// Copyright 2019 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "services/network/public/cpp/cross_origin_resource_policy.h" #include <string> #include "net/base/registry_controlled_domains/registry_controlled_domain.h" #include "net/http/http_response_headers.h" #include "services/network/public/cpp/cross_origin_embedder_policy.h" #include "services/network/public/cpp/document_isolation_policy.h" #include "services/network/public/cpp/initiator_lock_compatibility.h" #include "services/network/public/cpp/url_loader_completion_status.h" #include "services/network/public/mojom/cross_origin_embedder_policy.mojom.h" #include "services/network/public/mojom/document_isolation_policy.mojom-forward.h" #include "services/network/public/mojom/url_response_head.mojom.h" #include "url/gurl.h" #include "url/origin.h" #include "url/url_constants.h" namespace network { namespace { // https://fetch.spec.whatwg.org/#cross-origin-resource-policy-header says: // > ABNF: // > Cross-Origin-Resource-Policy = %s"same-origin" / %s"same-site" // > ; case-sensitive // // https://tools.ietf.org/html/rfc7405 says: // > The following prefixes are allowed: // > %s = case-sensitive // > %i = case-insensitive CrossOriginResourcePolicy::ParsedHeader ParseHeaderByString( std::optional<std::string> header_value) { … } CrossOriginResourcePolicy::ParsedHeader ParseHeaderByHttpResponseHeaders( const net::HttpResponseHeaders* headers) { … } std::string GetDomain(const url::Origin& origin) { … } bool ShouldAllowSameSite(const url::Origin& initiator, const url::Origin& target_origin) { … } std::optional<mojom::BlockedByResponseReason> IsBlockedInternal( CrossOriginResourcePolicy::ParsedHeader policy, const GURL& request_url, const std::optional<url::Origin>& request_initiator, mojom::RequestMode request_mode, bool request_include_credentials, mojom::CrossOriginEmbedderPolicyValue embedder_policy, mojom::DocumentIsolationPolicyValue document_isolation_policy) { … } std::optional<mojom::BlockedByResponseReason> IsBlockedInternalWithReporting( CrossOriginResourcePolicy::ParsedHeader policy, const GURL& request_url, const GURL& original_url, const std::optional<url::Origin>& request_initiator, mojom::RequestMode request_mode, mojom::RequestDestination request_destination, bool request_include_credentials, const CrossOriginEmbedderPolicy& embedder_policy, mojom::CrossOriginEmbedderPolicyReporter* reporter, const DocumentIsolationPolicy& document_isolation_policy) { … } } // namespace // static const char CrossOriginResourcePolicy::kHeaderName[] = …; // static std::optional<mojom::BlockedByResponseReason> CrossOriginResourcePolicy::IsBlocked( const GURL& request_url, const GURL& original_url, const std::optional<url::Origin>& request_initiator, const network::mojom::URLResponseHead& response, mojom::RequestMode request_mode, mojom::RequestDestination request_destination, const CrossOriginEmbedderPolicy& embedder_policy, mojom::CrossOriginEmbedderPolicyReporter* reporter, const DocumentIsolationPolicy& document_isolation_policy) { … } // static std::optional<mojom::BlockedByResponseReason> CrossOriginResourcePolicy::IsBlockedByHeaderValue( const GURL& request_url, const GURL& original_url, const std::optional<url::Origin>& request_initiator, std::optional<std::string> corp_header_value, mojom::RequestMode request_mode, mojom::RequestDestination request_destination, bool request_include_credentials, const CrossOriginEmbedderPolicy& embedder_policy, mojom::CrossOriginEmbedderPolicyReporter* reporter, const DocumentIsolationPolicy& document_isolation_policy) { … } // static std::optional<mojom::BlockedByResponseReason> CrossOriginResourcePolicy::IsNavigationBlocked( const GURL& request_url, const GURL& original_url, const std::optional<url::Origin>& request_initiator, const network::mojom::URLResponseHead& response, mojom::RequestDestination request_destination, const CrossOriginEmbedderPolicy& embedder_policy, mojom::CrossOriginEmbedderPolicyReporter* reporter) { … } // static CrossOriginResourcePolicy::ParsedHeader CrossOriginResourcePolicy::ParseHeaderForTesting( const net::HttpResponseHeaders* headers) { … } // static bool CrossOriginResourcePolicy::ShouldAllowSameSiteForTesting( const url::Origin& initiator, const url::Origin& target_origin) { … } } // namespace network
Codebase Browser
chromium