frame/csp/CSPSource.cpp

// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "config.h"
#include "core/frame/csp/CSPSource.h"

#include "core/frame/csp/ContentSecurityPolicy.h"
#include "platform/weborigin/KURL.h"
#include "platform/weborigin/KnownPorts.h"
#include "platform/weborigin/SecurityOrigin.h"
#include "wtf/text/WTFString.h"

namespace WebCore {

CSPSource::CSPSource(ContentSecurityPolicy* policy, const String& scheme, const String& host, int port, const String& path, bool hostHasWildcard, bool portHasWildcard)
    : m_policy(policy)
    , m_scheme(scheme)
    , m_host(host)
    , m_port(port)
    , m_path(path)
    , m_hostHasWildcard(hostHasWildcard)
    , m_portHasWildcard(portHasWildcard)
{
}

bool CSPSource::matches(const KURL& url) const
{
    if (!schemeMatches(url))
        return false;
    if (isSchemeOnly())
        return true;
    return hostMatches(url) && portMatches(url) && pathMatches(url);
}

bool CSPSource::schemeMatches(const KURL& url) const
{
    if (m_scheme.isEmpty()) {
        String protectedResourceScheme(m_policy->securityOrigin()->protocol());
        if (equalIgnoringCase("http", protectedResourceScheme))
            return url.protocolIs("http") || url.protocolIs("https");
        return equalIgnoringCase(url.protocol(), protectedResourceScheme);
    }
    return equalIgnoringCase(url.protocol(), m_scheme);
}

bool CSPSource::hostMatches(const KURL& url) const
{
    const String& host = url.host();
    if (equalIgnoringCase(host, m_host))
        return true;
    return m_hostHasWildcard && host.endsWith("." + m_host, false);

}

bool CSPSource::pathMatches(const KURL& url) const
{
    if (m_path.isEmpty())
        return true;

    String path = decodeURLEscapeSequences(url.path());

    if (m_path.endsWith("/"))
        return path.startsWith(m_path, false);

    return path == m_path;
}

bool CSPSource::portMatches(const KURL& url) const
{
    if (m_portHasWildcard)
        return true;

    int port = url.port();

    if (port == m_port)
        return true;

    if (!port)
        return isDefaultPortForProtocol(m_port, url.protocol());

    if (!m_port)
        return isDefaultPortForProtocol(port, url.protocol());

    return false;
}

bool CSPSource::isSchemeOnly() const
{
    return m_host.isEmpty();
}

} // namespace