static bool shouldTreatAsUniqueOrigin(const KURL& url)
{
if (!url.isValid())
return true;
// FIXME: Do we need to unwrap the URL further?
KURL innerURL = shouldUseInnerURL(url) ? extractInnerURL(url) : url;
// FIXME: Check whether innerURL is valid.
// For edge case URLs that were probably misparsed, make sure that the origin is unique.
// FIXME: Do we really need to do this? This looks to be a hack around a
// security bug in CFNetwork that might have been fixed.
if (schemeRequiresAuthority(innerURL) && innerURL.host().isEmpty())
return true;
// SchemeRegistry needs a lower case protocol because it uses HashMaps
// that assume the scheme has already been canonicalized.
String protocol = innerURL.protocol().lower();
if (SchemeRegistry::shouldTreatURLSchemeAsNoAccess(protocol))
return true;
// This is the common case.
return false;
}
PassRefPtr<SecurityOrigin> SecurityOrigin::create(const URL& url)
{
RefPtr<SecurityOrigin> cachedOrigin = getCachedOrigin(url);
if (cachedOrigin.get())
return cachedOrigin;
if (shouldTreatAsUniqueOrigin(url)) {
RefPtr<SecurityOrigin> origin = adoptRef(new SecurityOrigin());
if (url.protocolIs("file")) {
// Unfortunately, we can't represent all unique origins exactly
// the same way because we need to produce a quirky database
// identifier for file URLs due to persistent storage in some
// embedders of WebKit.
origin->m_needsDatabaseIdentifierQuirkForFiles = true;
}
return origin.release();
}
if (shouldUseInnerURL(url))
return adoptRef(new SecurityOrigin(extractInnerURL(url)));
return adoptRef(new SecurityOrigin(url));
}
bool SecurityOrigin::isSecure(const KURL& url)
{
if (SchemeRegistry::shouldTreatURLSchemeAsSecure(url.protocol()))
return true;
// URLs that wrap inner URLs are secure if those inner URLs are secure.
if (shouldUseInnerURL(url) && SchemeRegistry::shouldTreatURLSchemeAsSecure(extractInnerURL(url).protocol()))
return true;
return false;
}
bool SecurityOrigin::isSecure(const KURL& url)
{
// Invalid URLs are secure, as are URLs which have a secure protocol.
if (!url.isValid() || SchemeRegistry::shouldTreatURLSchemeAsSecure(url.protocol()))
return true;
// URLs that wrap inner URLs are secure if those inner URLs are secure.
if (shouldUseInnerURL(url) && SchemeRegistry::shouldTreatURLSchemeAsSecure(extractInnerURL(url).protocol()))
return true;
return false;
}
Ref<SecurityOrigin> SecurityOrigin::create(const URL& url)
{
if (RefPtr<SecurityOrigin> cachedOrigin = getCachedOrigin(url))
return cachedOrigin.releaseNonNull();
if (shouldTreatAsUniqueOrigin(url))
return adoptRef(*new SecurityOrigin);
if (shouldUseInnerURL(url))
return adoptRef(*new SecurityOrigin(extractInnerURL(url)));
return adoptRef(*new SecurityOrigin(url));
}
bool SecurityOrigin::isSecure(const KURL& url)
{
if (SchemeRegistry::shouldTreatURLSchemeAsSecure(url.protocol()))
return true;
// URLs that wrap inner URLs are secure if those inner URLs are secure.
if (shouldUseInnerURL(url) && SchemeRegistry::shouldTreatURLSchemeAsSecure(extractInnerURL(url).protocol()))
return true;
if (SecurityPolicy::isOriginWhiteListedTrustworthy(*SecurityOrigin::create(url).get()))
return true;
return false;
}
