/* * Copyright (C) 2011 Google Inc. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Google, Inc. ("Google") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY GOOGLE AND ITS CONTRIBUTORS "AS IS" AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #ifdef UNSAFE_BUFFERS_BUILD // TODO(crbug.com/351564777): Remove this and convert code to safer constructs. #pragma allow_unsafe_buffers #endif #include "third_party/blink/renderer/platform/weborigin/security_policy.h" #include <memory> #include "base/command_line.h" #include "base/no_destructor.h" #include "base/strings/pattern.h" #include "base/strings/string_split.h" #include "base/synchronization/lock.h" #include "build/build_config.h" #include "services/network/public/cpp/cors/origin_access_list.h" #include "services/network/public/mojom/referrer_policy.mojom-blink.h" #include "third_party/blink/public/common/loader/referrer_utils.h" #include "third_party/blink/public/common/switches.h" #include "third_party/blink/public/platform/web_string.h" #include "third_party/blink/renderer/platform/weborigin/kurl.h" #include "third_party/blink/renderer/platform/weborigin/scheme_registry.h" #include "third_party/blink/renderer/platform/weborigin/security_origin.h" #include "third_party/blink/renderer/platform/wtf/hash_set.h" #include "third_party/blink/renderer/platform/wtf/std_lib_extras.h" #include "third_party/blink/renderer/platform/wtf/text/parsing_utilities.h" #include "third_party/blink/renderer/platform/wtf/text/string_utf8_adaptor.h" #include "third_party/blink/renderer/platform/wtf/threading.h" #include "third_party/blink/renderer/platform/wtf/wtf.h" #include "url/gurl.h" namespace blink { static base::Lock& GetLock() { … } static network::cors::OriginAccessList& GetOriginAccessList() { … } bool SecurityPolicy::ShouldHideReferrer(const KURL& url, const KURL& referrer) { … } Referrer SecurityPolicy::GenerateReferrer( network::mojom::ReferrerPolicy referrer_policy, const KURL& url, const String& referrer) { … } bool SecurityPolicy::IsOriginAccessAllowed( const SecurityOrigin* active_origin, const SecurityOrigin* target_origin) { … } bool SecurityPolicy::IsOriginAccessToURLAllowed( const SecurityOrigin* active_origin, const KURL& url) { … } void SecurityPolicy::AddOriginAccessAllowListEntry( const SecurityOrigin& source_origin, const String& destination_protocol, const String& destination_domain, const uint16_t port, const network::mojom::CorsDomainMatchMode domain_match_mode, const network::mojom::CorsPortMatchMode port_match_mode, const network::mojom::CorsOriginAccessMatchPriority priority) { … } void SecurityPolicy::AddOriginAccessBlockListEntry( const SecurityOrigin& source_origin, const String& destination_protocol, const String& destination_domain, const uint16_t port, const network::mojom::CorsDomainMatchMode domain_match_mode, const network::mojom::CorsPortMatchMode port_match_mode, const network::mojom::CorsOriginAccessMatchPriority priority) { … } void SecurityPolicy::ClearOriginAccessListForOrigin( const SecurityOrigin& source_origin) { … } void SecurityPolicy::ClearOriginAccessList() { … } bool SecurityPolicy::ReferrerPolicyFromString( const String& policy, ReferrerPolicyLegacyKeywordsSupport legacy_keywords_support, network::mojom::ReferrerPolicy* result) { … } String SecurityPolicy::ReferrerPolicyAsString( network::mojom::ReferrerPolicy policy) { … } namespace { template <typename CharType> inline bool IsASCIIAlphaOrHyphen(CharType c) { … } } // namespace bool SecurityPolicy::ReferrerPolicyFromHeaderValue( const String& header_value, ReferrerPolicyLegacyKeywordsSupport legacy_keywords_support, network::mojom::ReferrerPolicy* result) { … } #if BUILDFLAG(IS_FUCHSIA) namespace { std::vector<url::Origin> GetSharedArrayBufferOrigins() { std::string switch_value = base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII( switches::kSharedArrayBufferAllowedOrigins); std::vector<std::string> list = SplitString(switch_value, ",", base::WhitespaceHandling::TRIM_WHITESPACE, base::SplitResult::SPLIT_WANT_NONEMPTY); std::vector<url::Origin> result; for (auto& origin : list) { GURL url(origin); if (!url.is_valid() || url.scheme() != url::kHttpsScheme) { LOG(FATAL) << "Invalid --" << switches::kSharedArrayBufferAllowedOrigins << " specified: " << switch_value; } result.push_back(url::Origin::Create(url)); } return result; } } // namespace #endif // BUILDFLAG(IS_FUCHSIA) // static bool SecurityPolicy::IsSharedArrayBufferAlwaysAllowedForOrigin( const SecurityOrigin* security_origin) { … } } // namespace blink
Codebase Browser
chromium