Home | History | Annotate | Download | only in loader 
      1 /*
      2  * Copyright (C) 2008 Apple Inc. All Rights Reserved.
      3  *
      4  * Redistribution and use in source and binary forms, with or without
      5  * modification, are permitted provided that the following conditions
      6  * are met:
      7  * 1. Redistributions of source code must retain the above copyright
      8  *    notice, this list of conditions and the following disclaimer.
      9  * 2. Redistributions in binary form must reproduce the above copyright
     10  *    notice, this list of conditions and the following disclaimer in the
     11  *    documentation and/or other materials provided with the distribution.
     12  *
     13  * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
     14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
     17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
     18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
     19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
     20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
     21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
     23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     24  *
     25  */
     26 
     27 #ifndef CrossOriginAccessControl_h
     28 #define CrossOriginAccessControl_h
     29 
     30 #include "core/loader/ResourceLoaderOptions.h"
     31 #include "core/platform/network/ResourceRequest.h"
     32 #include "wtf/Forward.h"
     33 #include "wtf/HashSet.h"
     34 
     35 namespace WebCore {
     36 
     37 typedef HashSet<String, CaseFoldingHash> HTTPHeaderSet;
     38 
     39 class HTTPHeaderMap;
     40 class ResourceResponse;
     41 class SecurityOrigin;
     42 
     43 enum AccessControlStatus {
     44     NotSharableCrossOrigin,
     45     SharableCrossOrigin
     46 };
     47 
     48 bool isSimpleCrossOriginAccessRequest(const String& method, const HTTPHeaderMap&);
     49 bool isOnAccessControlSimpleRequestMethodWhitelist(const String&);
     50 bool isOnAccessControlSimpleRequestHeaderWhitelist(const String& name, const String& value);
     51 bool isOnAccessControlResponseHeaderWhitelist(const String&);
     52 
     53 void updateRequestForAccessControl(ResourceRequest&, SecurityOrigin*, StoredCredentials);
     54 ResourceRequest createAccessControlPreflightRequest(const ResourceRequest&, SecurityOrigin*);
     55 
     56 bool passesAccessControlCheck(const ResourceResponse&, StoredCredentials, SecurityOrigin*, String& errorDescription);
     57 bool passesPreflightStatusCheck(const ResourceResponse&, String& errorDescription);
     58 void parseAccessControlExposeHeadersAllowList(const String& headerValue, HTTPHeaderSet&);
     59 
     60 } // namespace WebCore
     61 
     62 #endif // CrossOriginAccessControl_h
     63