1 | /* |
2 | * Copyright (C) 2011 Google Inc. All rights reserved. |
3 | * |
4 | * Redistribution and use in source and binary forms, with or without |
5 | * modification, are permitted provided that the following conditions |
6 | * are met: |
7 | * |
8 | * 1. Redistributions of source code must retain the above copyright |
9 | * notice, this list of conditions and the following disclaimer. |
10 | * 2. Redistributions in binary form must reproduce the above copyright |
11 | * notice, this list of conditions and the following disclaimer in the |
12 | * documentation and/or other materials provided with the distribution. |
13 | * 3. Neither the name of Google, Inc. ("Google") nor the names of |
14 | * its contributors may be used to endorse or promote products derived |
15 | * from this software without specific prior written permission. |
16 | * |
17 | * THIS SOFTWARE IS PROVIDED BY GOOGLE AND ITS CONTRIBUTORS "AS IS" AND ANY |
18 | * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
19 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
20 | * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY |
21 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
22 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
23 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
24 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
27 | */ |
28 | |
29 | #pragma once |
30 | |
31 | #include "FetchOptions.h" |
32 | #include <wtf/text/WTFString.h> |
33 | |
34 | namespace WebCore { |
35 | |
36 | class SecurityOrigin; |
37 | |
38 | class SecurityPolicy { |
39 | public: |
40 | // True if the referrer should be omitted according to ReferrerPolicy::Default. |
41 | // If you intend to send a referrer header, you should use generateReferrerHeader instead. |
42 | WEBCORE_EXPORT static bool shouldHideReferrer(const URL&, const String& referrer); |
43 | |
44 | // Returns the referrer's security origin plus a / to make it a canonical URL |
45 | // and thus useable as referrer. |
46 | static String referrerToOriginString(const String& referrer); |
47 | |
48 | // Returns the referrer modified according to the referrer policy for a |
49 | // navigation to a given URL. If the referrer returned is empty, the |
50 | // referrer header should be omitted. |
51 | WEBCORE_EXPORT static String (ReferrerPolicy, const URL&, const String& referrer); |
52 | |
53 | static bool shouldInheritSecurityOriginFromOwner(const URL&); |
54 | |
55 | enum LocalLoadPolicy { |
56 | AllowLocalLoadsForAll, // No restriction on local loads. |
57 | AllowLocalLoadsForLocalAndSubstituteData, |
58 | AllowLocalLoadsForLocalOnly, |
59 | }; |
60 | |
61 | WEBCORE_EXPORT static void setLocalLoadPolicy(LocalLoadPolicy); |
62 | static bool restrictAccessToLocal(); |
63 | static bool allowSubstituteDataAccessToLocal(); |
64 | |
65 | WEBCORE_EXPORT static void addOriginAccessWhitelistEntry(const SecurityOrigin& sourceOrigin, const String& destinationProtocol, const String& destinationDomain, bool allowDestinationSubdomains); |
66 | WEBCORE_EXPORT static void removeOriginAccessWhitelistEntry(const SecurityOrigin& sourceOrigin, const String& destinationProtocol, const String& destinationDomain, bool allowDestinationSubdomains); |
67 | WEBCORE_EXPORT static void resetOriginAccessWhitelists(); |
68 | |
69 | static bool isAccessWhiteListed(const SecurityOrigin* activeOrigin, const SecurityOrigin* targetOrigin); |
70 | static bool isAccessToURLWhiteListed(const SecurityOrigin* activeOrigin, const URL&); |
71 | }; |
72 | |
73 | } // namespace WebCore |
74 | |