third_party/WebKit/public/web/WebSecurityPolicy.h

   1 /*
   2  * Copyright (C) 2009 Google Inc. All rights reserved.
   3  *
   4  * Redistribution and use in source and binary forms, with or without
   5  * modification, are permitted provided that the following conditions are
   6  * met:
   7  *
   8  *     * Redistributions of source code must retain the above copyright
   9  * notice, this list of conditions and the following disclaimer.
  10  *     * Redistributions in binary form must reproduce the above
  11  * copyright notice, this list of conditions and the following disclaimer
  12  * in the documentation and/or other materials provided with the
  13  * distribution.
  14  *     * Neither the name of Google Inc. nor the names of its
  15  * contributors may be used to endorse or promote products derived from
  16  * this software without specific prior written permission.
  17  *
  18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29  */
  30
  31 #ifndef WebSecurityPolicy_h
  32 #define WebSecurityPolicy_h
  33
  34 #include "../platform/WebCommon.h"
  35 #include "../platform/WebReferrerPolicy.h"
  36
  37 namespace blink {
  38
  39 class WebSecurityOrigin;
  40 class WebString;
  41 class WebURL;
  42
  43 class WebSecurityPolicy {
  44 public:
  45     // Registers a URL scheme to be treated as a local scheme (i.e., with the
  46     // same security rules as those applied to "file" URLs). This means that
  47     // normal pages cannot link to or access URLs of this scheme.
  48     BLINK_EXPORT static void registerURLSchemeAsLocal(const WebString&);
  49
  50     // Registers a URL scheme to be treated as a noAccess scheme. This means
  51     // that pages loaded with this URL scheme cannot access pages loaded with
  52     // any other URL scheme.
  53     BLINK_EXPORT static void registerURLSchemeAsNoAccess(const WebString&);
  54
  55     // Registers a URL scheme to be treated as display-isolated. This means
  56     // that pages cannot display these URLs unless they are from the same
  57     // scheme. For example, pages in other origin cannot create iframes or
  58     // hyperlinks to URLs with the scheme.
  59     BLINK_EXPORT static void registerURLSchemeAsDisplayIsolated(const WebString&);
  60
  61     // Registers a URL scheme to generate mixed content warnings when resources whose
  62     // schemes are not registered as "secure" are embedded.
  63     BLINK_EXPORT static void registerURLSchemeAsRestrictingMixedContent(const WebString&);
  64
  65     // Subresources transported by secure schemes do not trigger mixed content
  66     // warnings. For example, https and data are secure schemes because they
  67     // cannot be corrupted by active network attackers.
  68     BLINK_EXPORT static void registerURLSchemeAsSecure(const WebString&);
  69
  70     // Returns true if the scheme has been registered as a secure scheme.
  71     BLINK_EXPORT static bool shouldTreatURLSchemeAsSecure(const WebString&);
  72
  73     // Registers a non-HTTP URL scheme which can be sent CORS requests.
  74     BLINK_EXPORT static void registerURLSchemeAsCORSEnabled(const WebString&);
  75
  76     // Registers a URL scheme that can register a ServiceWorker.
  77     BLINK_EXPORT static void registerURLSchemeAsAllowingServiceWorkers(const WebString&);
  78
  79     // Registers an HTTP-like URL scheme that supports the Fetch API.
  80     BLINK_EXPORT static void registerURLSchemeAsSupportingFetchAPI(const WebString&);
  81
  82     // Registers a URL scheme whose resources can be loaded regardless of a page's Content Security Policy.
  83     BLINK_EXPORT static void registerURLSchemeAsBypassingContentSecurityPolicy(const WebString&);
  84
  85     // Registers a URL scheme which will always be considered the first-party when loaded in a top-level context.
  86     BLINK_EXPORT static void registerURLSchemeAsFirstPartyWhenTopLevel(const WebString&);
  87
  88     // Registers a URL scheme for which some kinds of resources bypass Content Security Policy.
  89     // This enum should be kept in sync with Source/platform/weborigin/SchemeRegistry.h.
  90     // Enforced in AssertMatchingEnums.cpp.
  91     enum PolicyAreas : uint32_t {
  92         PolicyAreaNone = 0,
  93         PolicyAreaImage = 1 << 0,
  94         PolicyAreaStyle = 1 << 1,
  95         // Add more policy areas as needed by clients.
  96         PolicyAreaAll = ~static_cast<uint32_t>(0),
  97     };
  98     BLINK_EXPORT static void registerURLSchemeAsBypassingContentSecurityPolicy(const WebString& scheme, PolicyAreas);
  99
 100     // Registers a URL scheme as strictly empty documents, allowing them to
 101     // commit synchronously.
 102     BLINK_EXPORT static void registerURLSchemeAsEmptyDocument(const WebString&);
 103
 104     // Support for whitelisting access to origins beyond the same-origin policy.
 105     BLINK_EXPORT static void addOriginAccessWhitelistEntry(
 106         const WebURL& sourceOrigin, const WebString& destinationProtocol,
 107         const WebString& destinationHost, bool allowDestinationSubdomains);
 108     BLINK_EXPORT static void removeOriginAccessWhitelistEntry(
 109         const WebURL& sourceOrigin, const WebString& destinationProtocol,
 110         const WebString& destinationHost, bool allowDestinationSubdomains);
 111     BLINK_EXPORT static void resetOriginAccessWhitelists();
 112
 113     // Support for whitelisting origins to treat them as trustworthy.
 114     BLINK_EXPORT static void addOriginTrustworthyWhiteList(const WebSecurityOrigin&);
 115
 116     // Returns the referrer modified according to the referrer policy for a
 117     // navigation to a given URL. If the referrer returned is empty, the
 118     // referrer header should be omitted.
 119     BLINK_EXPORT static WebString generateReferrerHeader(WebReferrerPolicy, const WebURL&, const WebString& referrer);
 120
 121     // Registers an URL scheme to not allow manipulation of the loaded page
 122     // by bookmarklets or javascript: URLs typed in the omnibox.
 123     BLINK_EXPORT static void registerURLSchemeAsNotAllowingJavascriptURLs(const WebString&);
 124
 125 private:
 126     WebSecurityPolicy();
 127 };
 128
 129 } // namespace blink
 130
 131 #endif