Home | History | Annotate | Download | only in weborigin 
      1 /*
      2  * Copyright (C) 2011 Google Inc. All rights reserved.
      3  *
      4  * Redistribution and use in source and binary forms, with or without
      5  * modification, are permitted provided that the following conditions
      6  * are met:
      7  *
      8  * 1.  Redistributions of source code must retain the above copyright
      9  *     notice, this list of conditions and the following disclaimer.
     10  * 2.  Redistributions in binary form must reproduce the above copyright
     11  *     notice, this list of conditions and the following disclaimer in the
     12  *     documentation and/or other materials provided with the distribution.
     13  * 3.  Neither the name of Google, Inc. ("Google") nor the names of
     14  *     its contributors may be used to endorse or promote products derived
     15  *     from this software without specific prior written permission.
     16  *
     17  * THIS SOFTWARE IS PROVIDED BY GOOGLE AND ITS CONTRIBUTORS "AS IS" AND ANY
     18  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
     19  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
     20  * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
     21  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
     22  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
     23  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
     24  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     25  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
     26  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     27  */
     28 
     29 #ifndef SecurityPolicy_h
     30 #define SecurityPolicy_h
     31 
     32 #include "weborigin/ReferrerPolicy.h"
     33 #include "weborigin/WebOriginExport.h"
     34 #include "wtf/text/WTFString.h"
     35 
     36 namespace WebCore {
     37 
     38 class KURL;
     39 class SecurityOrigin;
     40 
     41 class WEBORIGIN_EXPORT SecurityPolicy {
     42 public:
     43     // True if the referrer should be omitted according to the
     44     // ReferrerPolicyDefault. If you intend to send a referrer header, you
     45     // should use generateReferrerHeader instead.
     46     static bool shouldHideReferrer(const KURL&, const String& referrer);
     47 
     48     // Returns the referrer modified according to the referrer policy for a
     49     // navigation to a given URL. If the referrer returned is empty, the
     50     // referrer header should be omitted.
     51     static String generateReferrerHeader(ReferrerPolicy, const KURL&, const String& referrer);
     52 
     53     static void addOriginAccessWhitelistEntry(const SecurityOrigin& sourceOrigin, const String& destinationProtocol, const String& destinationDomain, bool allowDestinationSubdomains);
     54     static void removeOriginAccessWhitelistEntry(const SecurityOrigin& sourceOrigin, const String& destinationProtocol, const String& destinationDomain, bool allowDestinationSubdomains);
     55     static void resetOriginAccessWhitelists();
     56 
     57     static bool isAccessWhiteListed(const SecurityOrigin* activeOrigin, const SecurityOrigin* targetOrigin);
     58     static bool isAccessToURLWhiteListed(const SecurityOrigin* activeOrigin, const KURL&);
     59 };
     60 
     61 } // namespace WebCore
     62 
     63 #endif // SecurityPolicy_h
     64