Example #1
0
static inline bool areOriginsMatching(const SecurityOrigin& origin1, const SecurityOrigin& origin2)
{
    if (origin1.isUnique() || origin2.isUnique())
        return origin1.isUnique() == origin2.isUnique();

    if (origin1.protocol() != origin2.protocol())
        return false;

    if (origin1.protocol() == "file")
        return true;

    if (origin1.host() != origin2.host())
        return false;

    return origin1.port() == origin2.port();
}
Example #2
0
void MemoryCache::removeResourcesWithOrigin(SecurityOrigin& origin)
{
#if ENABLE(CACHE_PARTITIONING)
    String originPartition = ResourceRequest::partitionName(origin.host());
#endif

    Vector<CachedResource*> resourcesWithOrigin;
    for (auto& resources : m_sessionResources.values()) {
        for (auto& keyValue : *resources) {
            auto& resource = *keyValue.value;
#if ENABLE(CACHE_PARTITIONING)
            auto& partitionName = keyValue.key.second;
            if (partitionName == originPartition) {
                resourcesWithOrigin.append(&resource);
                continue;
            }
#endif
            RefPtr<SecurityOrigin> resourceOrigin = SecurityOrigin::create(resource.url());
            if (resourceOrigin->equal(&origin))
                resourcesWithOrigin.append(&resource);
        }
    }

    for (auto* resource : resourcesWithOrigin)
        remove(*resource);
}
Example #3
0
SecurityOriginData SecurityOriginData::fromSecurityOrigin(const SecurityOrigin& securityOrigin)
{
    SecurityOriginData securityOriginData;

    securityOriginData.protocol = securityOrigin.protocol();
    securityOriginData.host = securityOrigin.host();
    securityOriginData.port = securityOrigin.port();

    return securityOriginData;
}
Example #4
0
bool OriginAccessEntry::matchesOrigin(const SecurityOrigin& origin) const
{
    ASSERT(origin.host() == origin.host().convertToASCIILowercase());
    ASSERT(origin.protocol() == origin.protocol().convertToASCIILowercase());

    if (m_protocol != origin.protocol())
        return false;
    
    // Special case: Include subdomains and empty host means "all hosts, including ip addresses".
    if (m_subdomainSettings == AllowSubdomains && m_host.isEmpty())
        return true;
    
    // Exact match.
    if (m_host == origin.host())
        return true;
    
    // Otherwise we can only match if we're matching subdomains.
    if (m_subdomainSettings == DisallowSubdomains)
        return false;
    
    // Don't try to do subdomain matching on IP addresses.
    if (m_hostIsIPAddress)
        return false;
    
    // Match subdomains.
    if (origin.host().length() > m_host.length() && origin.host()[origin.host().length() - m_host.length() - 1] == '.' && origin.host().endsWith(m_host))
        return true;
    
    return false;
}
OriginAccessEntry::MatchResult OriginAccessEntry::matchesOrigin(const SecurityOrigin& origin) const
{
    ASSERT(origin.host() == origin.host().lower());
    ASSERT(origin.protocol() == origin.protocol().lower());

    if (m_protocol != origin.protocol())
        return DoesNotMatchOrigin;

    // Special case: Include subdomains and empty host means "all hosts, including ip addresses".
    if (m_subdomainSettings == AllowSubdomains && m_host.isEmpty())
        return MatchesOrigin;

    // Exact match.
    if (m_host == origin.host())
        return MatchesOrigin;

    // Otherwise we can only match if we're matching subdomains.
    if (m_subdomainSettings == DisallowSubdomains)
        return DoesNotMatchOrigin;

    // Don't try to do subdomain matching on IP addresses (except for testing).
    if (m_hostIsIPAddress && m_ipAddressSettings == TreatIPAddressAsIPAddress)
        return DoesNotMatchOrigin;

    // Match subdomains.
    if (origin.host().length() <= m_host.length() || origin.host()[origin.host().length() - m_host.length() - 1] != '.' || !origin.host().endsWith(m_host))
        return DoesNotMatchOrigin;

    if (m_hostIsPublicSuffix)
        return MatchesOriginButIsPublicSuffix;

    return MatchesOrigin;
}
OriginAccessEntry::MatchResult OriginAccessEntry::matchesDomain(const SecurityOrigin& origin) const
{
    ASSERT(origin.host() == origin.host().lower());
    // Special case: Include subdomains and empty host means "all hosts, including ip addresses".
    if (m_subdomainSettings != DisallowSubdomains && m_host.isEmpty())
        return MatchesOrigin;

    // Exact match.
    if (m_host == origin.host())
        return MatchesOrigin;

    // Don't try to do subdomain matching on IP addresses.
    if (m_hostIsIPAddress)
        return DoesNotMatchOrigin;

    // Match subdomains.
    switch (m_subdomainSettings) {
    case DisallowSubdomains:
        return DoesNotMatchOrigin;

    case AllowSubdomains:
        if (!IsSubdomainOfHost(origin.host(), m_host))
            return DoesNotMatchOrigin;
        break;

    case AllowRegisterableDomains:
        // Fall back to a simple subdomain check if no registerable domain could be found:
        if (m_registerableDomain.isEmpty()) {
            if (!IsSubdomainOfHost(origin.host(), m_host))
                return DoesNotMatchOrigin;
        } else if (m_registerableDomain != origin.host() && !IsSubdomainOfHost(origin.host(), m_registerableDomain)) {
            return DoesNotMatchOrigin;
        }
        break;
    };

    if (m_hostIsPublicSuffix)
        return MatchesOriginButIsPublicSuffix;

    return MatchesOrigin;
}
Example #7
0
void CSPSourceList::addSourceSelf()
{
    m_list.append(CSPSource(m_origin->protocol(), m_origin->host(), m_origin->port(), false, false));
}
ContentSecurityPolicy::ContentSecurityPolicy(const SecurityOrigin& securityOrigin)
    : m_sandboxFlags(SandboxNone)
{
    m_selfSourceProtocol = securityOrigin.protocol();
    m_selfSource = std::make_unique<ContentSecurityPolicySource>(*this, m_selfSourceProtocol, securityOrigin.host(), securityOrigin.port(), emptyString(), false, false);
}