1/* 2 * Copyright (C) 2011 Google Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of Google, Inc. ("Google") nor the names of 14 * its contributors may be used to endorse or promote products derived 15 * from this software without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY GOOGLE AND ITS CONTRIBUTORS "AS IS" AND ANY 18 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 19 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 20 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY 21 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 22 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 24 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29#include "config.h" 30#include "SecurityPolicy.h" 31 32#include "KURL.h" 33#include <wtf/MainThread.h> 34#include "OriginAccessEntry.h" 35#include "SecurityOrigin.h" 36#include <wtf/OwnPtr.h> 37#include <wtf/PassOwnPtr.h> 38#include <wtf/text/StringHash.h> 39 40namespace WebCore { 41 42static SecurityPolicy::LocalLoadPolicy localLoadPolicy = SecurityPolicy::AllowLocalLoadsForLocalOnly; 43 44typedef Vector<OriginAccessEntry> OriginAccessWhiteList; 45typedef HashMap<String, OwnPtr<OriginAccessWhiteList> > OriginAccessMap; 46 47static OriginAccessMap& originAccessMap() 48{ 49 DEFINE_STATIC_LOCAL(OriginAccessMap, originAccessMap, ()); 50 return originAccessMap; 51} 52 53bool SecurityPolicy::shouldHideReferrer(const KURL& url, const String& referrer) 54{ 55 bool referrerIsSecureURL = protocolIs(referrer, "https"); 56 bool referrerIsWebURL = referrerIsSecureURL || protocolIs(referrer, "http"); 57 58 if (!referrerIsWebURL) 59 return true; 60 61 if (!referrerIsSecureURL) 62 return false; 63 64 bool URLIsSecureURL = url.protocolIs("https"); 65 66 return !URLIsSecureURL; 67} 68 69String SecurityPolicy::generateReferrerHeader(ReferrerPolicy referrerPolicy, const KURL& url, const String& referrer) 70{ 71 if (referrer.isEmpty()) 72 return String(); 73 74 switch (referrerPolicy) { 75 case ReferrerPolicyNever: 76 return String(); 77 case ReferrerPolicyAlways: 78 return referrer; 79 case ReferrerPolicyOrigin: { 80 String origin = SecurityOrigin::createFromString(referrer)->toString(); 81 if (origin == "null") 82 return String(); 83 // A security origin is not a canonical URL as it lacks a path. Add / 84 // to turn it into a canonical URL we can use as referrer. 85 return origin + "/"; 86 } 87 case ReferrerPolicyDefault: 88 break; 89 } 90 91 return shouldHideReferrer(url, referrer) ? String() : referrer; 92} 93 94void SecurityPolicy::setLocalLoadPolicy(LocalLoadPolicy policy) 95{ 96 localLoadPolicy = policy; 97} 98 99bool SecurityPolicy::restrictAccessToLocal() 100{ 101 return localLoadPolicy != SecurityPolicy::AllowLocalLoadsForAll; 102} 103 104bool SecurityPolicy::allowSubstituteDataAccessToLocal() 105{ 106 return localLoadPolicy != SecurityPolicy::AllowLocalLoadsForLocalOnly; 107} 108 109bool SecurityPolicy::isAccessWhiteListed(const SecurityOrigin* activeOrigin, const SecurityOrigin* targetOrigin) 110{ 111 if (OriginAccessWhiteList* list = originAccessMap().get(activeOrigin->toString())) { 112 for (size_t i = 0; i < list->size(); ++i) { 113 if (list->at(i).matchesOrigin(*targetOrigin)) 114 return true; 115 } 116 } 117 return false; 118} 119 120bool SecurityPolicy::isAccessToURLWhiteListed(const SecurityOrigin* activeOrigin, const KURL& url) 121{ 122 RefPtr<SecurityOrigin> targetOrigin = SecurityOrigin::create(url); 123 return isAccessWhiteListed(activeOrigin, targetOrigin.get()); 124} 125 126void SecurityPolicy::addOriginAccessWhitelistEntry(const SecurityOrigin& sourceOrigin, const String& destinationProtocol, const String& destinationDomain, bool allowDestinationSubdomains) 127{ 128 ASSERT(isMainThread()); 129 ASSERT(!sourceOrigin.isUnique()); 130 if (sourceOrigin.isUnique()) 131 return; 132 133 String sourceString = sourceOrigin.toString(); 134 OriginAccessMap::AddResult result = originAccessMap().add(sourceString, nullptr); 135 if (result.isNewEntry) 136 result.iterator->value = adoptPtr(new OriginAccessWhiteList); 137 138 OriginAccessWhiteList* list = result.iterator->value.get(); 139 list->append(OriginAccessEntry(destinationProtocol, destinationDomain, allowDestinationSubdomains ? OriginAccessEntry::AllowSubdomains : OriginAccessEntry::DisallowSubdomains)); 140} 141 142void SecurityPolicy::removeOriginAccessWhitelistEntry(const SecurityOrigin& sourceOrigin, const String& destinationProtocol, const String& destinationDomain, bool allowDestinationSubdomains) 143{ 144 ASSERT(isMainThread()); 145 ASSERT(!sourceOrigin.isUnique()); 146 if (sourceOrigin.isUnique()) 147 return; 148 149 String sourceString = sourceOrigin.toString(); 150 OriginAccessMap& map = originAccessMap(); 151 OriginAccessMap::iterator it = map.find(sourceString); 152 if (it == map.end()) 153 return; 154 155 OriginAccessWhiteList* list = it->value.get(); 156 size_t index = list->find(OriginAccessEntry(destinationProtocol, destinationDomain, allowDestinationSubdomains ? OriginAccessEntry::AllowSubdomains : OriginAccessEntry::DisallowSubdomains)); 157 if (index == notFound) 158 return; 159 160 list->remove(index); 161 162 if (list->isEmpty()) 163 map.remove(it); 164} 165 166void SecurityPolicy::resetOriginAccessWhitelists() 167{ 168 ASSERT(isMainThread()); 169 originAccessMap().clear(); 170} 171 172} // namespace WebCore 173