Home | History | Annotate | Download | only in dom 
      1 /*
      2  * Copyright (C) 2011 Google Inc. All Rights Reserved.
      3  *
      4  * Redistribution and use in source and binary forms, with or without
      5  * modification, are permitted provided that the following conditions
      6  * are met:
      7  * 1. Redistributions of source code must retain the above copyright
      8  *    notice, this list of conditions and the following disclaimer.
      9  * 2. Redistributions in binary form must reproduce the above copyright
     10  *    notice, this list of conditions and the following disclaimer in the
     11  *    documentation and/or other materials provided with the distribution.
     12  *
     13  * THIS SOFTWARE IS PROVIDED BY GOOGLE, INC. ``AS IS'' AND ANY
     14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
     17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
     18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
     19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
     20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
     21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
     23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     24  *
     25  */
     26 
     27 #include "config.h"
     28 #include "core/dom/SecurityContext.h"
     29 
     30 #include "core/frame/csp/ContentSecurityPolicy.h"
     31 #include "platform/weborigin/SecurityOrigin.h"
     32 
     33 namespace WebCore {
     34 
     35 SecurityContext::SecurityContext()
     36     : m_haveInitializedSecurityOrigin(false)
     37 {
     38 }
     39 
     40 SecurityContext::~SecurityContext()
     41 {
     42 }
     43 
     44 void SecurityContext::setSecurityOrigin(PassRefPtr<SecurityOrigin> securityOrigin)
     45 {
     46     m_securityOrigin = securityOrigin;
     47     m_haveInitializedSecurityOrigin = true;
     48 }
     49 
     50 void SecurityContext::setContentSecurityPolicy(PassRefPtr<ContentSecurityPolicy> contentSecurityPolicy)
     51 {
     52     m_contentSecurityPolicy = contentSecurityPolicy;
     53 }
     54 
     55 bool SecurityContext::isSecureTransitionTo(const KURL& url) const
     56 {
     57     // If we haven't initialized our security origin by now, this is probably
     58     // a new window created via the API (i.e., that lacks an origin and lacks
     59     // a place to inherit the origin from).
     60     if (!haveInitializedSecurityOrigin())
     61         return true;
     62 
     63     RefPtr<SecurityOrigin> other = SecurityOrigin::create(url);
     64     return securityOrigin()->canAccess(other.get());
     65 }
     66 
     67 }
     68