| 1 | /* |
|---|---|
| 2 | * Copyright (C) 2007-2017 Apple Inc. All rights reserved. |
| 3 | * |
| 4 | * Redistribution and use in source and binary forms, with or without |
| 5 | * modification, are permitted provided that the following conditions |
| 6 | * are met: |
| 7 | * |
| 8 | * 1. Redistributions of source code must retain the above copyright |
| 9 | * notice, this list of conditions and the following disclaimer. |
| 10 | * 2. Redistributions in binary form must reproduce the above copyright |
| 11 | * notice, this list of conditions and the following disclaimer in the |
| 12 | * documentation and/or other materials provided with the distribution. |
| 13 | * 3. Neither the name of Apple Inc. ("Apple") nor the names of |
| 14 | * its contributors may be used to endorse or promote products derived |
| 15 | * from this software without specific prior written permission. |
| 16 | * |
| 17 | * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY |
| 18 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
| 19 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
| 20 | * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY |
| 21 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
| 22 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
| 23 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
| 24 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 27 | */ |
| 28 | |
| 29 | #include "config.h" |
| 30 | #include "SecurityOrigin.h" |
| 31 | |
| 32 | #include "BlobURL.h" |
| 33 | #include "OriginAccessEntry.h" |
| 34 | #include "PublicSuffix.h" |
| 35 | #include "SchemeRegistry.h" |
| 36 | #include "SecurityPolicy.h" |
| 37 | #include "TextEncoding.h" |
| 38 | #include "ThreadableBlobRegistry.h" |
| 39 | #include <wtf/FileSystem.h> |
| 40 | #include <wtf/MainThread.h> |
| 41 | #include <wtf/NeverDestroyed.h> |
| 42 | #include <wtf/StdLibExtras.h> |
| 43 | #include <wtf/URL.h> |
| 44 | #include <wtf/text/StringBuilder.h> |
| 45 | |
| 46 | namespace WebCore { |
| 47 | |
| 48 | static bool schemeRequiresHost(const URL& url) |
| 49 | { |
| 50 | // We expect URLs with these schemes to have authority components. If the |
| 51 | // URL lacks an authority component, we get concerned and mark the origin |
| 52 | // as unique. |
| 53 | return url.protocolIsInHTTPFamily() || url.protocolIs("ftp"); |
| 54 | } |
| 55 | |
| 56 | bool SecurityOrigin::shouldUseInnerURL(const URL& url) |
| 57 | { |
| 58 | // FIXME: Blob URLs don't have inner URLs. Their form is "blob:<inner-origin>/<UUID>", so treating the part after "blob:" as a URL is incorrect. |
| 59 | if (url.protocolIsBlob()) |
| 60 | return true; |
| 61 | UNUSED_PARAM(url); |
| 62 | return false; |
| 63 | } |
| 64 | |
| 65 | // In general, extracting the inner URL varies by scheme. It just so happens |
| 66 | // that all the URL schemes we currently support that use inner URLs for their |
| 67 | // security origin can be parsed using this algorithm. |
| 68 | URL SecurityOrigin::extractInnerURL(const URL& url) |
| 69 | { |
| 70 | // FIXME: Update this callsite to use the innerURL member function when |
| 71 | // we finish implementing it. |
| 72 | return { URL(), decodeURLEscapeSequences(url.path()) }; |
| 73 | } |
| 74 | |
| 75 | static RefPtr<SecurityOrigin> getCachedOrigin(const URL& url) |
| 76 | { |
| 77 | if (url.protocolIsBlob()) |
