void EventSource::connect() { ASSERT(m_state == CONNECTING); ASSERT(!m_requestInFlight); ResourceRequest request(m_url); request.setHTTPMethod("GET"); request.setHTTPHeaderField("Accept", "text/event-stream"); request.setHTTPHeaderField("Cache-Control", "no-cache"); if (!m_lastEventId.isEmpty()) request.setHTTPHeaderField("Last-Event-ID", m_lastEventId); SecurityOrigin* origin = executionContext()->securityOrigin(); ThreadableLoaderOptions options; options.sniffContent = DoNotSniffContent; options.allowCredentials = (origin->canRequest(m_url) || m_withCredentials) ? AllowStoredCredentials : DoNotAllowStoredCredentials; options.credentialsRequested = m_withCredentials ? ClientRequestedCredentials : ClientDidNotRequestCredentials; options.preflightPolicy = PreventPreflight; options.crossOriginRequestPolicy = UseAccessControl; options.dataBufferingPolicy = DoNotBufferData; options.securityOrigin = origin; options.contentSecurityPolicyEnforcement = ContentSecurityPolicy::shouldBypassMainWorld(executionContext()) ? DoNotEnforceContentSecurityPolicy : EnforceConnectSrcDirective; m_loader = ThreadableLoader::create(executionContext(), this, request, options); if (m_loader) m_requestInFlight = true; }
void ChromeClientBlackBerry::exceededDatabaseQuota(Frame* frame, const String& name, DatabaseDetails details) { #if ENABLE(SQL_DATABASE) Document* document = frame->document(); if (!document) return; SecurityOrigin* origin = document->securityOrigin(); #if !defined(PUBLIC_BUILD) || !PUBLIC_BUILD if (m_webPagePrivate->m_dumpRenderTree) { m_webPagePrivate->m_dumpRenderTree->exceededDatabaseQuota(origin, name); return; } #endif DatabaseManager& manager = DatabaseManager::manager(); unsigned long long originUsage = manager.usageForOrigin(origin); unsigned long long currentQuota = manager.quotaForOrigin(origin); unsigned long long estimatedSize = details.expectedUsage(); const String& nameStr = details.displayName(); String originStr = origin->toString(); unsigned long long quota = m_webPagePrivate->m_client->databaseQuota(originStr, nameStr, originUsage, currentQuota, estimatedSize); manager.setQuota(origin, quota); #endif }
static CString frameOrigin(Frame* frame) { DOMWindow* window = frame->domWindow(); SecurityOrigin* origin = window->securityOrigin(); CString latinOrigin = origin->toString().latin1(); return latinOrigin; }
void DOMWindowFileSystem::webkitResolveLocalFileSystemURL(DOMWindow* window, const String& url, PassRefPtr<EntryCallback> successCallback, PassRefPtr<ErrorCallback> errorCallback) { if (!window->isCurrentlyDisplayedInFrame()) return; Document* document = window->document(); if (!document) return; SecurityOrigin* securityOrigin = document->securityOrigin(); KURL completedURL = document->completeURL(url); if (!securityOrigin->canAccessFileSystem() || !securityOrigin->canRequest(completedURL)) { DOMFileSystem::scheduleCallback(document, errorCallback, FileError::create(FileError::SECURITY_ERR)); return; } FileSystemType type; String filePath; if (!completedURL.isValid() || !DOMFileSystemBase::crackFileSystemURL(completedURL, type, filePath)) { DOMFileSystem::scheduleCallback(document, errorCallback, FileError::create(FileError::ENCODING_ERR)); return; } LocalFileSystem::from(document)->readFileSystem(document, type, ResolveURICallbacks::create(successCallback, errorCallback, document, type, filePath)); }
