1 /* 2 * Copyright (C) 2011 Google Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of Google, Inc. ("Google") nor the names of 14 * its contributors may be used to endorse or promote products derived 15 * from this software without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY GOOGLE AND ITS CONTRIBUTORS "AS IS" AND ANY 18 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 19 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 20 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY 21 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 22 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 24 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 #include "config.h" 30 #include "weborigin/SecurityPolicy.h" 31 32 #include <wtf/MainThread.h> 33 #include <wtf/OwnPtr.h> 34 #include <wtf/PassOwnPtr.h> 35 #include <wtf/text/StringHash.h> 36 #include "weborigin/KURL.h" 37 #include "weborigin/OriginAccessEntry.h" 38 #include "weborigin/SecurityOrigin.h" 39 40 namespace WebCore { 41 42 typedef Vector<OriginAccessEntry> OriginAccessWhiteList; 43 typedef HashMap<String, OwnPtr<OriginAccessWhiteList> > OriginAccessMap; 44 45 static OriginAccessMap& originAccessMap() 46 { 47 DEFINE_STATIC_LOCAL(OriginAccessMap, originAccessMap, ()); 48 return originAccessMap; 49 } 50 51 bool SecurityPolicy::shouldHideReferrer(const KURL& url, const String& referrer) 52 { 53 bool referrerIsSecureURL = protocolIs(referrer, "https"); 54 bool referrerIsWebURL = referrerIsSecureURL || protocolIs(referrer, "http"); 55 56 if (!referrerIsWebURL) 57 return true; 58 59 if (!referrerIsSecureURL) 60 return false; 61 62 bool URLIsSecureURL = url.protocolIs("https"); 63 64 return !URLIsSecureURL; 65 } 66 67 String SecurityPolicy::generateReferrerHeader(ReferrerPolicy referrerPolicy, const KURL& url, const String& referrer) 68 { 69 if (referrer.isEmpty()) 70 return String(); 71 72 switch (referrerPolicy) { 73 case ReferrerPolicyNever: 74 return String(); 75 case ReferrerPolicyAlways: 76 return referrer; 77 case ReferrerPolicyOrigin: { 78 String origin = SecurityOrigin::createFromString(referrer)->toString(); 79 if (origin == "null") 80 return String(); 81 // A security origin is not a canonical URL as it lacks a path. Add / 82 // to turn it into a canonical URL we can use as referrer. 83 return origin + "/"; 84 } 85 case ReferrerPolicyDefault: 86 break; 87 } 88 89 return shouldHideReferrer(url, referrer) ? String() : referrer; 90 } 91 92 bool SecurityPolicy::isAccessWhiteListed(const SecurityOrigin* activeOrigin, const SecurityOrigin* targetOrigin) 93 { 94 if (OriginAccessWhiteList* list = originAccessMap().get(activeOrigin->toString())) { 95 for (size_t i = 0; i < list->size(); ++i) { 96 if (list->at(i).matchesOrigin(*targetOrigin)) 97 return true; 98 } 99 } 100 return false; 101 } 102 103 bool SecurityPolicy::isAccessToURLWhiteListed(const SecurityOrigin* activeOrigin, const KURL& url) 104 { 105 RefPtr<SecurityOrigin> targetOrigin = SecurityOrigin::create(url); 106 return isAccessWhiteListed(activeOrigin, targetOrigin.get()); 107 } 108 109 void SecurityPolicy::addOriginAccessWhitelistEntry(const SecurityOrigin& sourceOrigin, const String& destinationProtocol, const String& destinationDomain, bool allowDestinationSubdomains) 110 { 111 ASSERT(isMainThread()); 112 ASSERT(!sourceOrigin.isUnique()); 113 if (sourceOrigin.isUnique()) 114 return; 115 116 String sourceString = sourceOrigin.toString(); 117 OriginAccessMap::AddResult result = originAccessMap().add(sourceString, nullptr); 118 if (result.isNewEntry) 119 result.iterator->value = adoptPtr(new OriginAccessWhiteList); 120 121 OriginAccessWhiteList* list = result.iterator->value.get(); 122 list->append(OriginAccessEntry(destinationProtocol, destinationDomain, allowDestinationSubdomains ? OriginAccessEntry::AllowSubdomains : OriginAccessEntry::DisallowSubdomains)); 123 } 124 125 void SecurityPolicy::removeOriginAccessWhitelistEntry(const SecurityOrigin& sourceOrigin, const String& destinationProtocol, const String& destinationDomain, bool allowDestinationSubdomains) 126 { 127 ASSERT(isMainThread()); 128 ASSERT(!sourceOrigin.isUnique()); 129 if (sourceOrigin.isUnique()) 130 return; 131 132 String sourceString = sourceOrigin.toString(); 133 OriginAccessMap& map = originAccessMap(); 134 OriginAccessMap::iterator it = map.find(sourceString); 135 if (it == map.end()) 136 return; 137 138 OriginAccessWhiteList* list = it->value.get(); 139 size_t index = list->find(OriginAccessEntry(destinationProtocol, destinationDomain, allowDestinationSubdomains ? OriginAccessEntry::AllowSubdomains : OriginAccessEntry::DisallowSubdomains)); 140 if (index == notFound) 141 return; 142 143 list->remove(index); 144 145 if (list->isEmpty()) 146 map.remove(it); 147 } 148 149 void SecurityPolicy::resetOriginAccessWhitelists() 150 { 151 ASSERT(isMainThread()); 152 originAccessMap().clear(); 153 } 154 155 } // namespace WebCore 156