void SecurityContext::applySandboxFlags(SandboxFlags mask) {
m_sandboxFlags |= mask;
if (isSandboxed(SandboxOrigin) && getSecurityOrigin() &&
!getSecurityOrigin()->isUnique()) {
setSecurityOrigin(SecurityOrigin::createUnique());
didUpdateSecurityOrigin();
}
}
void SecurityContext::enforceSandboxFlags(SandboxFlags mask)
{
m_sandboxFlags |= mask;
// The SandboxOrigin is stored redundantly in the security origin.
if (isSandboxed(SandboxOrigin) && securityOrigin() && !securityOrigin()->isUnique()) {
setSecurityOrigin(SecurityOrigin::createUnique());
didUpdateSecurityOrigin();
}
}
// Enforces the given suborigin as part of the security origin for this
// security context. |name| must not be empty, although it may be null. A null
// name represents a lack of a suborigin.
// See: https://w3c.github.io/webappsec-suborigins/index.html
void SecurityContext::enforceSuborigin(const Suborigin& suborigin) {
if (!RuntimeEnabledFeatures::suboriginsEnabled())
return;
DCHECK(!suborigin.name().isEmpty());
DCHECK(RuntimeEnabledFeatures::suboriginsEnabled());
DCHECK(m_securityOrigin.get());
DCHECK(!m_securityOrigin->hasSuborigin() ||
m_securityOrigin->suborigin()->name() == suborigin.name());
m_securityOrigin->addSuborigin(suborigin);
didUpdateSecurityOrigin();
}