void EventSource::connect() { ASSERT(m_state == CONNECTING); ASSERT(!m_requestInFlight); ASSERT(executionContext()); ExecutionContext& executionContext = *this->executionContext(); ResourceRequest request(m_url); request.setHTTPMethod("GET"); request.setHTTPHeaderField("Accept", "text/event-stream"); request.setHTTPHeaderField("Cache-Control", "no-cache"); request.setRequestContext(WebURLRequest::RequestContextEventSource); if (!m_lastEventId.isEmpty()) request.setHTTPHeaderField("Last-Event-ID", m_lastEventId); SecurityOrigin* origin = executionContext.securityOrigin(); ThreadableLoaderOptions options; options.preflightPolicy = PreventPreflight; options.crossOriginRequestPolicy = UseAccessControl; options.contentSecurityPolicyEnforcement = ContentSecurityPolicy::shouldBypassMainWorld(&executionContext) ? DoNotEnforceContentSecurityPolicy : EnforceConnectSrcDirective; ResourceLoaderOptions resourceLoaderOptions; resourceLoaderOptions.allowCredentials = (origin->canRequest(m_url) || m_withCredentials) ? AllowStoredCredentials : DoNotAllowStoredCredentials; resourceLoaderOptions.credentialsRequested = m_withCredentials ? ClientRequestedCredentials : ClientDidNotRequestCredentials; resourceLoaderOptions.dataBufferingPolicy = DoNotBufferData; resourceLoaderOptions.securityOrigin = origin; InspectorInstrumentation::willSendEventSourceRequest(&executionContext, this); // InspectorInstrumentation::documentThreadableLoaderStartedLoadingForClient will be called synchronously. m_loader = ThreadableLoader::create(executionContext, this, request, options, resourceLoaderOptions); if (m_loader) m_requestInFlight = true; }
void WebChromeClient::exceededDatabaseQuota(Frame* frame, const String& databaseName, DatabaseDetails details) { WebFrame* webFrame = WebFrame::fromCoreFrame(*frame); ASSERT(webFrame); SecurityOrigin* origin = frame->document()->securityOrigin(); DatabaseManager& dbManager = DatabaseManager::singleton(); uint64_t currentQuota = dbManager.quotaForOrigin(origin); uint64_t currentOriginUsage = dbManager.usageForOrigin(origin); uint64_t newQuota = 0; RefPtr<API::SecurityOrigin> securityOrigin = API::SecurityOrigin::create(WebCore::SecurityOrigin::createFromDatabaseIdentifier(origin->databaseIdentifier())); newQuota = m_page->injectedBundleUIClient().didExceedDatabaseQuota(m_page, securityOrigin.get(), databaseName, details.displayName(), currentQuota, currentOriginUsage, details.currentUsage(), details.expectedUsage()); if (!newQuota) { unsigned syncSendFlags = IPC::InformPlatformProcessWillSuspend; if (WebPage::synchronousMessagesShouldSpinRunLoop()) syncSendFlags |= IPC::SpinRunLoopWhileWaitingForReply; WebProcess::singleton().parentProcessConnection()->sendSync( Messages::WebPageProxy::ExceededDatabaseQuota(webFrame->frameID(), origin->databaseIdentifier(), databaseName, details.displayName(), currentQuota, currentOriginUsage, details.currentUsage(), details.expectedUsage()), Messages::WebPageProxy::ExceededDatabaseQuota::Reply(newQuota), m_page->pageID(), std::chrono::milliseconds::max(), syncSendFlags); } dbManager.setQuota(origin, newQuota); }
void V8DOMWindowShell::setSecurityToken() { ASSERT(m_world->isMainWorld()); Document* document = m_frame->document(); // Ask the document's SecurityOrigin to generate a security token. // If two tokens are equal, then the SecurityOrigins canAccess each other. // If two tokens are not equal, then we have to call canAccess. // Note: we can't use the HTTPOrigin if it was set from the DOM. SecurityOrigin* origin = document->securityOrigin(); String token; if (!origin->domainWasSetInDOM()) token = document->securityOrigin()->toString(); // An empty or "null" token means we always have to call // canAccess. The toString method on securityOrigins returns the // string "null" for empty security origins and for security // origins that should only allow access to themselves. In this // case, we use the global object as the security token to avoid // calling canAccess when a script accesses its own objects. if (token.isEmpty() || token == "null") { m_context->UseDefaultSecurityToken(); return; } CString utf8Token = token.utf8(); // NOTE: V8 does identity comparison in fast path, must use a symbol // as the security token. m_context->SetSecurityToken(v8::String::NewSymbol(utf8Token.data(), utf8Token.length())); }
