bool OriginAccessEntry::matchesOrigin(const SecurityOrigin& origin) const
{
ASSERT(origin.host() == origin.host().convertToASCIILowercase());
ASSERT(origin.protocol() == origin.protocol().convertToASCIILowercase());
if (m_protocol != origin.protocol())
return false;
// Special case: Include subdomains and empty host means "all hosts, including ip addresses".
if (m_subdomainSettings == AllowSubdomains && m_host.isEmpty())
return true;
// Exact match.
if (m_host == origin.host())
return true;
// Otherwise we can only match if we're matching subdomains.
if (m_subdomainSettings == DisallowSubdomains)
return false;
// Don't try to do subdomain matching on IP addresses.
if (m_hostIsIPAddress)
return false;
// Match subdomains.
if (origin.host().length() > m_host.length() && origin.host()[origin.host().length() - m_host.length() - 1] == '.' && origin.host().endsWith(m_host))
return true;
return false;
}
OriginAccessEntry::MatchResult OriginAccessEntry::matchesOrigin(const SecurityOrigin& origin) const
{
ASSERT(origin.host() == origin.host().lower());
ASSERT(origin.protocol() == origin.protocol().lower());
if (m_protocol != origin.protocol())
return DoesNotMatchOrigin;
// Special case: Include subdomains and empty host means "all hosts, including ip addresses".
if (m_subdomainSettings == AllowSubdomains && m_host.isEmpty())
return MatchesOrigin;
// Exact match.
if (m_host == origin.host())
return MatchesOrigin;
// Otherwise we can only match if we're matching subdomains.
if (m_subdomainSettings == DisallowSubdomains)
return DoesNotMatchOrigin;
// Don't try to do subdomain matching on IP addresses (except for testing).
if (m_hostIsIPAddress && m_ipAddressSettings == TreatIPAddressAsIPAddress)
return DoesNotMatchOrigin;
// Match subdomains.
if (origin.host().length() <= m_host.length() || origin.host()[origin.host().length() - m_host.length() - 1] != '.' || !origin.host().endsWith(m_host))
return DoesNotMatchOrigin;
if (m_hostIsPublicSuffix)
return MatchesOriginButIsPublicSuffix;
return MatchesOrigin;
}
OriginAccessEntry::MatchResult OriginAccessEntry::matchesOrigin(const SecurityOrigin& origin) const
{
ASSERT(origin.protocol() == origin.protocol().lower());
if (m_protocol != origin.protocol())
return DoesNotMatchOrigin;
return matchesDomain(origin);
}
// source-list = *WSP [ source *( 1*WSP source ) *WSP ]
// / *WSP "'none'" *WSP
//
void CSPSourceList::parse(const UChar* begin, const UChar* end)
{
const UChar* position = begin;
bool isFirstSourceInList = true;
while (position < end) {
skipWhile<isASCIISpace>(position, end);
const UChar* beginSource = position;
skipWhile<isSourceCharacter>(position, end);
if (isFirstSourceInList && equalIgnoringCase("'none'", beginSource, position - beginSource))
return; // We represent 'none' as an empty m_list.
isFirstSourceInList = false;
String scheme, host;
int port = 0;
bool hostHasWildcard = false;
bool portHasWildcard = false;
if (parseSource(beginSource, position, scheme, host, port, hostHasWildcard, portHasWildcard)) {
if (scheme.isEmpty())
scheme = m_origin->protocol();
m_list.append(CSPSource(scheme, host, port, hostHasWildcard, portHasWildcard));
}
ASSERT(position == end || isASCIISpace(*position));
}
}
static inline bool areOriginsMatching(const SecurityOrigin& origin1, const SecurityOrigin& origin2)
{
if (origin1.isUnique() || origin2.isUnique())
return origin1.isUnique() == origin2.isUnique();
if (origin1.protocol() != origin2.protocol())
return false;
if (origin1.protocol() == "file")
return true;
if (origin1.host() != origin2.host())
return false;
return origin1.port() == origin2.port();
}
bool V8Proxy::isEnabled()
{
Settings* settings = m_frame->settings();
if (!settings)
return false;
// In the common case, JavaScript is enabled and we're done.
if (settings->isJavaScriptEnabled())
return true;
// If JavaScript has been disabled, we need to look at the frame to tell
// whether this script came from the web or the embedder. Scripts from the
// embedder are safe to run, but scripts from the other sources are
// disallowed.