| 78 | return ThreadableBlobRegistry::getCachedOrigin(url); |
| 79 | return nullptr; |
| 80 | } |
| 81 | |
| 82 | static bool shouldTreatAsUniqueOrigin(const URL& url) |
| 83 | { |
| 84 | if (!url.isValid()) |
| 85 | return true; |
| 86 | |
| 87 | // FIXME: Do we need to unwrap the URL further? |
| 88 | URL innerURL = SecurityOrigin::shouldUseInnerURL(url) ? SecurityOrigin::extractInnerURL(url) : url; |
| 89 | |
| 90 | // FIXME: Check whether innerURL is valid. |
| 91 | |
| 92 | // For edge case URLs that were probably misparsed, make sure that the origin is unique. |
| 93 | // This is an additional safety net against bugs in URL parsing, and for network back-ends that parse URLs differently, |
| 94 | // and could misinterpret another component for hostname. |
| 95 | if (schemeRequiresHost(innerURL) && innerURL.host().isEmpty()) |
| 96 | return true; |
| 97 | |
| 98 | if (SchemeRegistry::shouldTreatURLSchemeAsNoAccess(innerURL.protocol().toStringWithoutCopying())) |
| 99 | return true; |
| 100 | |
| 101 | // This is the common case. |
| 102 | return false; |
| 103 | } |
| 104 | |
| 105 | static bool isLoopbackIPAddress(StringView host) |
| 106 | { |
| 107 | // The IPv6 loopback address is 0:0:0:0:0:0:0:1, which compresses to ::1. |
| 108 | if (host == "[::1]") |
| 109 | return true; |
| 110 | |
| 111 | // Check to see if it's a valid IPv4 address that has the form 127.*.*.*. |
| 112 | if (!host.startsWith("127.")) |
| 113 | return false; |
| 114 | size_t dotsFound = 0; |
| 115 | for (size_t i = 0; i < host.length(); ++i) { |
| 116 | if (host[i] == '.') { |
| 117 | dotsFound++; |
| 118 | continue; |
| 119 | } |
| 120 | if (!isASCIIDigit(host[i])) |
| 121 | return false; |
| 122 | } |
| 123 | return dotsFound == 3; |
| 124 | } |
| 125 | |
| 126 | // https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy (Editor's Draft, 17 November 2016) |
| 127 | static bool shouldTreatAsPotentiallyTrustworthy(const String& protocol, const String& host) |
| 128 | { |
| 129 | if (SchemeRegistry::shouldTreatURLSchemeAsSecure(protocol)) |
| 130 | return true; |
| 131 | |
| 132 | if (SecurityOrigin::isLocalHostOrLoopbackIPAddress(host)) |
| 133 | return true; |
| 134 | |
| 135 | if (SchemeRegistry::shouldTreatURLSchemeAsLocal(protocol)) |
| 136 | return true; |
| 137 | |
| 138 | return false; |
| 139 | } |
| 140 | |
| 141 | bool shouldTreatAsPotentiallyTrustworthy(const URL& url) |
| 142 | { |
| 143 | return shouldTreatAsPotentiallyTrustworthy(url.protocol().toStringWithoutCopying(), url.host().toStringWithoutCopying()); |
| 144 | } |
| 145 | |
| 146 | SecurityOrigin::SecurityOrigin(const URL& url) |
| 147 | : m_data(SecurityOriginData::fromURL(url)) |
| 148 | , m_isLocal(SchemeRegistry::shouldTreatURLSchemeAsLocal(m_data.protocol)) |
| 149 | { |
| 150 | // document.domain starts as m_data.host, but can be set by the DOM. |
| 151 | m_domain = m_data.host; |
| 152 | |
| 153 | if (m_data.port && WTF::isDefaultPortForProtocol(m_data.port.value(), m_data.protocol)) |
| 154 | m_data.port = WTF::nullopt; |
| 155 | |
| 156 | // By default, only local SecurityOrigins can load local resources. |
| 157 | m_canLoadLocalResources = isLocal(); |
| 158 | |
| 159 | if (m_canLoadLocalResources) |
| 160 | m_filePath = url.fileSystemPath(); // In case enforceFilePathSeparation() is called. |
| 161 | |
| 162 | m_isPotentiallyTrustworthy = shouldTreatAsPotentiallyTrustworthy(url); |