static bool canAccessAncestor(const SecurityOrigin& activeSecurityOrigin, const Frame* targetFrame) { // targetFrame can be 0 when we're trying to navigate a top-level frame // that has a 0 opener. if (!targetFrame) return false; const bool isLocalActiveOrigin = activeSecurityOrigin.isLocal(); for (const Frame* ancestorFrame = targetFrame; ancestorFrame; ancestorFrame = ancestorFrame->tree().parent()) { const SecurityOrigin* ancestorSecurityOrigin = ancestorFrame->securityContext()->getSecurityOrigin(); if (activeSecurityOrigin.canAccess(ancestorSecurityOrigin)) return true; // Allow file URL descendant navigation even when // allowFileAccessFromFileURLs is false. // FIXME: It's a bit strange to special-case local origins here. Should we // be doing something more general instead? if (isLocalActiveOrigin && ancestorSecurityOrigin->isLocal()) return true; } return false; }
// http://www.whatwg.org/specs/web-apps/current-work/multipage/links.html#hyperlink-auditing void PingLoader::sendPing(Frame* frame, const KURL& pingURL, const KURL& destinationURL) { ResourceRequest request(pingURL); #if PLATFORM(BLACKBERRY) request.setTargetType(ResourceRequest::TargetIsSubresource); #endif request.setHTTPMethod("POST"); request.setHTTPContentType("text/ping"); request.setHTTPBody(FormData::create("PING")); request.setHTTPHeaderField("Cache-Control", "max-age=0"); frame->loader()->addExtraFieldsToSubresourceRequest(request); SecurityOrigin* sourceOrigin = frame->document()->securityOrigin(); RefPtr<SecurityOrigin> pingOrigin = SecurityOrigin::create(pingURL); FrameLoader::addHTTPOriginIfNeeded(request, sourceOrigin->toString()); request.setHTTPHeaderField("Ping-To", destinationURL); if (!SecurityPolicy::shouldHideReferrer(pingURL, frame->loader()->outgoingReferrer())) { request.setHTTPHeaderField("Ping-From", frame->document()->url()); if (!sourceOrigin->isSameSchemeHostPort(pingOrigin.get())) { String referrer = SecurityPolicy::generateReferrerHeader(frame->document()->referrerPolicy(), pingURL, frame->loader()->outgoingReferrer()); if (!referrer.isEmpty()) request.setHTTPReferrer(referrer); } } OwnPtr<PingLoader> pingLoader = adoptPtr(new PingLoader(frame, request)); // Leak the ping loader, since it will kill itself as soon as it receives a response. PingLoader* leakedPingLoader = pingLoader.leakPtr(); UNUSED_PARAM(leakedPingLoader); }
void EventSource::connect() { ASSERT(m_state == CONNECTING); ASSERT(!m_requestInFlight); ResourceRequest request(m_url); request.setHTTPMethod("GET"); request.setHTTPHeaderField("Accept", "text/event-stream"); request.setHTTPHeaderField("Cache-Control", "no-cache"); if (!m_lastEventId.isEmpty()) request.setHTTPHeaderField("Last-Event-ID", m_lastEventId); SecurityOrigin* origin = scriptExecutionContext()->securityOrigin(); ThreadableLoaderOptions options; options.sendLoadCallbacks = SendCallbacks; options.sniffContent = DoNotSniffContent; options.allowCredentials = (origin->canRequest(m_url) || m_withCredentials) ? AllowStoredCredentials : DoNotAllowStoredCredentials; options.preflightPolicy = PreventPreflight; options.crossOriginRequestPolicy = UseAccessControl; options.dataBufferingPolicy = DoNotBufferData; options.securityOrigin = origin; m_loader = ThreadableLoader::create(scriptExecutionContext(), this, request, options); if (m_loader) m_requestInFlight = true; }