Document* document = m_frame->document();
if (!document)
return false;
SecurityOrigin* origin = document->securityOrigin();
if (origin->protocol().isEmpty())
return false; // Uninitialized document
if (origin->protocol() == "http" || origin->protocol() == "https")
return false; // Web site
// FIXME: the following are application decisions, and they should
// not be made at this layer. instead, we should bridge out to the
// embedder to allow them to override policy here.
if (origin->protocol() == ChromiumBridge::uiResourceProtocol())
return true; // Embedder's scripts are ok to run
// If the scheme is ftp: or file:, an empty file name indicates a directory
// listing, which requires JavaScript to function properly.
const char* kDirProtocols[] = { "ftp", "file" };
for (size_t i = 0; i < arraysize(kDirProtocols); ++i) {
if (origin->protocol() == kDirProtocols[i]) {
const KURL& url = document->url();
return url.pathAfterLastSlash() == url.pathEnd();
}
}
return false; // Other protocols fall through to here
}
SecurityOriginData SecurityOriginData::fromSecurityOrigin(const SecurityOrigin& securityOrigin)
{
SecurityOriginData securityOriginData;
securityOriginData.protocol = securityOrigin.protocol();
securityOriginData.host = securityOrigin.host();
securityOriginData.port = securityOrigin.port();
return securityOriginData;
}
static void measureStricterVersionOfIsMixedContent(Frame* frame,
const KURL& url) {
// We're currently only checking for mixed content in `https://*` contexts.
// What about other "secure" contexts the SchemeRegistry knows about? We'll
// use this method to measure the occurance of non-webby mixed content to make
// sure we're not breaking the world without realizing it.
SecurityOrigin* origin = frame->securityContext()->getSecurityOrigin();
if (MixedContentChecker::isMixedContent(origin, url)) {
if (origin->protocol() != "https") {
UseCounter::count(
frame,
UseCounter::MixedContentInNonHTTPSFrameThatRestrictsMixedContent);
}
} else if (!SecurityOrigin::isSecure(url) &&
SchemeRegistry::shouldTreatURLSchemeAsSecure(origin->protocol())) {
UseCounter::count(
frame,
UseCounter::MixedContentInSecureFrameThatDoesNotRestrictMixedContent);
}
}
void CSPSourceList::addSourceSelf()
{
m_list.append(CSPSource(m_origin->protocol(), m_origin->host(), m_origin->port(), false, false));
}
ContentSecurityPolicy::ContentSecurityPolicy(const SecurityOrigin& securityOrigin)
: m_sandboxFlags(SandboxNone)
{
m_selfSourceProtocol = securityOrigin.protocol();
m_selfSource = std::make_unique<ContentSecurityPolicySource>(*this, m_selfSourceProtocol, securityOrigin.host(), securityOrigin.port(), emptyString(), false, false);
}
bool V8Proxy::isEnabled()
{
Settings* settings = m_frame->settings();
if (!settings)
return false;
// In the common case, JavaScript is enabled and we're done.
if (settings->isJavaScriptEnabled())
return true;
// If JavaScript has been disabled, we need to look at the frame to tell
// whether this script came from the web or the embedder. Scripts from the
// embedder are safe to run, but scripts from the other sources are
// disallowed.
Document* document = m_frame->document();
if (!document)
return false;
SecurityOrigin* origin = document->securityOrigin();
if (origin->protocol().isEmpty())
return false; // Uninitialized document
if (origin->protocol() == "http" || origin->protocol() == "https")
return false; // Web site
// FIXME: the following are application decisions, and they should
// not be made at this layer. instead, we should bridge out to the
// embedder to allow them to override policy here.
#if PLATFORM(CHROMIUM)
// TODO(andreip): ChromeBridge->BrowserBridge?
if (origin->protocol() == ChromiumBridge::uiResourceProtocol())
return true; // Embedder's scripts are ok to run
#endif
// If the scheme is ftp: or file:, an empty file name indicates a directory
// listing, which requires JavaScript to function properly.
const char* kDirProtocols[] = { "ftp", "file" };
#if PLATFORM(ANDROID)
// TODO(andreip): Port arraysize function to Android. There's one in Gears.
for (size_t i = 0; i < 2; ++i) {
#else
for (size_t i = 0; i < arraysize(kDirProtocols); ++i) {
#endif
if (origin->protocol() == kDirProtocols[i]) {
const KURL& url = document->url();
return url.pathAfterLastSlash() == url.pathEnd();
}
}
return false; // Other protocols fall through to here
}
void V8Proxy::updateDocumentWrapper(v8::Handle<v8::Value> wrapper)
{
clearDocumentWrapper();
ASSERT(m_document.IsEmpty());
m_document = v8::Persistent<v8::Value>::New(wrapper);
#ifndef NDEBUG
V8GCController::registerGlobalHandle(PROXY, this, m_document);
#endif
}
