Home | History | Annotate | Download | only in fetch 
      1 /*
      2  * Copyright (C) 2008 Apple Inc. All Rights Reserved.
      3  *
      4  * Redistribution and use in source and binary forms, with or without
      5  * modification, are permitted provided that the following conditions
      6  * are met:
      7  * 1. Redistributions of source code must retain the above copyright
      8  *    notice, this list of conditions and the following disclaimer.
      9  * 2. Redistributions in binary form must reproduce the above copyright
     10  *    notice, this list of conditions and the following disclaimer in the
     11  *    documentation and/or other materials provided with the distribution.
     12  *
     13  * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
     14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
     17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
     18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
     19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
     20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
     21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
     23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     24  *
     25  */
     26 
     27 #ifndef CrossOriginAccessControl_h
     28 #define CrossOriginAccessControl_h
     29 
     30 #include "core/fetch/ResourceLoaderOptions.h"
     31 #include "platform/network/ResourceRequest.h"
     32 #include "wtf/Forward.h"
     33 #include "wtf/HashSet.h"
     34 
     35 namespace WebCore {
     36 
     37 typedef HashSet<String, CaseFoldingHash> HTTPHeaderSet;
     38 
     39 class HTTPHeaderMap;
     40 class Resource;
     41 struct ResourceLoaderOptions;
     42 class ResourceRequest;
     43 class ResourceResponse;
     44 class SecurityOrigin;
     45 
     46 enum AccessControlStatus {
     47     NotSharableCrossOrigin,
     48     SharableCrossOrigin
     49 };
     50 
     51 class CrossOriginAccessControl {
     52 public:
     53     static bool isLegalRedirectLocation(const KURL&, String& errorDescription);
     54     static bool handleRedirect(Resource*, SecurityOrigin*, ResourceRequest&, const ResourceResponse&, ResourceLoaderOptions&, String&);
     55 };
     56 
     57 bool isSimpleCrossOriginAccessRequest(const String& method, const HTTPHeaderMap&);
     58 bool isOnAccessControlSimpleRequestMethodWhitelist(const String&);
     59 bool isOnAccessControlSimpleRequestHeaderWhitelist(const AtomicString& name, const AtomicString& value);
     60 bool isOnAccessControlResponseHeaderWhitelist(const String&);
     61 
     62 void updateRequestForAccessControl(ResourceRequest&, SecurityOrigin*, StoredCredentials);
     63 ResourceRequest createAccessControlPreflightRequest(const ResourceRequest&, SecurityOrigin*);
     64 
     65 bool passesAccessControlCheck(const ResourceResponse&, StoredCredentials, SecurityOrigin*, String& errorDescription);
     66 bool passesPreflightStatusCheck(const ResourceResponse&, String& errorDescription);
     67 void parseAccessControlExposeHeadersAllowList(const String& headerValue, HTTPHeaderSet&);
     68 
     69 } // namespace WebCore
     70 
     71 #endif // CrossOriginAccessControl_h
     72