void ChromeClientBlackBerry::exceededDatabaseQuota(Frame* frame, const String& name) { #if ENABLE(SQL_DATABASE) Document* document = frame->document(); if (!document) return; SecurityOrigin* origin = document->securityOrigin(); #if ENABLE_DRT if (m_webPagePrivate->m_dumpRenderTree) { m_webPagePrivate->m_dumpRenderTree->exceededDatabaseQuota(origin, name); return; } #endif DatabaseTracker& tracker = DatabaseTracker::tracker(); unsigned long long totalUsage = tracker.totalDatabaseUsage(); unsigned long long originUsage = tracker.usageForOrigin(origin); DatabaseDetails details = tracker.detailsForNameAndOrigin(name, origin); unsigned long long estimatedSize = details.expectedUsage(); const String& nameStr = details.displayName(); String originStr = origin->databaseIdentifier(); unsigned long long quota = m_webPagePrivate->m_client->databaseQuota(originStr.characters(), originStr.length(), nameStr.characters(), nameStr.length(), totalUsage, originUsage, estimatedSize); tracker.setQuota(origin, quota); #endif }
FetchRequest PreloadRequest::resourceRequest(Document* document) { ASSERT(isMainThread()); FetchInitiatorInfo initiatorInfo; initiatorInfo.name = AtomicString(m_initiatorName); initiatorInfo.position = m_initiatorPosition; ResourceRequest resourceRequest(completeURL(document)); resourceRequest.setHTTPReferrer(SecurityPolicy::generateReferrer(m_referrerPolicy, resourceRequest.url(), document->outgoingReferrer())); FetchRequest request(resourceRequest, initiatorInfo); if (m_resourceType == Resource::ImportResource) { SecurityOrigin* securityOrigin = document->contextDocument()->securityOrigin(); bool sameOrigin = securityOrigin->canRequest(request.url()); request.setCrossOriginAccessControl(securityOrigin, sameOrigin ? AllowStoredCredentials : DoNotAllowStoredCredentials, ClientDidNotRequestCredentials); } if (m_isCORSEnabled) request.setCrossOriginAccessControl(document->securityOrigin(), m_allowCredentials); request.setDefer(m_defer); request.setResourceWidth(m_resourceWidth); request.clientHintsPreferences().updateFrom(m_clientHintsPreferences); return request; }
void Deprecation::countDeprecationCrossOriginIframe(const LocalFrame* frame, UseCounter::Feature feature) { // Check to see if the frame can script into the top level document. SecurityOrigin* securityOrigin = frame->securityContext()->getSecurityOrigin(); Frame* top = frame->tree().top(); if (top && !securityOrigin->canAccess(top->securityContext()->getSecurityOrigin())) countDeprecation(frame, feature); }
void NotificationManager::requestPermission(ScriptExecutionContext* context, PassRefPtr<NotificationPermissionCallback> callback) { SecurityOrigin* origin = context->securityOrigin(); String requestID = createCanonicalUUIDString(); m_originToIDMap.set(origin, requestID); m_idToOriginMap.set(requestID, origin); m_idToCallbackMap.set(requestID, callback); m_webPagePrivate->client()->requestNotificationPermission(requestID, origin->toString()); }
OriginAccessEntry::MatchResult OriginAccessEntry::matchesOrigin(const SecurityOrigin& origin) const { ASSERT(origin.protocol() == origin.protocol().lower()); if (m_protocol != origin.protocol()) return DoesNotMatchOrigin; return matchesDomain(origin); }
// This function mimics the result of string comparison of serialized origins bool originsMatch(const SecurityOrigin& origin1, const SecurityOrigin& origin2) { if (&origin1 == &origin2) return true; bool result = areOriginsMatching(origin1, origin2); ASSERT(result == (origin1.toString() == origin2.toString())); return result; }
