1/*
2 * Copyright (C) 2008 Apple Inc. All Rights Reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 *    notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 *    notice, this list of conditions and the following disclaimer in the
11 *    documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 *
25 */
26
27#ifndef CrossOriginAccessControl_h
28#define CrossOriginAccessControl_h
29
30#include "ResourceHandleTypes.h"
31#include <wtf/Forward.h>
32#include <wtf/HashSet.h>
33#include <wtf/text/StringHash.h>
34
35namespace WebCore {
36
37typedef HashSet<String, CaseFoldingHash> HTTPHeaderSet;
38
39class HTTPHeaderMap;
40class ResourceRequest;
41class ResourceResponse;
42class SecurityOrigin;
43
44bool isSimpleCrossOriginAccessRequest(const String& method, const HTTPHeaderMap&);
45bool isOnAccessControlSimpleRequestMethodWhitelist(const String&);
46bool isOnAccessControlSimpleRequestHeaderWhitelist(const String& name, const String& value);
47bool isOnAccessControlResponseHeaderWhitelist(const String&);
48
49void updateRequestForAccessControl(ResourceRequest&, SecurityOrigin*, StoredCredentials);
50ResourceRequest createAccessControlPreflightRequest(const ResourceRequest&, SecurityOrigin*);
51
52bool passesAccessControlCheck(const ResourceResponse&, StoredCredentials, SecurityOrigin*, String& errorDescription);
53void parseAccessControlExposeHeadersAllowList(const String& headerValue, HTTPHeaderSet&);
54
55} // namespace WebCore
56
57#endif // CrossOriginAccessControl_h
58