| 163 | } |
| 164 | |
| 165 | SecurityOrigin::SecurityOrigin() |
| 166 | : m_data { emptyString(), emptyString(), WTF::nullopt } |
| 167 | , m_domain { emptyString() } |
| 168 | , m_isUnique { true } |
| 169 | , m_isPotentiallyTrustworthy { true } |
| 170 | { |
| 171 | } |
| 172 | |
| 173 | SecurityOrigin::SecurityOrigin(const SecurityOrigin* other) |
| 174 | : m_data { other->m_data.isolatedCopy() } |
| 175 | , m_domain { other->m_domain.isolatedCopy() } |
| 176 | , m_filePath { other->m_filePath.isolatedCopy() } |
| 177 | , m_isUnique { other->m_isUnique } |
| 178 | , m_universalAccess { other->m_universalAccess } |
| 179 | , m_domainWasSetInDOM { other->m_domainWasSetInDOM } |
| 180 | , m_canLoadLocalResources { other->m_canLoadLocalResources } |
| 181 | , m_storageBlockingPolicy { other->m_storageBlockingPolicy } |
| 182 | , m_enforcesFilePathSeparation { other->m_enforcesFilePathSeparation } |
| 183 | , m_needsStorageAccessFromFileURLsQuirk { other->m_needsStorageAccessFromFileURLsQuirk } |
| 184 | , m_isPotentiallyTrustworthy { other->m_isPotentiallyTrustworthy } |
| 185 | , m_isLocal { other->m_isLocal } |
| 186 | { |
| 187 | } |
| 188 | |
| 189 | Ref<SecurityOrigin> SecurityOrigin::create(const URL& url) |
| 190 | { |
| 191 | if (RefPtr<SecurityOrigin> cachedOrigin = getCachedOrigin(url)) |
| 192 | return cachedOrigin.releaseNonNull(); |
| 193 | |
| 194 | if (shouldTreatAsUniqueOrigin(url)) |
| 195 | return adoptRef(*new SecurityOrigin); |
| 196 | |
| 197 | if (shouldUseInnerURL(url)) |
| 198 | return adoptRef(*new SecurityOrigin(extractInnerURL(url))); |
| 199 | |
| 200 | return adoptRef(*new SecurityOrigin(url)); |
| 201 | } |
| 202 | |
| 203 | Ref<SecurityOrigin> SecurityOrigin::createUnique() |
| 204 | { |
| 205 | Ref<SecurityOrigin> origin(adoptRef(*new SecurityOrigin)); |
| 206 | ASSERT(origin.get().isUnique()); |
| 207 | return origin; |
| 208 | } |
| 209 | |
| 210 | Ref<SecurityOrigin> SecurityOrigin::createNonLocalWithAllowedFilePath(const URL& url, const String& filePath) |
| 211 | { |
| 212 | ASSERT(!url.isLocalFile()); |
| 213 | auto securityOrigin = SecurityOrigin::create(url); |
| 214 | securityOrigin->m_filePath = filePath; |
| 215 | return securityOrigin; |
| 216 | } |
| 217 | |
| 218 | Ref<SecurityOrigin> SecurityOrigin::isolatedCopy() const |
| 219 | { |
| 220 | return adoptRef(*new SecurityOrigin(this)); |
| 221 | } |
| 222 | |
| 223 | void SecurityOrigin::setDomainFromDOM(const String& newDomain) |
| 224 | { |
| 225 | m_domainWasSetInDOM = true; |
| 226 | m_domain = newDomain.convertToASCIILowercase(); |
| 227 | } |
| 228 | |
| 229 | bool SecurityOrigin::isSecure(const URL& url) |
| 230 | { |
| 231 | // Invalid URLs are secure, as are URLs which have a secure protocol. |
| 232 | if (!url.isValid() || SchemeRegistry::shouldTreatURLSchemeAsSecure(url.protocol().toStringWithoutCopying())) |
| 233 | return true; |
| 234 | |
| 235 | // URLs that wrap inner URLs are secure if those inner URLs are secure. |
| 236 | if (shouldUseInnerURL(url) && SchemeRegistry::shouldTreatURLSchemeAsSecure(extractInnerURL(url).protocol().toStringWithoutCopying())) |
| 237 | return true; |
| 238 | |
| 239 | return false; |
| 240 | } |
| 241 | |
| 242 | bool SecurityOrigin::canAccess(const SecurityOrigin& other) const |
| 243 | { |
| 244 | if (m_universalAccess) |
| 245 | return true; |
