• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2010 Google Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions are
6  * met:
7  *
8  *     * Redistributions of source code must retain the above copyright
9  * notice, this list of conditions and the following disclaimer.
10  *     * Redistributions in binary form must reproduce the above
11  * copyright notice, this list of conditions and the following disclaimer
12  * in the documentation and/or other materials provided with the
13  * distribution.
14  *     * Neither the name of Google Inc. nor the names of its
15  * contributors may be used to endorse or promote products derived from
16  * this software without specific prior written permission.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29  */
30 
31 #ifndef WebSecurityOrigin_h
32 #define WebSecurityOrigin_h
33 
34 #include "../platform/WebCommon.h"
35 
36 #if BLINK_IMPLEMENTATION
37 namespace WTF { template <typename T> class PassRefPtr; }
38 #endif
39 
40 namespace blink {
41 
42 class SecurityOrigin;
43 class WebSecurityOriginPrivate;
44 class WebString;
45 class WebURL;
46 
47 class WebSecurityOrigin {
48 public:
~WebSecurityOrigin()49     ~WebSecurityOrigin() { reset(); }
50 
WebSecurityOrigin()51     WebSecurityOrigin() : m_private(0) { }
WebSecurityOrigin(const WebSecurityOrigin & s)52     WebSecurityOrigin(const WebSecurityOrigin& s) : m_private(0) { assign(s); }
53     WebSecurityOrigin& operator=(const WebSecurityOrigin& s)
54     {
55         assign(s);
56         return *this;
57     }
58 
59     BLINK_EXPORT static WebSecurityOrigin createFromDatabaseIdentifier(const WebString& databaseIdentifier);
60     BLINK_EXPORT static WebSecurityOrigin createFromString(const WebString&);
61     BLINK_EXPORT static WebSecurityOrigin create(const WebURL&);
62 
63     BLINK_EXPORT void reset();
64     BLINK_EXPORT void assign(const WebSecurityOrigin&);
65 
isNull()66     bool isNull() const { return !m_private; }
67 
68     BLINK_EXPORT WebString protocol() const;
69     BLINK_EXPORT WebString host() const;
70     BLINK_EXPORT unsigned short port() const;
71 
72     // A unique WebSecurityOrigin is the least privileged WebSecurityOrigin.
73     BLINK_EXPORT bool isUnique() const;
74 
75     // Returns true if this WebSecurityOrigin can script objects in the given
76     // SecurityOrigin. For example, call this function before allowing
77     // script from one security origin to read or write objects from
78     // another SecurityOrigin.
79     BLINK_EXPORT bool canAccess(const WebSecurityOrigin&) const;
80 
81     // Returns true if this WebSecurityOrigin can read content retrieved from
82     // the given URL. For example, call this function before allowing script
83     // from a given security origin to receive contents from a given URL.
84     BLINK_EXPORT bool canRequest(const WebURL&) const;
85 
86     // A "secure origin" as defined by [1] are those that load resources either
87     // from the local machine (necessarily trusted) or over the network from a
88     // cryptographically-authenticated server.
89     //
90     // [1] http://www.chromium.org/Home/chromium-security/security-faq#TOC-Which-origins-are-secure-
91     BLINK_EXPORT bool canAccessFeatureRequiringSecureOrigin(WebString& errorMessage) const;
92 
93     // Returns a string representation of the WebSecurityOrigin.  The empty
94     // WebSecurityOrigin is represented by "null".  The representation of a
95     // non-empty WebSecurityOrigin resembles a standard URL.
96     BLINK_EXPORT WebString toString() const;
97 
98     // Returns a string representation of this WebSecurityOrigin that can
99     // be used as a file.  Should be used in storage APIs only.
100     BLINK_EXPORT WebString databaseIdentifier() const;
101 
102     // Returns true if this WebSecurityOrigin can access usernames and
103     // passwords stored in password manager.
104     BLINK_EXPORT bool canAccessPasswordManager() const;
105 
106     // Allows this WebSecurityOrigin access to local resources.
107     BLINK_EXPORT void grantLoadLocalResources() const;
108 
109 #if BLINK_IMPLEMENTATION
110     WebSecurityOrigin(const WTF::PassRefPtr<SecurityOrigin>&);
111     WebSecurityOrigin& operator=(const WTF::PassRefPtr<SecurityOrigin>&);
112     operator WTF::PassRefPtr<SecurityOrigin>() const;
113     SecurityOrigin* get() const;
114 #endif
115 
116 private:
117     void assign(WebSecurityOriginPrivate*);
118     WebSecurityOriginPrivate* m_private;
119 };
120 
121 } // namespace blink
122 
123 #endif
124