WebIDBServerConnection::WebIDBServerConnection(const String& databaseName, const SecurityOrigin& openingOrigin, const SecurityOrigin& mainFrameOrigin) : m_serverConnectionIdentifier(generateServerConnectionIdentifier()) , m_databaseName(databaseName) , m_openingOrigin(*openingOrigin.isolatedCopy()) , m_mainFrameOrigin(*mainFrameOrigin.isolatedCopy()) { send(Messages::DatabaseToWebProcessConnection::EstablishIDBConnection(m_serverConnectionIdentifier)); send(Messages::DatabaseProcessIDBConnection::EstablishConnection(databaseName, SecurityOriginData::fromSecurityOrigin(&openingOrigin), SecurityOriginData::fromSecurityOrigin(&mainFrameOrigin))); }
WebInputEventResult TouchEventManager::handleTouchEvent( const PlatformTouchEvent& event, const HeapVector<TouchInfo>& touchInfos) { // Note that the disposition of any pointer events affects only the generation of touch // events. If all pointer events were handled (and hence no touch events were fired), that // is still equivalent to the touch events going unhandled because pointer event handler // don't block scroll gesture generation. // TODO(crbug.com/507408): If PE handlers always call preventDefault, we won't see TEs until after // scrolling starts because the scrolling would suppress upcoming PEs. This sudden "break" in TE // suppression can make the visible TEs inconsistent (e.g. touchmove without a touchstart). bool allTouchesReleased = true; for (const auto& point : event.touchPoints()) { if (point.state() != PlatformTouchPoint::TouchReleased && point.state() != PlatformTouchPoint::TouchCancelled) allTouchesReleased = false; } // Whether a touch should be considered a "user gesture" or not is a tricky question. // https://docs.google.com/document/d/1oF1T3O7_E4t1PYHV6gyCwHxOi3ystm0eSL5xZu7nvOg/edit# // The touchend corresponding to a tap is always a user gesture. bool isTap = event.touchPoints().size() == 1 && event.touchPoints()[0].state() == PlatformTouchPoint::TouchReleased && !event.causesScrollingIfUncanceled(); // For now, disallow dragging as a user gesture when the events are being sent to a // cross-origin iframe (crbug.com/582140). bool isSameOrigin = false; if (m_touchSequenceDocument && m_touchSequenceDocument->frame()) { SecurityOrigin* securityOrigin = m_touchSequenceDocument->frame()->securityContext()->getSecurityOrigin(); Frame* top = m_frame->tree().top(); if (top && securityOrigin->canAccess(top->securityContext()->getSecurityOrigin())) isSameOrigin = true; } OwnPtr<UserGestureIndicator> gestureIndicator; if (isTap || isSameOrigin) { UserGestureUtilizedCallback* callback = 0; if (!isTap) { // This is some other touch event that we currently consider a user gesture. So // use a UserGestureUtilizedCallback to get metrics. callback = &m_touchSequenceDocument->frame()->eventHandler(); } if (m_touchSequenceUserGestureToken) gestureIndicator = adoptPtr(new UserGestureIndicator(m_touchSequenceUserGestureToken.release(), callback)); else gestureIndicator = adoptPtr(new UserGestureIndicator(DefinitelyProcessingUserGesture, callback)); m_touchSequenceUserGestureToken = UserGestureIndicator::currentToken(); } return dispatchTouchEvents(event, touchInfos, allTouchesReleased); }
SecurityOriginData SecurityOriginData::fromSecurityOrigin(const SecurityOrigin& securityOrigin) { SecurityOriginData securityOriginData; securityOriginData.protocol = securityOrigin.protocol(); securityOriginData.host = securityOrigin.host(); securityOriginData.port = securityOrigin.port(); return securityOriginData; }