| 246 | |
| 247 | if (this == &other) |
| 248 | return true; |
| 249 | |
| 250 | if (isUnique() || other.isUnique()) |
| 251 | return false; |
| 252 | |
| 253 | // Here are two cases where we should permit access: |
| 254 | // |
| 255 | // 1) Neither document has set document.domain. In this case, we insist |
| 256 | // that the scheme, host, and port of the URLs match. |
| 257 | // |
| 258 | // 2) Both documents have set document.domain. In this case, we insist |
| 259 | // that the documents have set document.domain to the same value and |
| 260 | // that the scheme of the URLs match. |
| 261 | // |
| 262 | // This matches the behavior of Firefox 2 and Internet Explorer 6. |
| 263 | // |
| 264 | // Internet Explorer 7 and Opera 9 are more strict in that they require |
| 265 | // the port numbers to match when both pages have document.domain set. |
| 266 | // |
| 267 | // FIXME: Evaluate whether we can tighten this policy to require matched |
| 268 | // port numbers. |
| 269 | // |
| 270 | // Opera 9 allows access when only one page has set document.domain, but |
| 271 | // this is a security vulnerability. |
| 272 | |
| 273 | bool canAccess = false; |
| 274 | if (m_data.protocol == other.m_data.protocol) { |
| 275 | if (!m_domainWasSetInDOM && !other.m_domainWasSetInDOM) { |
| 276 | if (m_data.host == other.m_data.host && m_data.port == other.m_data.port) |
| 277 | canAccess = true; |
| 278 | } else if (m_domainWasSetInDOM && other.m_domainWasSetInDOM) { |
| 279 | if (m_domain == other.m_domain) |
| 280 | canAccess = true; |
| 281 | } |
| 282 | } |
| 283 | |
| 284 | if (canAccess && isLocal()) |
| 285 | canAccess = passesFileCheck(other); |
| 286 | |
| 287 | return canAccess; |
| 288 | } |
| 289 | |
| 290 | bool SecurityOrigin::passesFileCheck(const SecurityOrigin& other) const |
| 291 | { |
| 292 | ASSERT(isLocal() && other.isLocal()); |
| 293 | |
| 294 | return !m_enforcesFilePathSeparation && !other.m_enforcesFilePathSeparation; |
| 295 | } |
| 296 | |
| 297 | bool SecurityOrigin::canRequest(const URL& url) const |
| 298 | { |
| 299 | if (m_universalAccess) |
| 300 | return true; |
| 301 | |
| 302 | if (getCachedOrigin(url) == this) |
| 303 | return true; |
| 304 | |
| 305 | if (isUnique()) |
| 306 | return false; |
| 307 | |
| 308 | Ref<SecurityOrigin> targetOrigin(SecurityOrigin::create(url)); |
| 309 | |
| 310 | if (targetOrigin->isUnique()) |
| 311 | return false; |
| 312 | |
| 313 | // We call isSameSchemeHostPort here instead of canAccess because we want |
| 314 | // to ignore document.domain effects. |
| 315 | if (isSameSchemeHostPort(targetOrigin.get())) |
| 316 | return true; |
| 317 | |
| 318 | if (SecurityPolicy::isAccessWhiteListed(this, &targetOrigin.get())) |
| 319 | return true; |
| 320 | |
| 321 | return false; |
| 322 | } |
| 323 | |
| 324 | bool SecurityOrigin::canReceiveDragData(const SecurityOrigin& dragInitiator) const |
| 325 | { |
| 326 | if (this == &dragInitiator) |
| 327 | return true; |
| 328 | |
| 329 | return canAccess(dragInitiator); |
| 330 | } |
| 331 | |
| 332 | // This is a hack to allow keep navigation to http/https feeds working. To remove this |
| 333 | // we need to introduce new API akin to registerURLSchemeAsLocal, that registers a |
| 334 | // protocols navigation policy. |
| 335 | // feed(|s|search): is considered a 'nesting' scheme by embedders that support it, so it can be |
