/**
* \brief Checks whether this policy file allowed the given URL to send a given request header
*
* \param url The URL to check if it is allowed by the policy file to send the given header
* \param to The URL of the request to which the request header belongs
* \param header The request header which needs to be checked if it is allowed
* \return \c true if allowed, otherwise \c false
*/
bool URLPolicyFile::allowsHTTPRequestHeaderFrom(const URLInfo& url, const URLInfo& to, const string& header)
{
//File must be loaded
if(!isLoaded())
return false;
//Only used for HTTP(S)
if(subtype != HTTP && subtype != HTTPS)
return false;
//This policy file doesn't apply to the given URL
if(!isMaster() && !to.isSubOf(url))
return false;
//Check if the file is invalid or ignored
if(!isValid() || isIgnored())
return false;
list<PolicyAllowHTTPRequestHeadersFrom*>::const_iterator i = allowHTTPRequestHeadersFrom.begin();
for(; i != allowHTTPRequestHeadersFrom.end(); ++i)
{
if((*i)->allowsHTTPRequestHeaderFrom(url, header))
return true;
}
return false;
}
/**
* \brief Checks if the URL doesn't point to a resource higher up the directory hierarchy than
* the current directory
*
* \param url The URL to evaluate
* \return \c ALLOWED if allowed or otherwise \c NA_RESTRICT_LOCAL_DIRECTORY
*/
SecurityManager::EVALUATIONRESULT SecurityManager::evaluateLocalDirectoryURL(const URLInfo& url)
{
//The URL is local and points to a directory above the origin
if(url.getProtocol() == "file" && !url.isSubOf(getSys()->getOrigin()))
return NA_RESTRICT_LOCAL_DIRECTORY;
return ALLOWED;
}
/**
* \brief Checks whether this policy file allows the given URL access
*
* \param url The URL to check if it is allowed by the policy file
* \param to The URL that is being requested by a resource at \c url
* \return \c true if allowed, otherwise \c false
*/
bool URLPolicyFile::allowsAccessFrom(const URLInfo& url, const URLInfo& to)
{
//File must be loaded
if(!isLoaded())
return false;
//This policy file doesn't apply to the given URL
if(!isMaster() && !to.isSubOf(url))
return false;
//Check if the file is invalid or ignored
if(!isValid() || isIgnored())
return false;
list<PolicyAllowAccessFrom*>::const_iterator i = allowAccessFrom.begin();
for(; i != allowAccessFrom.end(); ++i)
{
//This allow-access-from entry applies to our domain AND it allows our domain
if((*i)->allowsAccessFrom(url))
return true;
}
return false;
}