OriginAccessEntry::MatchResult OriginAccessEntry::matchesOrigin(const SecurityOrigin& origin) const { ASSERT(origin.host() == origin.host().lower()); ASSERT(origin.protocol() == origin.protocol().lower()); if (m_protocol != origin.protocol()) return DoesNotMatchOrigin; // Special case: Include subdomains and empty host means "all hosts, including ip addresses". if (m_subdomainSettings == AllowSubdomains && m_host.isEmpty()) return MatchesOrigin; // Exact match. if (m_host == origin.host()) return MatchesOrigin; // Otherwise we can only match if we're matching subdomains. if (m_subdomainSettings == DisallowSubdomains) return DoesNotMatchOrigin; // Don't try to do subdomain matching on IP addresses (except for testing). if (m_hostIsIPAddress && m_ipAddressSettings == TreatIPAddressAsIPAddress) return DoesNotMatchOrigin; // Match subdomains. if (origin.host().length() <= m_host.length() || origin.host()[origin.host().length() - m_host.length() - 1] != '.' || !origin.host().endsWith(m_host)) return DoesNotMatchOrigin; if (m_hostIsPublicSuffix) return MatchesOriginButIsPublicSuffix; return MatchesOrigin; }
bool OriginAccessEntry::matchesOrigin(const SecurityOrigin& origin) const { ASSERT(origin.host() == origin.host().convertToASCIILowercase()); ASSERT(origin.protocol() == origin.protocol().convertToASCIILowercase()); if (m_protocol != origin.protocol()) return false; // Special case: Include subdomains and empty host means "all hosts, including ip addresses". if (m_subdomainSettings == AllowSubdomains && m_host.isEmpty()) return true; // Exact match. if (m_host == origin.host()) return true; // Otherwise we can only match if we're matching subdomains. if (m_subdomainSettings == DisallowSubdomains) return false; // Don't try to do subdomain matching on IP addresses. if (m_hostIsIPAddress) return false; // Match subdomains. if (origin.host().length() > m_host.length() && origin.host()[origin.host().length() - m_host.length() - 1] == '.' && origin.host().endsWith(m_host)) return true; return false; }
void UseCounter::countCrossOriginIframe(const Document& document, Feature feature) { Frame* frame = document.frame(); if (!frame) return; // Check to see if the frame can script into the top level document. SecurityOrigin* securityOrigin = frame->securityContext()->securityOrigin(); Frame* top = frame->tree().top(); if (top && !securityOrigin->canAccess(top->securityContext()->securityOrigin())) count(frame, feature); }
void EventSource::connect() { DCHECK_EQ(kConnecting, m_state); DCHECK(!m_loader); DCHECK(getExecutionContext()); ExecutionContext& executionContext = *this->getExecutionContext(); ResourceRequest request(m_currentURL); request.setHTTPMethod(HTTPNames::GET); request.setHTTPHeaderField(HTTPNames::Accept, "text/event-stream"); request.setHTTPHeaderField(HTTPNames::Cache_Control, "no-cache"); request.setRequestContext(WebURLRequest::RequestContextEventSource); request.setExternalRequestStateFromRequestorAddressSpace( executionContext.securityContext().addressSpace()); if (m_parser && !m_parser->lastEventId().isEmpty()) { // HTTP headers are Latin-1 byte strings, but the Last-Event-ID header is // encoded as UTF-8. // TODO(davidben): This should be captured in the type of // setHTTPHeaderField's arguments. CString lastEventIdUtf8 = m_parser->lastEventId().utf8(); request.setHTTPHeaderField( HTTPNames::Last_Event_ID, AtomicString(reinterpret_cast<const LChar*>(lastEventIdUtf8.data()), lastEventIdUtf8.length())); } SecurityOrigin* origin = executionContext.getSecurityOrigin(); ThreadableLoaderOptions options; options.preflightPolicy = PreventPreflight; options.crossOriginRequestPolicy = UseAccessControl; options.contentSecurityPolicyEnforcement = ContentSecurityPolicy::shouldBypassMainWorld(&executionContext) ? DoNotEnforceContentSecurityPolicy : EnforceContentSecurityPolicy; ResourceLoaderOptions resourceLoaderOptions; resourceLoaderOptions.allowCredentials = (origin->canRequestNoSuborigin(m_currentURL) || m_withCredentials) ? AllowStoredCredentials : DoNotAllowStoredCredentials; resourceLoaderOptions.credentialsRequested = m_withCredentials ? ClientRequestedCredentials : ClientDidNotRequestCredentials; resourceLoaderOptions.dataBufferingPolicy = DoNotBufferData; resourceLoaderOptions.securityOrigin = origin; InspectorInstrumentation::willSendEventSourceRequest(&executionContext, this); // InspectorInstrumentation::documentThreadableLoaderStartedLoadingForClient // will be called synchronously. m_loader = ThreadableLoader::create(executionContext, this, options, resourceLoaderOptions); m_loader->start(request); }