| 336 | // local or remote depending on what is nested. Currently we just check if we are nesting |
| 337 | // http or https, otherwise we ignore the nesting for the purpose of a security check. We need |
| 338 | // a facility for registering nesting schemes, and some generalized logic for them. |
| 339 | // This function should be removed as an outcome of https://bugs.webkit.org/show_bug.cgi?id=69196 |
| 340 | static bool isFeedWithNestedProtocolInHTTPFamily(const URL& url) |
| 341 | { |
| 342 | const String& string = url.string(); |
| 343 | if (!startsWithLettersIgnoringASCIICase(string, "feed")) |
| 344 | return false; |
| 345 | return startsWithLettersIgnoringASCIICase(string, "feed://") |
| 346 | || startsWithLettersIgnoringASCIICase(string, "feed:http:") |
| 347 | || startsWithLettersIgnoringASCIICase(string, "feed:https:") |
| 348 | || startsWithLettersIgnoringASCIICase(string, "feeds:http:") |
| 349 | || startsWithLettersIgnoringASCIICase(string, "feeds:https:") |
| 350 | || startsWithLettersIgnoringASCIICase(string, "feedsearch:http:") |
| 351 | || startsWithLettersIgnoringASCIICase(string, "feedsearch:https:"); |
| 352 | } |
| 353 | |
| 354 | bool SecurityOrigin::canDisplay(const URL& url) const |
| 355 | { |
| 356 | if (m_universalAccess) |
| 357 | return true; |
| 358 | |
| 359 | #if !PLATFORM(IOS_FAMILY) |
| 360 | if (m_data.protocol == "file"&& url.isLocalFile() && !FileSystem::filesHaveSameVolume(m_filePath, url.fileSystemPath())) |
| 361 | return false; |
| 362 | #endif |
| 363 | |
| 364 | if (isFeedWithNestedProtocolInHTTPFamily(url)) |
| 365 | return true; |
| 366 | |
| 367 | String protocol = url.protocol().toString(); |
| 368 | |
| 369 | if (SchemeRegistry::canDisplayOnlyIfCanRequest(protocol)) |
| 370 | return canRequest(url); |
| 371 | |
| 372 | if (SchemeRegistry::shouldTreatURLSchemeAsDisplayIsolated(protocol)) |
| 373 | return equalIgnoringASCIICase(m_data.protocol, protocol) || SecurityPolicy::isAccessToURLWhiteListed(this, url); |
| 374 | |
| 375 | if (!SecurityPolicy::restrictAccessToLocal()) |
| 376 | return true; |
| 377 | |
| 378 | if (url.isLocalFile() && url.fileSystemPath() == m_filePath) |
| 379 | return true; |
| 380 | |
| 381 | if (SchemeRegistry::shouldTreatURLSchemeAsLocal(protocol)) |
| 382 | return canLoadLocalResources() || SecurityPolicy::isAccessToURLWhiteListed(this, url); |
| 383 | |
| 384 | return true; |
| 385 | } |
| 386 | |
| 387 | bool SecurityOrigin::canAccessStorage(const SecurityOrigin* topOrigin, ShouldAllowFromThirdParty shouldAllowFromThirdParty) const |
| 388 | { |
| 389 | if (isUnique()) |
| 390 | return false; |
| 391 | |
| 392 | if (isLocal() && !needsStorageAccessFromFileURLsQuirk() && !m_universalAccess && shouldAllowFromThirdParty != AlwaysAllowFromThirdParty) |
| 393 | return false; |
| 394 | |
| 395 | if (m_storageBlockingPolicy == BlockAllStorage) |
| 396 | return false; |
| 397 | |
| 398 | // FIXME: This check should be replaced with an ASSERT once we can guarantee that topOrigin is not null. |
| 399 | if (!topOrigin) |
| 400 | return true; |
| 401 | |
| 402 | if (topOrigin->m_storageBlockingPolicy == BlockAllStorage) |
| 403 | return false; |
| 404 | |
| 405 | if (shouldAllowFromThirdParty == AlwaysAllowFromThirdParty) |
| 406 | return true; |
| 407 | |
| 408 | if (m_universalAccess) |
| 409 | return true; |
| 410 | |
