Home | History | Annotate | Download | only in weborigin 
      1 /*
      2  * Copyright (C) 2009 Google Inc. All rights reserved.
      3  *
      4  * Redistribution and use in source and binary forms, with or without
      5  * modification, are permitted provided that the following conditions are
      6  * met:
      7  *
      8  *     * Redistributions of source code must retain the above copyright
      9  * notice, this list of conditions and the following disclaimer.
     10  *     * Redistributions in binary form must reproduce the above
     11  * copyright notice, this list of conditions and the following disclaimer
     12  * in the documentation and/or other materials provided with the
     13  * distribution.
     14  *     * Neither the name of Google Inc. nor the names of its
     15  * contributors may be used to endorse or promote products derived from
     16  * this software without specific prior written permission.
     17  *
     18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
     19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
     20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
     21  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
     22  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     23  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
     24  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
     26  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
     28  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     29  */
     30 
     31 #include "config.h"
     32 #include "weborigin/OriginAccessEntry.h"
     33 
     34 #include "weborigin/SecurityOrigin.h"
     35 
     36 namespace WebCore {
     37 
     38 OriginAccessEntry::OriginAccessEntry(const String& protocol, const String& host, SubdomainSetting subdomainSetting)
     39     : m_protocol(protocol.lower())
     40     , m_host(host.lower())
     41     , m_subdomainSettings(subdomainSetting)
     42 {
     43     ASSERT(subdomainSetting == AllowSubdomains || subdomainSetting == DisallowSubdomains);
     44 
     45     // Assume that any host that ends with a digit is trying to be an IP address.
     46     m_hostIsIPAddress = !m_host.isEmpty() && isASCIIDigit(m_host[m_host.length() - 1]);
     47 }
     48 
     49 bool OriginAccessEntry::matchesOrigin(const SecurityOrigin& origin) const
     50 {
     51     ASSERT(origin.host() == origin.host().lower());
     52     ASSERT(origin.protocol() == origin.protocol().lower());
     53 
     54     if (m_protocol != origin.protocol())
     55         return false;
     56 
     57     // Special case: Include subdomains and empty host means "all hosts, including ip addresses".
     58     if (m_subdomainSettings == AllowSubdomains && m_host.isEmpty())
     59         return true;
     60 
     61     // Exact match.
     62     if (m_host == origin.host())
     63         return true;
     64 
     65     // Otherwise we can only match if we're matching subdomains.
     66     if (m_subdomainSettings == DisallowSubdomains)
     67         return false;
     68 
     69     // Don't try to do subdomain matching on IP addresses.
     70     if (m_hostIsIPAddress)
     71         return false;
     72 
     73     // Match subdomains.
     74     if (origin.host().length() > m_host.length() && origin.host()[origin.host().length() - m_host.length() - 1] == '.' && origin.host().endsWith(m_host))
     75         return true;
     76 
     77     return false;
     78 }
     79 
     80 } // namespace WebCore
     81