PassRefPtr<SecurityOrigin> SecurityOrigin::create(const URL& url) { RefPtr<SecurityOrigin> cachedOrigin = getCachedOrigin(url); if (cachedOrigin.get()) return cachedOrigin; if (shouldTreatAsUniqueOrigin(url)) { RefPtr<SecurityOrigin> origin = adoptRef(new SecurityOrigin()); if (url.protocolIs("file")) { // Unfortunately, we can't represent all unique origins exactly // the same way because we need to produce a quirky database // identifier for file URLs due to persistent storage in some // embedders of WebKit. origin->m_needsDatabaseIdentifierQuirkForFiles = true; } return origin.release(); } if (shouldUseInnerURL(url)) return adoptRef(new SecurityOrigin(extractInnerURL(url))); return adoptRef(new SecurityOrigin(url)); }
bool SecurityOrigin::canRequest(const KURL& url) const { if (m_universalAccess) return true; if (getCachedOrigin(url) == this) return true; if (isUnique()) return false; RefPtr<SecurityOrigin> targetOrigin = SecurityOrigin::create(url); if (targetOrigin->isUnique()) return false; // We call isSameSchemeHostPort here instead of canAccess because we want // to ignore document.domain effects. if (isSameSchemeHostPort(targetOrigin.get())) return true; if (SecurityPolicy::isAccessWhiteListed(this, targetOrigin.get())) return true; return false; }
Ref<SecurityOrigin> SecurityOrigin::create(const URL& url) { if (RefPtr<SecurityOrigin> cachedOrigin = getCachedOrigin(url)) return cachedOrigin.releaseNonNull(); if (shouldTreatAsUniqueOrigin(url)) return adoptRef(*new SecurityOrigin); if (shouldUseInnerURL(url)) return adoptRef(*new SecurityOrigin(extractInnerURL(url))); return adoptRef(*new SecurityOrigin(url)); }