Home | History | Annotate | Download | only in page 
      1 /*
      2  * Copyright (C) 2009 Google Inc. All rights reserved.
      3  *
      4  * Redistribution and use in source and binary forms, with or without
      5  * modification, are permitted provided that the following conditions are
      6  * met:
      7  *
      8  *     * Redistributions of source code must retain the above copyright
      9  * notice, this list of conditions and the following disclaimer.
     10  *     * Redistributions in binary form must reproduce the above
     11  * copyright notice, this list of conditions and the following disclaimer
     12  * in the documentation and/or other materials provided with the
     13  * distribution.
     14  *     * Neither the name of Google Inc. nor the names of its
     15  * contributors may be used to endorse or promote products derived from
     16  * this software without specific prior written permission.
     17  *
     18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
     19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
     20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
     21  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
     22  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     23  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
     24  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
     26  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
     28  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     29  */
     30 
     31 #include "config.h"
     32 #include "OriginAccessEntry.h"
     33 
     34 #include "SecurityOrigin.h"
     35 
     36 namespace WebCore {
     37 
     38 OriginAccessEntry::OriginAccessEntry(const String& protocol, const String& host, SubdomainSetting subdomainSetting)
     39     : m_protocol(protocol.lower())
     40     , m_host(host.lower())
     41     , m_subdomainSettings(subdomainSetting)
     42 {
     43     ASSERT(m_protocol == "http" || m_protocol == "https");
     44     ASSERT(subdomainSetting == AllowSubdomains || subdomainSetting == DisallowSubdomains);
     45 
     46     // Assume that any host that ends with a digit is trying to be an IP address.
     47     m_hostIsIPAddress = !m_host.isEmpty() && isASCIIDigit(m_host[m_host.length() - 1]);
     48 }
     49 
     50 bool OriginAccessEntry::matchesOrigin(const SecurityOrigin& origin) const
     51 {
     52     ASSERT(origin.host() == origin.host().lower());
     53     ASSERT(origin.protocol() == origin.protocol().lower());
     54 
     55     if (m_protocol != origin.protocol())
     56         return false;
     57 
     58     // Special case: Include subdomains and empty host means "all hosts, including ip addresses".
     59     if (m_subdomainSettings == AllowSubdomains && m_host.isEmpty())
     60         return true;
     61 
     62     // Exact match.
     63     if (m_host == origin.host())
     64         return true;
     65 
     66     // Otherwise we can only match if we're matching subdomains.
     67     if (m_subdomainSettings == DisallowSubdomains)
     68         return false;
     69 
     70     // Don't try to do subdomain matching on IP addresses.
     71     if (m_hostIsIPAddress)
     72         return false;
     73 
     74     // Match subdomains.
     75     if (origin.host().length() > m_host.length() && origin.host()[origin.host().length() - m_host.length() - 1] == '.' && origin.host().endsWith(m_host))
     76         return true;
     77 
     78     return false;
     79 }
     80 
     81 } // namespace WebCore
     82