| 411 | if ((m_storageBlockingPolicy == BlockThirdPartyStorage || topOrigin->m_storageBlockingPolicy == BlockThirdPartyStorage) && !topOrigin->isSameOriginAs(*this)) |
| 412 | return false; |
| 413 | |
| 414 | return true; |
| 415 | } |
| 416 | |
| 417 | SecurityOrigin::Policy SecurityOrigin::canShowNotifications() const |
| 418 | { |
| 419 | if (m_universalAccess) |
| 420 | return AlwaysAllow; |
| 421 | if (isUnique()) |
| 422 | return AlwaysDeny; |
| 423 | return Ask; |
| 424 | } |
| 425 | |
| 426 | bool SecurityOrigin::isSameOriginAs(const SecurityOrigin& other) const |
| 427 | { |
| 428 | if (this == &other) |
| 429 | return true; |
| 430 | |
| 431 | if (isUnique() || other.isUnique()) |
| 432 | return false; |
| 433 | |
| 434 | return isSameSchemeHostPort(other); |
| 435 | } |
| 436 | |
| 437 | bool SecurityOrigin::isMatchingRegistrableDomainSuffix(const String& domainSuffix, bool treatIPAddressAsDomain) const |
| 438 | { |
| 439 | if (domainSuffix.isEmpty()) |
| 440 | return false; |
| 441 | |
| 442 | auto ipAddressSetting = treatIPAddressAsDomain ? OriginAccessEntry::TreatIPAddressAsDomain : OriginAccessEntry::TreatIPAddressAsIPAddress; |
| 443 | OriginAccessEntry accessEntry { protocol(), domainSuffix, OriginAccessEntry::AllowSubdomains, ipAddressSetting }; |
| 444 | if (!accessEntry.matchesOrigin(*this)) |
| 445 | return false; |
| 446 | |
| 447 | // Always return true if it is an exact match. |
| 448 | if (domainSuffix.length() == host().length()) |
| 449 | return true; |
| 450 | |
| 451 | #if ENABLE(PUBLIC_SUFFIX_LIST) |
| 452 | return !isPublicSuffix(domainSuffix); |
| 453 | #else |
| 454 | return true; |
| 455 | #endif |
| 456 | } |
| 457 | |
| 458 | void SecurityOrigin::grantLoadLocalResources() |
| 459 | { |
| 460 | // Granting privileges to some, but not all, documents in a SecurityOrigin |
| 461 | // is a security hazard because the documents without the privilege can |
| 462 | // obtain the privilege by injecting script into the documents that have |
| 463 | // been granted the privilege. |
| 464 | m_canLoadLocalResources = true; |
| 465 | } |
| 466 | |
| 467 | void SecurityOrigin::grantUniversalAccess() |
| 468 | { |
| 469 | m_universalAccess = true; |
| 470 | } |
| 471 | |
| 472 | void SecurityOrigin::grantStorageAccessFromFileURLsQuirk() |
| 473 | { |
| 474 | m_needsStorageAccessFromFileURLsQuirk = true; |
| 475 | } |
| 476 | |
| 477 | String SecurityOrigin::domainForCachePartition() const |
| 478 | { |
| 479 | if (m_storageBlockingPolicy != BlockThirdPartyStorage) |
| 480 | return emptyString(); |
| 481 | |
| 482 | if (isHTTPFamily()) |
| 483 | return host(); |
| 484 | |
| 485 | if (SchemeRegistry::shouldPartitionCacheForURLScheme(m_data.protocol)) |
| 486 | return host(); |
| 487 | |
| 488 | return emptyString(); |
| 489 | } |
| 490 | |
| 491 | void SecurityOrigin::setEnforcesFilePathSeparation() |
| 492 | { |
| 493 | ASSERT(isLocal()); |
| 494 | m_enforcesFilePathSeparation = true; |
| 495 | } |
| 496 | |
| 497 | String SecurityOrigin::toString() const |
| 498 | { |
| 499 | if (isUnique()) |
| 500 | return "null"_s; |
| 501 | if (m_data.protocol == "file"&& m_enforcesFilePathSeparation) |
| 502 | return "null"_s; |
| 503 | return toRawString(); |
| 504 | } |
| 505 | |
| 506 | String SecurityOrigin::toRawString() const |
| 507 | { |
| 508 | return m_data.toString(); |
| 509 | } |
| 510 | |
