1 /*
2 * Copyright (C) 2009 Google Inc. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are
6 * met:
7 *
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above
11 * copyright notice, this list of conditions and the following disclaimer
12 * in the documentation and/or other materials provided with the
13 * distribution.
14 * * Neither the name of Google Inc. nor the names of its
15 * contributors may be used to endorse or promote products derived from
16 * this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
31 #include "config.h"
32 #include "public/web/WebSecurityPolicy.h"
33
34 #include "core/loader/FrameLoader.h"
35 #include "platform/weborigin/SchemeRegistry.h"
36 #include "platform/weborigin/SecurityOrigin.h"
37 #include "platform/weborigin/SecurityPolicy.h"
38 #include "public/platform/WebString.h"
39 #include "public/platform/WebURL.h"
40
41 namespace blink {
42
registerURLSchemeAsLocal(const WebString & scheme)43 void WebSecurityPolicy::registerURLSchemeAsLocal(const WebString& scheme)
44 {
45 SchemeRegistry::registerURLSchemeAsLocal(scheme);
46 }
47
registerURLSchemeAsNoAccess(const WebString & scheme)48 void WebSecurityPolicy::registerURLSchemeAsNoAccess(const WebString& scheme)
49 {
50 SchemeRegistry::registerURLSchemeAsNoAccess(scheme);
51 }
52
registerURLSchemeAsDisplayIsolated(const WebString & scheme)53 void WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(const WebString& scheme)
54 {
55 SchemeRegistry::registerURLSchemeAsDisplayIsolated(scheme);
56 }
57
registerURLSchemeAsSecure(const WebString & scheme)58 void WebSecurityPolicy::registerURLSchemeAsSecure(const WebString& scheme)
59 {
60 SchemeRegistry::registerURLSchemeAsSecure(scheme);
61 }
62
registerURLSchemeAsCORSEnabled(const WebString & scheme)63 void WebSecurityPolicy::registerURLSchemeAsCORSEnabled(const WebString& scheme)
64 {
65 SchemeRegistry::registerURLSchemeAsCORSEnabled(scheme);
66 }
67
registerURLSchemeAsBypassingContentSecurityPolicy(const WebString & scheme)68 void WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy(const WebString& scheme)
69 {
70 SchemeRegistry::registerURLSchemeAsBypassingContentSecurityPolicy(scheme);
71 }
72
registerURLSchemeAsEmptyDocument(const WebString & scheme)73 void WebSecurityPolicy::registerURLSchemeAsEmptyDocument(const WebString& scheme)
74 {
75 SchemeRegistry::registerURLSchemeAsEmptyDocument(scheme);
76 }
77
addOriginAccessWhitelistEntry(const WebURL & sourceOrigin,const WebString & destinationProtocol,const WebString & destinationHost,bool allowDestinationSubdomains)78 void WebSecurityPolicy::addOriginAccessWhitelistEntry(
79 const WebURL& sourceOrigin,
80 const WebString& destinationProtocol,
81 const WebString& destinationHost,
82 bool allowDestinationSubdomains)
83 {
84 SecurityPolicy::addOriginAccessWhitelistEntry(
85 *SecurityOrigin::create(sourceOrigin), destinationProtocol,
86 destinationHost, allowDestinationSubdomains);
87 }
88
removeOriginAccessWhitelistEntry(const WebURL & sourceOrigin,const WebString & destinationProtocol,const WebString & destinationHost,bool allowDestinationSubdomains)89 void WebSecurityPolicy::removeOriginAccessWhitelistEntry(
90 const WebURL& sourceOrigin,
91 const WebString& destinationProtocol,
92 const WebString& destinationHost,
93 bool allowDestinationSubdomains)
94 {
95 SecurityPolicy::removeOriginAccessWhitelistEntry(
96 *SecurityOrigin::create(sourceOrigin), destinationProtocol,
97 destinationHost, allowDestinationSubdomains);
98 }
99
resetOriginAccessWhitelists()100 void WebSecurityPolicy::resetOriginAccessWhitelists()
101 {
102 SecurityPolicy::resetOriginAccessWhitelists();
103 }
104
generateReferrerHeader(WebReferrerPolicy referrerPolicy,const WebURL & url,const WebString & referrer)105 WebString WebSecurityPolicy::generateReferrerHeader(WebReferrerPolicy referrerPolicy, const WebURL& url, const WebString& referrer)
106 {
107 return SecurityPolicy::generateReferrerHeader(static_cast<ReferrerPolicy>(referrerPolicy), url, referrer);
108 }
109
registerURLSchemeAsNotAllowingJavascriptURLs(const WebString & scheme)110 void WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs(const WebString& scheme)
111 {
112 SchemeRegistry::registerURLSchemeAsNotAllowingJavascriptURLs(scheme);
113 }
114
115 } // namespace blink
116