1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "content/public/common/origin_util.h"
7 #include "base/lazy_instance.h"
8 #include "base/stl_util.h"
9 #include "content/public/common/content_client.h"
10 #include "net/base/net_util.h"
17 class SchemeAndOriginWhitelist
{
19 SchemeAndOriginWhitelist() { Reset(); }
20 ~SchemeAndOriginWhitelist() {}
23 GetContentClient()->AddSecureSchemesAndOrigins(&secure_schemes_
,
25 GetContentClient()->AddServiceWorkerSchemes(&service_worker_schemes_
);
28 const std::set
<std::string
>& secure_schemes() const {
29 return secure_schemes_
;
31 const std::set
<GURL
>& secure_origins() const { return secure_origins_
; }
32 const std::set
<std::string
>& service_worker_schemes() const {
33 return service_worker_schemes_
;
37 std::set
<std::string
> secure_schemes_
;
38 std::set
<GURL
> secure_origins_
;
39 std::set
<std::string
> service_worker_schemes_
;
40 DISALLOW_COPY_AND_ASSIGN(SchemeAndOriginWhitelist
);
43 base::LazyInstance
<SchemeAndOriginWhitelist
>::Leaky g_trustworthy_whitelist
=
44 LAZY_INSTANCE_INITIALIZER
;
48 bool IsOriginSecure(const GURL
& url
) {
49 if (url
.SchemeIsCryptographic() || url
.SchemeIsFile())
52 if (url
.SchemeIsFileSystem() && url
.inner_url() &&
53 IsOriginSecure(*url
.inner_url())) {
57 std::string hostname
= url
.HostNoBrackets();
58 if (net::IsLocalhost(hostname
))
61 if (ContainsKey(g_trustworthy_whitelist
.Get().secure_schemes(), url
.scheme()))
64 if (ContainsKey(g_trustworthy_whitelist
.Get().secure_origins(),
72 bool OriginCanAccessServiceWorkers(const GURL
& url
) {
73 if (url
.SchemeIsHTTPOrHTTPS() && IsOriginSecure(url
))
76 if (ContainsKey(g_trustworthy_whitelist
.Get().service_worker_schemes(),
84 void ResetSchemesAndOriginsWhitelistForTesting() {
85 g_trustworthy_whitelist
.Get().Reset();
88 } // namespace content
