1 // Copyright (c) 2012 Marshall A. Greenblatt. All rights reserved. 2 // 3 // Redistribution and use in source and binary forms, with or without 4 // modification, are permitted provided that the following conditions are 5 // met: 6 // 7 // * Redistributions of source code must retain the above copyright 8 // notice, this list of conditions and the following disclaimer. 9 // * Redistributions in binary form must reproduce the above 10 // copyright notice, this list of conditions and the following disclaimer 11 // in the documentation and/or other materials provided with the 12 // distribution. 13 // * Neither the name of Google Inc. nor the name Chromium Embedded 14 // Framework nor the names of its contributors may be used to endorse 15 // or promote products derived from this software without specific prior 16 // written permission. 17 // 18 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 // 30 // --------------------------------------------------------------------------- 31 // 32 // The contents of this file must follow a specific format in order to 33 // support the CEF translator tool. See the translator.README.txt file in the 34 // tools directory for more information. 35 // 36 37 #ifndef CEF_INCLUDE_CEF_ORIGIN_WHITELIST_H_ 38 #define CEF_INCLUDE_CEF_ORIGIN_WHITELIST_H_ 39 #pragma once 40 41 #include "include/cef_base.h" 42 43 /// 44 // Add an entry to the cross-origin access whitelist. 45 // 46 // The same-origin policy restricts how scripts hosted from different origins 47 // (scheme + domain + port) can communicate. By default, scripts can only access 48 // resources with the same origin. Scripts hosted on the HTTP and HTTPS schemes 49 // (but no other schemes) can use the "Access-Control-Allow-Origin" header to 50 // allow cross-origin requests. For example, https://source.example.com can make 51 // XMLHttpRequest requests on http://target.example.com if the 52 // http://target.example.com request returns an "Access-Control-Allow-Origin: 53 // https://source.example.com" response header. 54 // 55 // Scripts in separate frames or iframes and hosted from the same protocol and 56 // domain suffix can execute cross-origin JavaScript if both pages set the 57 // document.domain value to the same domain suffix. For example, 58 // scheme://foo.example.com and scheme://bar.example.com can communicate using 59 // JavaScript if both domains set document.domain="example.com". 60 // 61 // This method is used to allow access to origins that would otherwise violate 62 // the same-origin policy. Scripts hosted underneath the fully qualified 63 // |source_origin| URL (like http://www.example.com) will be allowed access to 64 // all resources hosted on the specified |target_protocol| and |target_domain|. 65 // If |target_domain| is non-empty and |allow_target_subdomains| if false only 66 // exact domain matches will be allowed. If |target_domain| contains a top- 67 // level domain component (like "example.com") and |allow_target_subdomains| is 68 // true sub-domain matches will be allowed. If |target_domain| is empty and 69 // |allow_target_subdomains| if true all domains and IP addresses will be 70 // allowed. 71 // 72 // This method cannot be used to bypass the restrictions on local or display 73 // isolated schemes. See the comments on CefRegisterCustomScheme for more 74 // information. 75 // 76 // This function may be called on any thread. Returns false if |source_origin| 77 // is invalid or the whitelist cannot be accessed. 78 /// 79 /*--cef(optional_param=target_domain)--*/ 80 bool CefAddCrossOriginWhitelistEntry(const CefString& source_origin, 81 const CefString& target_protocol, 82 const CefString& target_domain, 83 bool allow_target_subdomains); 84 85 /// 86 // Remove an entry from the cross-origin access whitelist. Returns false if 87 // |source_origin| is invalid or the whitelist cannot be accessed. 88 /// 89 /*--cef(optional_param=target_domain)--*/ 90 bool CefRemoveCrossOriginWhitelistEntry(const CefString& source_origin, 91 const CefString& target_protocol, 92 const CefString& target_domain, 93 bool allow_target_subdomains); 94 95 /// 96 // Remove all entries from the cross-origin access whitelist. Returns false if 97 // the whitelist cannot be accessed. 98 /// 99 /*--cef()--*/ 100 bool CefClearCrossOriginWhitelist(); 101 102 #endif // CEF_INCLUDE_CEF_ORIGIN_WHITELIST_H_ 103