third_party/WebKit/Source/web/WebSecurityPolicy.cpp

   1 /*
   2  * Copyright (C) 2009 Google Inc. All rights reserved.
   3  *
   4  * Redistribution and use in source and binary forms, with or without
   5  * modification, are permitted provided that the following conditions are
   6  * met:
   7  *
   8  *     * Redistributions of source code must retain the above copyright
   9  * notice, this list of conditions and the following disclaimer.
  10  *     * Redistributions in binary form must reproduce the above
  11  * copyright notice, this list of conditions and the following disclaimer
  12  * in the documentation and/or other materials provided with the
  13  * distribution.
  14  *     * Neither the name of Google Inc. nor the names of its
  15  * contributors may be used to endorse or promote products derived from
  16  * this software without specific prior written permission.
  17  *
  18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29  */
  30
  31 #include "config.h"
  32 #include "public/web/WebSecurityPolicy.h"
  33
  34 #include "core/loader/FrameLoader.h"
  35 #include "platform/weborigin/SchemeRegistry.h"
  36 #include "platform/weborigin/SecurityOrigin.h"
  37 #include "platform/weborigin/SecurityPolicy.h"
  38 #include "public/platform/WebSecurityOrigin.h"
  39 #include "public/platform/WebString.h"
  40 #include "public/platform/WebURL.h"
  41
  42 namespace blink {
  43
  44 void WebSecurityPolicy::registerURLSchemeAsLocal(const WebString& scheme)
  45 {
  46     SchemeRegistry::registerURLSchemeAsLocal(scheme);
  47 }
  48
  49 void WebSecurityPolicy::registerURLSchemeAsNoAccess(const WebString& scheme)
  50 {
  51     SchemeRegistry::registerURLSchemeAsNoAccess(scheme);
  52 }
  53
  54 void WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(const WebString& scheme)
  55 {
  56     SchemeRegistry::registerURLSchemeAsDisplayIsolated(scheme);
  57 }
  58
  59 void WebSecurityPolicy::registerURLSchemeAsRestrictingMixedContent(const WebString& scheme)
  60 {
  61     SchemeRegistry::registerURLSchemeAsRestrictingMixedContent(scheme);
  62 }
  63
  64 void WebSecurityPolicy::registerURLSchemeAsSecure(const WebString& scheme)
  65 {
  66     SchemeRegistry::registerURLSchemeAsSecure(scheme);
  67 }
  68
  69 bool WebSecurityPolicy::shouldTreatURLSchemeAsSecure(const WebString& scheme)
  70 {
  71     return SchemeRegistry::shouldTreatURLSchemeAsSecure(scheme);
  72 }
  73
  74 void WebSecurityPolicy::registerURLSchemeAsCORSEnabled(const WebString& scheme)
  75 {
  76     SchemeRegistry::registerURLSchemeAsCORSEnabled(scheme);
  77 }
  78
  79 void WebSecurityPolicy::registerURLSchemeAsAllowingServiceWorkers(const WebString& scheme)
  80 {
  81     SchemeRegistry::registerURLSchemeAsAllowingServiceWorkers(scheme);
  82 }
  83
  84 void WebSecurityPolicy::registerURLSchemeAsSupportingFetchAPI(const WebString& scheme)
  85 {
  86     SchemeRegistry::registerURLSchemeAsSupportingFetchAPI(scheme);
  87 }
  88
  89 void WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy(const WebString& scheme)
  90 {
  91     SchemeRegistry::registerURLSchemeAsBypassingContentSecurityPolicy(scheme);
  92 }
  93
  94 void WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy(const WebString& scheme, PolicyAreas policyAreas)
  95 {
  96     SchemeRegistry::registerURLSchemeAsBypassingContentSecurityPolicy(scheme, static_cast<SchemeRegistry::PolicyAreas>(policyAreas));
  97 }
  98
  99 void WebSecurityPolicy::registerURLSchemeAsFirstPartyWhenTopLevel(const WebString& scheme)
 100 {
 101     SchemeRegistry::registerURLSchemeAsFirstPartyWhenTopLevel(scheme);
 102 }
 103
 104 void WebSecurityPolicy::registerURLSchemeAsEmptyDocument(const WebString& scheme)
 105 {
 106     SchemeRegistry::registerURLSchemeAsEmptyDocument(scheme);
 107 }
 108
 109 void WebSecurityPolicy::addOriginAccessWhitelistEntry(
 110     const WebURL& sourceOrigin,
 111     const WebString& destinationProtocol,
 112     const WebString& destinationHost,
 113     bool allowDestinationSubdomains)
 114 {
 115     SecurityPolicy::addOriginAccessWhitelistEntry(
 116         *SecurityOrigin::create(sourceOrigin), destinationProtocol,
 117         destinationHost, allowDestinationSubdomains);
 118 }
 119
 120 void WebSecurityPolicy::removeOriginAccessWhitelistEntry(
 121     const WebURL& sourceOrigin,
 122     const WebString& destinationProtocol,
 123     const WebString& destinationHost,
 124     bool allowDestinationSubdomains)
 125 {
 126     SecurityPolicy::removeOriginAccessWhitelistEntry(
 127         *SecurityOrigin::create(sourceOrigin), destinationProtocol,
 128         destinationHost, allowDestinationSubdomains);
 129 }
 130
 131 void WebSecurityPolicy::resetOriginAccessWhitelists()
 132 {
 133     SecurityPolicy::resetOriginAccessWhitelists();
 134 }
 135
 136 void WebSecurityPolicy::addOriginTrustworthyWhiteList(const WebSecurityOrigin& origin)
 137 {
 138     SecurityPolicy::addOriginTrustworthyWhiteList(origin);
 139 }
 140
 141 WebString WebSecurityPolicy::generateReferrerHeader(WebReferrerPolicy referrerPolicy, const WebURL& url, const WebString& referrer)
 142 {
 143     return SecurityPolicy::generateReferrer(static_cast<ReferrerPolicy>(referrerPolicy), url, referrer).referrer;
 144 }
 145
 146 void WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs(const WebString& scheme)
 147 {
 148     SchemeRegistry::registerURLSchemeAsNotAllowingJavascriptURLs(scheme);
 149 }
 150
 151 } // namespace blink