1 /* 2 * Copyright (C) 2011 Google Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of Google, Inc. ("Google") nor the names of 14 * its contributors may be used to endorse or promote products derived 15 * from this software without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY GOOGLE AND ITS CONTRIBUTORS "AS IS" AND ANY 18 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 19 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 20 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY 21 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 22 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 24 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 #ifndef SecurityPolicy_h 30 #define SecurityPolicy_h 31 32 #include "platform/PlatformExport.h" 33 #include "platform/weborigin/ReferrerPolicy.h" 34 #include "wtf/text/WTFString.h" 35 36 namespace WebCore { 37 38 class KURL; 39 class SecurityOrigin; 40 41 class PLATFORM_EXPORT SecurityPolicy { 42 public: 43 // True if the referrer should be omitted according to the 44 // ReferrerPolicyDefault. If you intend to send a referrer header, you 45 // should use generateReferrerHeader instead. 46 static bool shouldHideReferrer(const KURL&, const String& referrer); 47 48 // Returns the referrer modified according to the referrer policy for a 49 // navigation to a given URL. If the referrer returned is empty, the 50 // referrer header should be omitted. 51 static String generateReferrerHeader(ReferrerPolicy, const KURL&, const String& referrer); 52 53 static void addOriginAccessWhitelistEntry(const SecurityOrigin& sourceOrigin, const String& destinationProtocol, const String& destinationDomain, bool allowDestinationSubdomains); 54 static void removeOriginAccessWhitelistEntry(const SecurityOrigin& sourceOrigin, const String& destinationProtocol, const String& destinationDomain, bool allowDestinationSubdomains); 55 static void resetOriginAccessWhitelists(); 56 57 static bool isAccessWhiteListed(const SecurityOrigin* activeOrigin, const SecurityOrigin* targetOrigin); 58 static bool isAccessToURLWhiteListed(const SecurityOrigin* activeOrigin, const KURL&); 59 }; 60 61 } // namespace WebCore 62 63 #endif // SecurityPolicy_h 64