1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "config.h" 6 #include "core/frame/csp/CSPSource.h" 7 8 #include "core/frame/csp/ContentSecurityPolicy.h" 9 #include "platform/weborigin/KURL.h" 10 #include "platform/weborigin/KnownPorts.h" 11 #include "platform/weborigin/SecurityOrigin.h" 12 #include "wtf/text/WTFString.h" 13 14 namespace WebCore { 15 16 CSPSource::CSPSource(ContentSecurityPolicy* policy, const String& scheme, const String& host, int port, const String& path, bool hostHasWildcard, bool portHasWildcard) 17 : m_policy(policy) 18 , m_scheme(scheme) 19 , m_host(host) 20 , m_port(port) 21 , m_path(path) 22 , m_hostHasWildcard(hostHasWildcard) 23 , m_portHasWildcard(portHasWildcard) 24 { 25 } 26 27 bool CSPSource::matches(const KURL& url) const 28 { 29 if (!schemeMatches(url)) 30 return false; 31 if (isSchemeOnly()) 32 return true; 33 return hostMatches(url) && portMatches(url) && pathMatches(url); 34 } 35 36 bool CSPSource::schemeMatches(const KURL& url) const 37 { 38 if (m_scheme.isEmpty()) { 39 String protectedResourceScheme(m_policy->securityOrigin()->protocol()); 40 if (equalIgnoringCase("http", protectedResourceScheme)) 41 return url.protocolIs("http") || url.protocolIs("https"); 42 return equalIgnoringCase(url.protocol(), protectedResourceScheme); 43 } 44 return equalIgnoringCase(url.protocol(), m_scheme); 45 } 46 47 bool CSPSource::hostMatches(const KURL& url) const 48 { 49 const String& host = url.host(); 50 if (equalIgnoringCase(host, m_host)) 51 return true; 52 return m_hostHasWildcard && host.endsWith("." + m_host, false); 53 54 } 55 56 bool CSPSource::pathMatches(const KURL& url) const 57 { 58 if (m_path.isEmpty()) 59 return true; 60 61 String path = decodeURLEscapeSequences(url.path()); 62 63 if (m_path.endsWith("/")) 64 return path.startsWith(m_path, false); 65 66 return path == m_path; 67 } 68 69 bool CSPSource::portMatches(const KURL& url) const 70 { 71 if (m_portHasWildcard) 72 return true; 73 74 int port = url.port(); 75 76 if (port == m_port) 77 return true; 78 79 if (!port) 80 return isDefaultPortForProtocol(m_port, url.protocol()); 81 82 if (!m_port) 83 return isDefaultPortForProtocol(port, url.protocol()); 84 85 return false; 86 } 87 88 bool CSPSource::isSchemeOnly() const 89 { 90 return m_host.isEmpty(); 91 } 92 93 } // namespace 94