| 511 | static inline bool areOriginsMatching(const SecurityOrigin& origin1, const SecurityOrigin& origin2) |
| 512 | { |
| 513 | ASSERT(&origin1 != &origin2); |
| 514 | |
| 515 | if (origin1.isUnique() || origin2.isUnique()) |
| 516 | return origin1.isUnique() == origin2.isUnique(); |
| 517 | |
| 518 | if (origin1.protocol() != origin2.protocol()) |
| 519 | return false; |
| 520 | |
| 521 | if (origin1.protocol() == "file") |
| 522 | return origin1.enforcesFilePathSeparation() == origin2.enforcesFilePathSeparation(); |
| 523 | |
| 524 | if (origin1.host() != origin2.host()) |
| 525 | return false; |
| 526 | |
| 527 | return origin1.port() == origin2.port(); |
| 528 | } |
| 529 | |
| 530 | // This function mimics the result of string comparison of serialized origins. |
| 531 | bool serializedOriginsMatch(const SecurityOrigin& origin1, const SecurityOrigin& origin2) |
| 532 | { |
| 533 | if (&origin1 == &origin2) |
| 534 | return true; |
| 535 | |
| 536 | ASSERT(!areOriginsMatching(origin1, origin2) || (origin1.toString() == origin2.toString())); |
| 537 | return areOriginsMatching(origin1, origin2); |
| 538 | } |
| 539 | |
| 540 | bool serializedOriginsMatch(const SecurityOrigin* origin1, const SecurityOrigin* origin2) |
| 541 | { |
| 542 | if (!origin1 || !origin2) |
| 543 | return origin1 == origin2; |
| 544 | |
| 545 | return serializedOriginsMatch(*origin1, *origin2); |
| 546 | } |
| 547 | |
| 548 | Ref<SecurityOrigin> SecurityOrigin::createFromString(const String& originString) |
| 549 | { |
| 550 | return SecurityOrigin::create(URL(URL(), originString)); |
| 551 | } |
| 552 | |
| 553 | Ref<SecurityOrigin> SecurityOrigin::create(const String& protocol, const String& host, Optional<uint16_t> port) |
| 554 | { |
| 555 | String decodedHost = decodeURLEscapeSequences(host); |
| 556 | auto origin = create(URL(URL(), protocol + "://"+ host + "/")); |
| 557 | if (port && !WTF::isDefaultPortForProtocol(*port, protocol)) |
| 558 | origin->m_data.port = port; |
| 559 | return origin; |
| 560 | } |
| 561 | |
| 562 | bool SecurityOrigin::equal(const SecurityOrigin* other) const |
| 563 | { |
| 564 | if (other == this) |
| 565 | return true; |
| 566 | |
| 567 | if (!isSameSchemeHostPort(*other)) |
| 568 | return false; |
| 569 | |
| 570 | if (m_domainWasSetInDOM != other->m_domainWasSetInDOM) |
| 571 | return false; |
| 572 | |
| 573 | if (m_domainWasSetInDOM && m_domain != other->m_domain) |
| 574 | return false; |
| 575 | |
| 576 | return true; |
| 577 | } |
| 578 | |
| 579 | bool SecurityOrigin::isSameSchemeHostPort(const SecurityOrigin& other) const |
| 580 | { |
| 581 | if (m_data != other.m_data) |
| 582 | return false; |
| 583 | |
| 584 | if (isLocal() && !passesFileCheck(other)) |
| 585 | return false; |
| 586 | |
| 587 | return true; |
| 588 | } |
| 589 | |
| 590 | bool SecurityOrigin::isLocalHostOrLoopbackIPAddress(StringView host) |
| 591 | { |
| 592 | if (isLoopbackIPAddress(host)) |
| 593 | return true; |
| 594 | |
| 595 | // FIXME: Ensure that localhost resolves to the loopback address. |
| 596 | if (equalLettersIgnoringASCIICase(host, "localhost")) |
| 597 | return true; |
| 598 | |
| 599 | return false; |
| 600 | } |
| 601 | |
| 602 | } // namespace WebCore |
| 603 |
Generated on 2019-Jul-08 from project webcore revision master
Powered by 
Code Browser 2.1
Generator usage only permitted with license.