsWithLettersIgnoringASCIICase(string, "feeds:http:" ) |
349 | || startsWithLettersIgnoringASCIICase(string, "feeds:https:" ) |
350 | || startsWithLettersIgnoringASCIICase(string, "feedsearch:http:" ) |
351 | || startsWithLettersIgnoringASCIICase(string, "feedsearch:https:" ); |
352 | } |
353 | |
354 | bool SecurityOrigin::canDisplay(const URL& url) const |
355 | { |
356 | if (m_universalAccess) |
357 | return true; |
358 | |
359 | #if !PLATFORM(IOS_FAMILY) |
360 | if (m_data.protocol == "file" && url.isLocalFile() && !FileSystem::filesHaveSameVolume(m_filePath, url.fileSystemPath())) |
361 | return false; |
362 | #endif |
363 | |
364 | if (isFeedWithNestedProtocolInHTTPFamily(url)) |
365 | return true; |
366 | |
367 | String protocol = url.protocol().toString(); |
368 | |
369 | if (SchemeRegistry::canDisplayOnlyIfCanRequest(protocol)) |
370 | return canRequest(url); |
371 | |
372 | if (SchemeRegistry::shouldTreatURLSchemeAsDisplayIsolated(protocol)) |
373 | return equalIgnoringASCIICase(m_data.protocol, protocol) || SecurityPolicy::isAccessToURLWhiteListed(this, url); |
374 | |
375 | if (!SecurityPolicy::restrictAccessToLocal()) |
376 | return true; |
377 | |
378 | if (url.isLocalFile() && url.fileSystemPath() == m_filePath) |
379 | return true; |
380 | |
381 | if (SchemeRegistry::shouldTreatURLSchemeAsLocal(protocol)) |
382 | return canLoadLocalResources() || SecurityPolicy::isAccessToURLWhiteListed(this, url); |
383 | |
384 | return true; |
385 | } |
386 | |
387 | bool SecurityOrigin::canAccessStorage(const SecurityOrigin* topOrigin, ShouldAllowFromThirdParty shouldAllowFromThirdParty) const |
388 | { |
389 | if (isUnique()) |
390 | return false; |
391 | |
392 | if (isLocal() && !needsStorageAccessFromFileURLsQuirk() && !m_universalAccess && shouldAllowFromThirdParty != AlwaysAllowFromThirdParty) |
393 | return false; |
394 | |
395 | if (m_storageBlockingPolicy == BlockAllStorage) |
396 | return false; |
397 | |
398 | // FIXME: This check should be replaced with an ASSERT once we can guarantee that topOrigin is not null. |
399 | if (!topOrigin) |
400 | return true; |
401 | |
402 | if (topOrigin->m_storageBlockingPolicy == BlockAllStorage) |
403 | return false; |
404 | |
405 | if (shouldAllowFromThirdParty == AlwaysAllowFromThirdParty) |
406 | return true; |
407 | |
408 | if (m_universalAccess) |
409 | return true; |
410 | |
411 | if ((m_storageBlockingPolicy == BlockThirdPartyStorage || topOrigin->m_storageBlockingPolicy == BlockThirdPartyStorage) && !topOrigin->isSameOriginAs(*this)) |
412 | return false; |
413 | |
414 | return true; |
415 | } |
416 | |
417 | SecurityOrigin::Policy SecurityOrigin::canShowNotifications() const |
418 | { |
419 | if (m_universalAccess) |
420 | return AlwaysAllow; |
421 | if (isUnique()) |
422 | return AlwaysDeny; |
423 | return Ask; |
424 | } |
425 | |
426 | bool SecurityOrigin::isSameOriginAs(const SecurityOrigin& other) const |
427 | { |
428 | if (this == &other) |
429 | return true; |
430 | |
431 | if (isUnique() || other.isUnique()) |
432 | return false; |
433 | |
434 | return isSameSchemeHostPort(other); |
435 | } |
436 | |
437 | bool SecurityOrigin::isMatchingRegistrableDomainSuffix(const String& domainSuffix, bool treatIPAddressAsDomain) const |
438 | { |
439 | if (domainSuffix.isEmpty()) |
440 | return false; |
441 | |
442 | auto ipAddressSetting = treatIPAddressAsDomain ? OriginAccessEntry::TreatIPAddressAsDomain : OriginAccessEntry::TreatIPAddressAsIPAddress; |
443 | OriginAccessEntry accessEntry { protocol(), domainSuffix, OriginAccessEntry::AllowSubdomains, ipAddressSetting }; |
444 | if (!accessEntry.matchesOrigin(*this)) |
445 | return false; |
446 | |
447 | // Always return true if it is an exact match. |
448 | if (domainSuffix.length() == host().length()) |
449 | return true; |
450 | |
451 | #if ENABLE(PUBLIC_SUFFIX_LIST) |
452 | return !isPublicSuffix(domainSuffix); |
453 | #else |
454 | return true; |
455 | #endif |
456 | } |
457 | |
458 | void SecurityOrigin::grantLoadLocalResources() |
459 | { |
460 | // Granting privileges to some, but not all, documents in a SecurityOrigin |
461 | // is a security hazard because the documents without the privilege can |
462 | // obtain the privilege by injecting script into the documents that have |
463 | // been granted the privilege. |