void HTMLKeygenElement::appendToFormData(FormData& formData) { // Only RSA is supported at this time. const AtomicString& keyType = fastGetAttribute(keytypeAttr); if (!keyType.isNull() && !equalIgnoringCase(keyType, "rsa")) return; SecurityOrigin* topOrigin = document().frame()->tree().top()->securityContext()->getSecurityOrigin(); String value = Platform::current()->signedPublicKeyAndChallengeString( shadowSelect()->selectedIndex(), fastGetAttribute(challengeAttr), document().baseURL(), KURL(KURL(), topOrigin->toString())); if (!value.isNull()) formData.append(name(), value); }
void WebChromeClient::exceededDatabaseQuota(Frame* frame, const String& databaseName) { WebFrame* webFrame = static_cast<WebFrameLoaderClient*>(frame->loader()->client())->webFrame(); SecurityOrigin* origin = frame->document()->securityOrigin(); DatabaseDetails details = DatabaseTracker::tracker().detailsForNameAndOrigin(databaseName, origin); uint64_t currentQuota = DatabaseTracker::tracker().quotaForOrigin(origin); uint64_t newQuota = 0; WebProcess::shared().connection()->sendSync( Messages::WebPageProxy::ExceededDatabaseQuota(webFrame->frameID(), origin->databaseIdentifier(), databaseName, details.displayName(), currentQuota, details.currentUsage(), details.expectedUsage()), Messages::WebPageProxy::ExceededDatabaseQuota::Reply(newQuota), m_page->pageID()); DatabaseTracker::tracker().setQuota(origin, newQuota); }
static void measureStricterVersionOfIsMixedContent(Frame* frame, const KURL& url) { // We're currently only checking for mixed content in `https://*` contexts. // What about other "secure" contexts the SchemeRegistry knows about? We'll // use this method to measure the occurance of non-webby mixed content to // make sure we're not breaking the world without realizing it. SecurityOrigin* origin = frame->securityContext()->getSecurityOrigin(); if (MixedContentChecker::isMixedContent(origin, url)) { if (origin->protocol() != "https") UseCounter::count(frame, UseCounter::MixedContentInNonHTTPSFrameThatRestrictsMixedContent); } else if (!SecurityOrigin::isSecure(url) && SchemeRegistry::shouldTreatURLSchemeAsSecure(origin->protocol())) { UseCounter::count(frame, UseCounter::MixedContentInSecureFrameThatDoesNotRestrictMixedContent); } }
void WindowProxy::setSecurityToken(SecurityOrigin* origin) { // If two tokens are equal, then the SecurityOrigins canAccess each other. // If two tokens are not equal, then we have to call canAccess. // Note: we can't use the HTTPOrigin if it was set from the DOM. String token; // There are several situations where v8 needs to do a full canAccess check, // so set an empty security token instead: // - document.domain was modified // - the frame is showing the initial empty document // - the frame is remote bool delaySet = m_frame->isRemoteFrame() || (m_world->isMainWorld() && (origin->domainWasSetInDOM() || toLocalFrame(m_frame)->loader().stateMachine()->isDisplayingInitialEmptyDocument())); if (origin && !delaySet) token = origin->toString(); // An empty or "null" token means we always have to call // canAccess. The toString method on securityOrigins returns the // string "null" for empty security origins and for security // origins that should only allow access to themselves. In this // case, we use the global object as the security token to avoid // calling canAccess when a script accesses its own objects. v8::HandleScope handleScope(m_isolate); v8::Local<v8::Context> context = m_scriptState->context(); if (token.isEmpty() || token == "null") { context->UseDefaultSecurityToken(); return; } if (m_world->isPrivateScriptIsolatedWorld()) { token = "private-script://" + token; } else if (m_world->isIsolatedWorld()) { SecurityOrigin* frameSecurityOrigin = m_frame->securityContext()->getSecurityOrigin(); String frameSecurityToken = frameSecurityOrigin->toString(); // We need to check the return value of domainWasSetInDOM() on the // frame's SecurityOrigin because, if that's the case, only // SecurityOrigin::m_domain would have been modified. // m_domain is not used by SecurityOrigin::toString(), so we would end // up generating the same token that was already set. if (frameSecurityOrigin->domainWasSetInDOM() || frameSecurityToken.isEmpty() || frameSecurityToken == "null") { context->UseDefaultSecurityToken(); return; } token = frameSecurityToken + token; } CString utf8Token = token.utf8(); // NOTE: V8 does identity comparison in fast path, must use a symbol // as the security token. context->SetSecurityToken(v8AtomicString(m_isolate, utf8Token.data(), utf8Token.length())); }
void SecurityPolicy::addOriginAccessWhitelistEntry(const SecurityOrigin& sourceOrigin, const String& destinationProtocol, const String& destinationDomain, bool allowDestinationSubdomains) { ASSERT(isMainThread()); ASSERT(!sourceOrigin.isUnique()); if (sourceOrigin.isUnique()) return; String sourceString = sourceOrigin.toString(); pair<OriginAccessMap::iterator, bool> result = originAccessMap().add(sourceString, nullptr); if (result.second) result.first->second = adoptPtr(new OriginAccessWhiteList); OriginAccessWhiteList* list = result.first->second.get(); list->append(OriginAccessEntry(destinationProtocol, destinationDomain, allowDestinationSubdomains ? OriginAccessEntry::AllowSubdomains : OriginAccessEntry::DisallowSubdomains)); }
void SecurityPolicy::addOriginAccessWhitelistEntry(const SecurityOrigin& sourceOrigin, const String& destinationProtocol, const String& destinationDomain, bool allowDestinationSubdomains) { ASSERT(isMainThread()); ASSERT(!sourceOrigin.isUnique()); if (sourceOrigin.isUnique()) return; String sourceString = sourceOrigin.toString(); OriginAccessMap::AddResult result = originAccessMap().add(sourceString, nullptr); if (result.isNewEntry) result.iterator->value = std::make_unique<OriginAccessWhiteList>(); OriginAccessWhiteList* list = result.iterator->value.get(); list->append(OriginAccessEntry(destinationProtocol, destinationDomain, allowDestinationSubdomains ? OriginAccessEntry::AllowSubdomains : OriginAccessEntry::DisallowSubdomains)); }
// source-list = *WSP [ source *( 1*WSP source ) *WSP ] // / *WSP "'none'" *WSP // void CSPSourceList::parse(const UChar* begin, const UChar* end) { const UChar* position = begin; bool isFirstSourceInList = true; while (position < end) { skipWhile<isASCIISpace>(position, end); const UChar* beginSource = position; skipWhile<isSourceCharacter>(position, end); if (isFirstSourceInList && equalIgnoringCase("'none'", beginSource, position - beginSource)) return; // We represent 'none' as an empty m_list. isFirstSourceInList = false; String scheme, host; int port = 0; bool hostHasWildcard = false; bool portHasWildcard = false; if (parseSource(beginSource, position, scheme, host, port, hostHasWildcard, portHasWildcard)) { if (scheme.isEmpty()) scheme = m_origin->protocol(); m_list.append(CSPSource(scheme, host, port, hostHasWildcard, portHasWildcard)); } ASSERT(position == end || isASCIISpace(*position)); } }