1635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project/* 28f72e70a9fd78eec56623b3a62e68f16b7b27e28Feng Qian * Copyright (C) 2009 Google Inc. All rights reserved. 38f72e70a9fd78eec56623b3a62e68f16b7b27e28Feng Qian * 4635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * Redistribution and use in source and binary forms, with or without 5635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * modification, are permitted provided that the following conditions are 6635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * met: 78f72e70a9fd78eec56623b3a62e68f16b7b27e28Feng Qian * 8635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * * Redistributions of source code must retain the above copyright 9635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * notice, this list of conditions and the following disclaimer. 10635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * * Redistributions in binary form must reproduce the above 11635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * copyright notice, this list of conditions and the following disclaimer 12635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * in the documentation and/or other materials provided with the 13635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * distribution. 14635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * * Neither the name of Google Inc. nor the names of its 15635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * contributors may be used to endorse or promote products derived from 16635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * this software without specific prior written permission. 178f72e70a9fd78eec56623b3a62e68f16b7b27e28Feng Qian * 18635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project */ 30635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project 31643ca7872b450ea4efacab6188849e5aac2ba161Steve Block#ifndef WebSecurityPolicy_h 32643ca7872b450ea4efacab6188849e5aac2ba161Steve Block#define WebSecurityPolicy_h 33635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project 34643ca7872b450ea4efacab6188849e5aac2ba161Steve Block#include "WebCommon.h" 35635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project 36643ca7872b450ea4efacab6188849e5aac2ba161Steve Blocknamespace WebKit { 37635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project 38643ca7872b450ea4efacab6188849e5aac2ba161Steve Blockclass WebString; 39643ca7872b450ea4efacab6188849e5aac2ba161Steve Blockclass WebURL; 408f72e70a9fd78eec56623b3a62e68f16b7b27e28Feng Qian 41643ca7872b450ea4efacab6188849e5aac2ba161Steve Blockclass WebSecurityPolicy { 42643ca7872b450ea4efacab6188849e5aac2ba161Steve Blockpublic: 43643ca7872b450ea4efacab6188849e5aac2ba161Steve Block // Registers a URL scheme to be treated as a local scheme (i.e., with the 4465f03d4f644ce73618e5f4f50dd694b26f55ae12Ben Murdoch // same security rules as those applied to "file" URLs). This means that 45643ca7872b450ea4efacab6188849e5aac2ba161Steve Block // normal pages cannot link to or access URLs of this scheme. 46643ca7872b450ea4efacab6188849e5aac2ba161Steve Block WEBKIT_API static void registerURLSchemeAsLocal(const WebString&); 47635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project 4865f03d4f644ce73618e5f4f50dd694b26f55ae12Ben Murdoch // Registers a URL scheme to be treated as a noAccess scheme. This means 49643ca7872b450ea4efacab6188849e5aac2ba161Steve Block // that pages loaded with this URL scheme cannot access pages loaded with 50643ca7872b450ea4efacab6188849e5aac2ba161Steve Block // any other URL scheme. 51643ca7872b450ea4efacab6188849e5aac2ba161Steve Block WEBKIT_API static void registerURLSchemeAsNoAccess(const WebString&); 52643ca7872b450ea4efacab6188849e5aac2ba161Steve Block 5365f03d4f644ce73618e5f4f50dd694b26f55ae12Ben Murdoch // Registers a URL scheme to be treated as display-isolated. This means 5465f03d4f644ce73618e5f4f50dd694b26f55ae12Ben Murdoch // that pages cannot display these URLs unless they are from the same 5565f03d4f644ce73618e5f4f50dd694b26f55ae12Ben Murdoch // scheme. For example, pages in other origin cannot create iframes or 5665f03d4f644ce73618e5f4f50dd694b26f55ae12Ben Murdoch // hyperlinks to URLs with the scheme. 5765f03d4f644ce73618e5f4f50dd694b26f55ae12Ben Murdoch WEBKIT_API static void registerURLSchemeAsDisplayIsolated(const WebString&); 5865f03d4f644ce73618e5f4f50dd694b26f55ae12Ben Murdoch 59dcc8cf2e65d1aa555cce12431a16547e66b469eeSteve Block // Registers a URL scheme to not generate mixed content warnings when 60dcc8cf2e65d1aa555cce12431a16547e66b469eeSteve Block // included by an HTTPS page. 61dcc8cf2e65d1aa555cce12431a16547e66b469eeSteve Block WEBKIT_API static void registerURLSchemeAsSecure(const WebString&); 62dcc8cf2e65d1aa555cce12431a16547e66b469eeSteve Block 63643ca7872b450ea4efacab6188849e5aac2ba161Steve Block // Support for whitelisting access to origins beyond the same-origin policy. 6421939df44de1705786c545cd1bf519d47250322dBen Murdoch WEBKIT_API static void addOriginAccessWhitelistEntry( 6521939df44de1705786c545cd1bf519d47250322dBen Murdoch const WebURL& sourceOrigin, const WebString& destinationProtocol, 6621939df44de1705786c545cd1bf519d47250322dBen Murdoch const WebString& destinationHost, bool allowDestinationSubdomains); 6721939df44de1705786c545cd1bf519d47250322dBen Murdoch WEBKIT_API static void removeOriginAccessWhitelistEntry( 6821939df44de1705786c545cd1bf519d47250322dBen Murdoch const WebURL& sourceOrigin, const WebString& destinationProtocol, 6921939df44de1705786c545cd1bf519d47250322dBen Murdoch const WebString& destinationHost, bool allowDestinationSubdomains); 7021939df44de1705786c545cd1bf519d47250322dBen Murdoch WEBKIT_API static void resetOriginAccessWhitelists(); 7165f03d4f644ce73618e5f4f50dd694b26f55ae12Ben Murdoch 72d0825bca7fe65beaee391d30da42e937db621564Steve Block // Returns whether the url should be allowed to see the referrer 73d0825bca7fe65beaee391d30da42e937db621564Steve Block // based on their respective protocols. 74d0825bca7fe65beaee391d30da42e937db621564Steve Block WEBKIT_API static bool shouldHideReferrer(const WebURL& url, const WebString& referrer); 758f72e70a9fd78eec56623b3a62e68f16b7b27e28Feng Qian 76643ca7872b450ea4efacab6188849e5aac2ba161Steve Blockprivate: 77643ca7872b450ea4efacab6188849e5aac2ba161Steve Block WebSecurityPolicy(); 78643ca7872b450ea4efacab6188849e5aac2ba161Steve Block}; 79635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project 80643ca7872b450ea4efacab6188849e5aac2ba161Steve Block} // namespace WebKit 81643ca7872b450ea4efacab6188849e5aac2ba161Steve Block 82643ca7872b450ea4efacab6188849e5aac2ba161Steve Block#endif 83