static inline bool areOriginsMatching(const SecurityOrigin& origin1, const SecurityOrigin& origin2) { if (origin1.isUnique() || origin2.isUnique()) return origin1.isUnique() == origin2.isUnique(); if (origin1.protocol() != origin2.protocol()) return false; if (origin1.protocol() == "file") return true; if (origin1.host() != origin2.host()) return false; return origin1.port() == origin2.port(); }
void MemoryCache::removeResourcesWithOrigin(SecurityOrigin& origin) { #if ENABLE(CACHE_PARTITIONING) String originPartition = ResourceRequest::partitionName(origin.host()); #endif Vector<CachedResource*> resourcesWithOrigin; for (auto& resources : m_sessionResources.values()) { for (auto& keyValue : *resources) { auto& resource = *keyValue.value; #if ENABLE(CACHE_PARTITIONING) auto& partitionName = keyValue.key.second; if (partitionName == originPartition) { resourcesWithOrigin.append(&resource); continue; } #endif RefPtr<SecurityOrigin> resourceOrigin = SecurityOrigin::create(resource.url()); if (resourceOrigin->equal(&origin)) resourcesWithOrigin.append(&resource); } } for (auto* resource : resourcesWithOrigin) remove(*resource); }
SecurityOriginData SecurityOriginData::fromSecurityOrigin(const SecurityOrigin& securityOrigin) { SecurityOriginData securityOriginData; securityOriginData.protocol = securityOrigin.protocol(); securityOriginData.host = securityOrigin.host(); securityOriginData.port = securityOrigin.port(); return securityOriginData; }
bool OriginAccessEntry::matchesOrigin(const SecurityOrigin& origin) const { ASSERT(origin.host() == origin.host().convertToASCIILowercase()); ASSERT(origin.protocol() == origin.protocol().convertToASCIILowercase()); if (m_protocol != origin.protocol()) return false; // Special case: Include subdomains and empty host means "all hosts, including ip addresses". if (m_subdomainSettings == AllowSubdomains && m_host.isEmpty()) return true; // Exact match. if (m_host == origin.host()) return true; // Otherwise we can only match if we're matching subdomains. if (m_subdomainSettings == DisallowSubdomains) return false; // Don't try to do subdomain matching on IP addresses. if (m_hostIsIPAddress) return false; // Match subdomains. if (origin.host().length() > m_host.length() && origin.host()[origin.host().length() - m_host.length() - 1] == '.' && origin.host().endsWith(m_host)) return true; return false; }
OriginAccessEntry::MatchResult OriginAccessEntry::matchesOrigin(const SecurityOrigin& origin) const { ASSERT(origin.host() == origin.host().lower()); ASSERT(origin.protocol() == origin.protocol().lower()); if (m_protocol != origin.protocol()) return DoesNotMatchOrigin; // Special case: Include subdomains and empty host means "all hosts, including ip addresses". if (m_subdomainSettings == AllowSubdomains && m_host.isEmpty()) return MatchesOrigin; // Exact match. if (m_host == origin.host()) return MatchesOrigin; // Otherwise we can only match if we're matching subdomains. if (m_subdomainSettings == DisallowSubdomains) return DoesNotMatchOrigin; // Don't try to do subdomain matching on IP addresses (except for testing). if (m_hostIsIPAddress && m_ipAddressSettings == TreatIPAddressAsIPAddress) return DoesNotMatchOrigin; // Match subdomains. if (origin.host().length() <= m_host.length() || origin.host()[origin.host().length() - m_host.length() - 1] != '.' || !origin.host().endsWith(m_host)) return DoesNotMatchOrigin; if (m_hostIsPublicSuffix) return MatchesOriginButIsPublicSuffix; return MatchesOrigin; }
OriginAccessEntry::MatchResult OriginAccessEntry::matchesDomain(const SecurityOrigin& origin) const { ASSERT(origin.host() == origin.host().lower()); // Special case: Include subdomains and empty host means "all hosts, including ip addresses". if (m_subdomainSettings != DisallowSubdomains && m_host.isEmpty()) return MatchesOrigin; // Exact match. if (m_host == origin.host()) return MatchesOrigin; // Don't try to do subdomain matching on IP addresses. if (m_hostIsIPAddress) return DoesNotMatchOrigin; // Match subdomains. switch (m_subdomainSettings) { case DisallowSubdomains: return DoesNotMatchOrigin; case AllowSubdomains: if (!IsSubdomainOfHost(origin.host(), m_host)) return DoesNotMatchOrigin; break; case AllowRegisterableDomains: // Fall back to a simple subdomain check if no registerable domain could be found: if (m_registerableDomain.isEmpty()) { if (!IsSubdomainOfHost(origin.host(), m_host)) return DoesNotMatchOrigin; } else if (m_registerableDomain != origin.host() && !IsSubdomainOfHost(origin.host(), m_registerableDomain)) { return DoesNotMatchOrigin; } break; }; if (m_hostIsPublicSuffix) return MatchesOriginButIsPublicSuffix; return MatchesOrigin; }
void CSPSourceList::addSourceSelf() { m_list.append(CSPSource(m_origin->protocol(), m_origin->host(), m_origin->port(), false, false)); }
ContentSecurityPolicy::ContentSecurityPolicy(const SecurityOrigin& securityOrigin) : m_sandboxFlags(SandboxNone) { m_selfSourceProtocol = securityOrigin.protocol(); m_selfSource = std::make_unique<ContentSecurityPolicySource>(*this, m_selfSourceProtocol, securityOrigin.host(), securityOrigin.port(), emptyString(), false, false); }