• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2007,2008 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  *
8  * 1.  Redistributions of source code must retain the above copyright
9  *     notice, this list of conditions and the following disclaimer.
10  * 2.  Redistributions in binary form must reproduce the above copyright
11  *     notice, this list of conditions and the following disclaimer in the
12  *     documentation and/or other materials provided with the distribution.
13  * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
14  *     its contributors may be used to endorse or promote products derived
15  *     from this software without specific prior written permission.
16  *
17  * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
18  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
19  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
20  * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
21  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
22  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
23  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
24  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27  */
28 
29 #ifndef SecurityOrigin_h
30 #define SecurityOrigin_h
31 
32 #include <wtf/RefCounted.h>
33 #include <wtf/PassRefPtr.h>
34 #include <wtf/Threading.h>
35 
36 #include "PlatformString.h"
37 
38 namespace WebCore {
39 
40     class KURL;
41 
42     class SecurityOrigin : public ThreadSafeShared<SecurityOrigin> {
43     public:
44         static PassRefPtr<SecurityOrigin> createFromDatabaseIdentifier(const String&);
45         static PassRefPtr<SecurityOrigin> createFromString(const String&);
46         static PassRefPtr<SecurityOrigin> create(const KURL&);
47         static PassRefPtr<SecurityOrigin> createEmpty();
48 
49         // Create a deep copy of this SecurityOrigin.  This method is useful
50         // when marshalling a SecurityOrigin to another thread.
51         PassRefPtr<SecurityOrigin> copy();
52 
53         // Set the domain property of this security origin to newDomain.  This
54         // function does not check whether newDomain is a suffix of the current
55         // domain.  The caller is responsible for validating newDomain.
56         void setDomainFromDOM(const String& newDomain);
domainWasSetInDOM()57         bool domainWasSetInDOM() const { return m_domainWasSetInDOM; }
58 
protocol()59         String protocol() const { return m_protocol; }
host()60         String host() const { return m_host; }
domain()61         String domain() const { return m_domain; }
port()62         unsigned short port() const { return m_port; }
63 
64         // Returns true if this SecurityOrigin can script objects in the given
65         // SecurityOrigin.  For example, call this function before allowing
66         // script from one security origin to read or write objects from
67         // another SecurityOrigin.
68         bool canAccess(const SecurityOrigin*) const;
69 
70         // Returns true if this SecurityOrigin can read content retrieved from
71         // the given URL.  For example, call this function before issuing
72         // XMLHttpRequests.
73         bool canRequest(const KURL&) const;
74 
75         // Returns true if this SecurityOrigin can load local resources, such
76         // as images, iframes, and style sheets, and can link to local URLs.
77         // For example, call this function before creating an iframe to a
78         // file:// URL.
79         //
80         // Note: A SecurityOrigin might be allowed to load local resources
81         //       without being able to issue an XMLHttpRequest for a local URL.
82         //       To determine whether the SecurityOrigin can issue an
83         //       XMLHttpRequest for a URL, call canRequest(url).
canLoadLocalResources()84         bool canLoadLocalResources() const { return m_canLoadLocalResources; }
85 
86         // Explicitly grant the ability to load local resources to this
87         // SecurityOrigin.
88         //
89         // Note: This method exists only to support backwards compatibility
90         //       with older versions of WebKit.
91         void grantLoadLocalResources();
92 
93         // Explicitly grant the ability to access very other SecurityOrigin.
94         //
95         // WARNING: This is an extremely powerful ability.  Use with caution!
96         void grantUniversalAccess();
97 
98         bool isSecureTransitionTo(const KURL&) const;
99 
100         // The local SecurityOrigin is the most privileged SecurityOrigin.
101         // The local SecurityOrigin can script any document, navigate to local
102         // resources, and can set arbitrary headers on XMLHttpRequests.
103         bool isLocal() const;
104 
105         // The empty SecurityOrigin is the least privileged SecurityOrigin.
106         bool isEmpty() const;
107 
108         // Convert this SecurityOrigin into a string.  The string
109         // representation of a SecurityOrigin is similar to a URL, except it
110         // lacks a path component.  The string representation does not encode
111         // the value of the SecurityOrigin's domain property.  The empty
112         // SecurityOrigin is represented with the string "null".
113         String toString() const;
114 
115         // Serialize the security origin for storage in the database. This format is
116         // deprecated and should be used only for compatibility with old databases;
117         // use toString() and createFromString() instead.
118         String databaseIdentifier() const;
119 
120         // This method checks for equality between SecurityOrigins, not whether
121         // one origin can access another.  It is used for hash table keys.
122         // For access checks, use canAccess().
123         // FIXME: If this method is really only useful for hash table keys, it
124         // should be refactored into SecurityOriginHash.
125         bool equal(const SecurityOrigin*) const;
126 
127         // This method checks for equality, ignoring the value of document.domain
128         // (and whether it was set) but considering the host. It is used for postMessage.
129         bool isSameSchemeHostPort(const SecurityOrigin*) const;
130 
131         static void registerURLSchemeAsLocal(const String&);
132         static bool shouldTreatURLAsLocal(const String&);
133         static bool shouldTreatURLSchemeAsLocal(const String&);
134 
135         static void registerURLSchemeAsNoAccess(const String&);
136         static bool shouldTreatURLSchemeAsNoAccess(const String&);
137 
138     private:
139         explicit SecurityOrigin(const KURL&);
140         explicit SecurityOrigin(const SecurityOrigin*);
141 
142         String m_protocol;
143         String m_host;
144         String m_domain;
145         unsigned short m_port;
146         bool m_noAccess;
147         bool m_universalAccess;
148         bool m_domainWasSetInDOM;
149         bool m_canLoadLocalResources;
150     };
151 
152 } // namespace WebCore
153 
154 #endif // SecurityOrigin_h
155