464 | m_canLoadLocalResources = true; |
465 | } |
466 | |
467 | void SecurityOrigin::grantUniversalAccess() |
468 | { |
469 | m_universalAccess = true; |
470 | } |
471 | |
472 | void SecurityOrigin::grantStorageAccessFromFileURLsQuirk() |
473 | { |
474 | m_needsStorageAccessFromFileURLsQuirk = true; |
475 | } |
476 | |
477 | String SecurityOrigin::domainForCachePartition() const |
478 | { |
479 | if (m_storageBlockingPolicy != BlockThirdPartyStorage) |
480 | return emptyString(); |
481 | |
482 | if (isHTTPFamily()) |
483 | return host(); |
484 | |
485 | if (SchemeRegistry::shouldPartitionCacheForURLScheme(m_data.protocol)) |
486 | return host(); |
487 | |
488 | return emptyString(); |
489 | } |
490 | |
491 | void SecurityOrigin::setEnforcesFilePathSeparation() |
492 | { |
493 | ASSERT(isLocal()); |
494 | m_enforcesFilePathSeparation = true; |
495 | } |
496 | |
497 | String SecurityOrigin::toString() const |
498 | { |
499 | if (isUnique()) |
500 | return "null"_s ; |
501 | if (m_data.protocol == "file" && m_enforcesFilePathSeparation) |
502 | return "null"_s ; |
503 | return toRawString(); |
504 | } |
505 | |
506 | String SecurityOrigin::toRawString() const |
507 | { |
508 | return m_data.toString(); |
509 | } |
510 | |
511 | static inline bool areOriginsMatching(const SecurityOrigin& origin1, const SecurityOrigin& origin2) |
512 | { |
513 | ASSERT(&origin1 != &origin2); |
514 | |
515 | if (origin1.isUnique() || origin2.isUnique()) |
516 | return origin1.isUnique() == origin2.isUnique(); |
517 | |
518 | if (origin1.protocol() != origin2.protocol()) |
519 | return false; |
520 | |
521 | if (origin1.protocol() == "file" ) |
522 | return origin1.enforcesFilePathSeparation() == origin2.enforcesFilePathSeparation(); |
523 | |
524 | if (origin1.host() != origin2.host()) |
525 | return false; |
526 | |
527 | return origin1.port() == origin2.port(); |
528 | } |
529 | |
530 | // This function mimics the result of string comparison of serialized origins. |
531 | bool serializedOriginsMatch(const SecurityOrigin& origin1, const SecurityOrigin& origin2) |
532 | { |
533 | if (&origin1 == &origin2) |
534 | return true; |
535 | |
536 | ASSERT(!areOriginsMatching(origin1, origin2) || (origin1.toString() == origin2.toString())); |
537 | return areOriginsMatching(origin1, origin2); |
538 | } |
539 | |
540 | bool serializedOriginsMatch(const SecurityOrigin* origin1, const SecurityOrigin* origin2) |
541 | { |
542 | if (!origin1 || !origin2) |
543 | return origin1 == origin2; |
544 | |
545 | return serializedOriginsMatch(*origin1, *origin2); |
546 | } |
547 | |
548 | Ref<SecurityOrigin> SecurityOrigin::createFromString(const String& originString) |
549 | { |
550 | return SecurityOrigin::create(URL(URL(), originString)); |
551 | } |
552 | |
553 | Ref<SecurityOrigin> SecurityOrigin::create(const String& protocol, const String& host, Optional<uint16_t> port) |
554 | { |
555 | String decodedHost = decodeURLEscapeSequences(host); |
556 | auto origin = create(URL(URL(), protocol + "://" + host + "/" )); |
557 | if (port && !WTF::isDefaultPortForProtocol(*port, protocol)) |
558 | origin->m_data.port = port; |
559 | return origin; |
560 | } |
561 | |
562 | bool SecurityOrigin::equal(const SecurityOrigin* other) const |
563 | { |
564 | if (other == this) |
565 | return true; |
566 | |
567 | if (!isSameSchemeHostPort(*other)) |
568 | return false; |
569 | |
570 | if (m_domainWasSetInDOM != other->m_domainWasSetInDOM) |
571 | return false; |
572 | |
573 | if (m_domainWasSetInDOM && m_domain != other->m_domain) |
574 | return false; |
575 | |
576 | return true; |
577 | } |
578 | |
579 | bool SecurityOrigin::isSameSchemeHostPort(const SecurityOrigin& other) const |
580 | { |
581 | if (m_data != other.m_data) |
582 | return false; |
583 | |
584 | if (isLocal() && !passesFileCheck(other)) |
585 | return false; |
586 | |
587 | return true; |
588 | } |
589 | |
590 | bool SecurityOrigin::isLocalHostOrLoopbackIPAddress(StringView host) |
591 | { |
592 | if (isLoopbackIPAddress(host)) |
593 | return true; |
594 | |
595 | // FIXME: Ensure that localhost resolves to the loopback address. |
596 | if (equalLettersIgnoringASCIICase(host, "localhost" )) |
597 | return true; |
598 | |
599 | return false; |
600 | } |
601 | |
602 | } // namespace WebCore |
603 | |