1/* 2 * Copyright (C) 2011 Google Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of Google, Inc. ("Google") nor the names of 14 * its contributors may be used to endorse or promote products derived 15 * from this software without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY GOOGLE AND ITS CONTRIBUTORS "AS IS" AND ANY 18 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 19 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 20 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY 21 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 22 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 24 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29#ifndef SecurityPolicy_h 30#define SecurityPolicy_h 31 32#include "ReferrerPolicy.h" 33#include <wtf/text/WTFString.h> 34 35namespace WebCore { 36 37class KURL; 38class SecurityOrigin; 39 40class SecurityPolicy { 41public: 42 // True if the referrer should be omitted according to the 43 // ReferrerPolicyDefault. If you intend to send a referrer header, you 44 // should use generateReferrerHeader instead. 45 static bool shouldHideReferrer(const KURL&, const String& referrer); 46 47 // Returns the referrer modified according to the referrer policy for a 48 // navigation to a given URL. If the referrer returned is empty, the 49 // referrer header should be omitted. 50 static String generateReferrerHeader(ReferrerPolicy, const KURL&, const String& referrer); 51 52 enum LocalLoadPolicy { 53 AllowLocalLoadsForAll, // No restriction on local loads. 54 AllowLocalLoadsForLocalAndSubstituteData, 55 AllowLocalLoadsForLocalOnly, 56 }; 57 58 static void setLocalLoadPolicy(LocalLoadPolicy); 59 static bool restrictAccessToLocal(); 60 static bool allowSubstituteDataAccessToLocal(); 61 62 static void addOriginAccessWhitelistEntry(const SecurityOrigin& sourceOrigin, const String& destinationProtocol, const String& destinationDomain, bool allowDestinationSubdomains); 63 static void removeOriginAccessWhitelistEntry(const SecurityOrigin& sourceOrigin, const String& destinationProtocol, const String& destinationDomain, bool allowDestinationSubdomains); 64 static void resetOriginAccessWhitelists(); 65 66 static bool isAccessWhiteListed(const SecurityOrigin* activeOrigin, const SecurityOrigin* targetOrigin); 67 static bool isAccessToURLWhiteListed(const SecurityOrigin* activeOrigin, const KURL&); 68}; 69 70} // namespace WebCore 71 72#endif // SecurityPolicy_h 73