1635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project/*
28f72e70a9fd78eec56623b3a62e68f16b7b27e28Feng Qian * Copyright (C) 2009 Google Inc. All rights reserved.
38f72e70a9fd78eec56623b3a62e68f16b7b27e28Feng Qian *
4635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * Redistribution and use in source and binary forms, with or without
5635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * modification, are permitted provided that the following conditions are
6635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * met:
78f72e70a9fd78eec56623b3a62e68f16b7b27e28Feng Qian *
8635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project *     * Redistributions of source code must retain the above copyright
9635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * notice, this list of conditions and the following disclaimer.
10635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project *     * Redistributions in binary form must reproduce the above
11635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * copyright notice, this list of conditions and the following disclaimer
12635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * in the documentation and/or other materials provided with the
13635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * distribution.
14635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project *     * Neither the name of Google Inc. nor the names of its
15635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * contributors may be used to endorse or promote products derived from
16635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * this software without specific prior written permission.
178f72e70a9fd78eec56623b3a62e68f16b7b27e28Feng Qian *
18635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project */
30635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project
31643ca7872b450ea4efacab6188849e5aac2ba161Steve Block#include "config.h"
32643ca7872b450ea4efacab6188849e5aac2ba161Steve Block#include "WebSecurityPolicy.h"
33635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project
34643ca7872b450ea4efacab6188849e5aac2ba161Steve Block#include "FrameLoader.h"
350617145a89917ae7735fe1c9538688ab9a577df5Kristian Monsen#include "SchemeRegistry.h"
36643ca7872b450ea4efacab6188849e5aac2ba161Steve Block#include "SecurityOrigin.h"
37635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project
38643ca7872b450ea4efacab6188849e5aac2ba161Steve Block#include "WebString.h"
39643ca7872b450ea4efacab6188849e5aac2ba161Steve Block#include "WebURL.h"
40635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project
41643ca7872b450ea4efacab6188849e5aac2ba161Steve Blockusing namespace WebCore;
428f72e70a9fd78eec56623b3a62e68f16b7b27e28Feng Qian
43643ca7872b450ea4efacab6188849e5aac2ba161Steve Blocknamespace WebKit {
44635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project
45643ca7872b450ea4efacab6188849e5aac2ba161Steve Blockvoid WebSecurityPolicy::registerURLSchemeAsLocal(const WebString& scheme)
46643ca7872b450ea4efacab6188849e5aac2ba161Steve Block{
470617145a89917ae7735fe1c9538688ab9a577df5Kristian Monsen    SchemeRegistry::registerURLSchemeAsLocal(scheme);
48643ca7872b450ea4efacab6188849e5aac2ba161Steve Block}
49643ca7872b450ea4efacab6188849e5aac2ba161Steve Block
50643ca7872b450ea4efacab6188849e5aac2ba161Steve Blockvoid WebSecurityPolicy::registerURLSchemeAsNoAccess(const WebString& scheme)
51643ca7872b450ea4efacab6188849e5aac2ba161Steve Block{
520617145a89917ae7735fe1c9538688ab9a577df5Kristian Monsen    SchemeRegistry::registerURLSchemeAsNoAccess(scheme);
53643ca7872b450ea4efacab6188849e5aac2ba161Steve Block}
54643ca7872b450ea4efacab6188849e5aac2ba161Steve Block
5565f03d4f644ce73618e5f4f50dd694b26f55ae12Ben Murdochvoid WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(const WebString& scheme)
5665f03d4f644ce73618e5f4f50dd694b26f55ae12Ben Murdoch{
5765f03d4f644ce73618e5f4f50dd694b26f55ae12Ben Murdoch    SchemeRegistry::registerURLSchemeAsDisplayIsolated(scheme);
5865f03d4f644ce73618e5f4f50dd694b26f55ae12Ben Murdoch}
5965f03d4f644ce73618e5f4f50dd694b26f55ae12Ben Murdoch
60dcc8cf2e65d1aa555cce12431a16547e66b469eeSteve Blockvoid WebSecurityPolicy::registerURLSchemeAsSecure(const WebString& scheme)
61dcc8cf2e65d1aa555cce12431a16547e66b469eeSteve Block{
620617145a89917ae7735fe1c9538688ab9a577df5Kristian Monsen    SchemeRegistry::registerURLSchemeAsSecure(scheme);
63dcc8cf2e65d1aa555cce12431a16547e66b469eeSteve Block}
64dcc8cf2e65d1aa555cce12431a16547e66b469eeSteve Block
6521939df44de1705786c545cd1bf519d47250322dBen Murdochvoid WebSecurityPolicy::addOriginAccessWhitelistEntry(
6621939df44de1705786c545cd1bf519d47250322dBen Murdoch    const WebURL& sourceOrigin,
67643ca7872b450ea4efacab6188849e5aac2ba161Steve Block    const WebString& destinationProtocol,
68643ca7872b450ea4efacab6188849e5aac2ba161Steve Block    const WebString& destinationHost,
69643ca7872b450ea4efacab6188849e5aac2ba161Steve Block    bool allowDestinationSubdomains)
70643ca7872b450ea4efacab6188849e5aac2ba161Steve Block{
71dcc8cf2e65d1aa555cce12431a16547e66b469eeSteve Block    SecurityOrigin::addOriginAccessWhitelistEntry(
72643ca7872b450ea4efacab6188849e5aac2ba161Steve Block        *SecurityOrigin::create(sourceOrigin), destinationProtocol,
73643ca7872b450ea4efacab6188849e5aac2ba161Steve Block        destinationHost, allowDestinationSubdomains);
74643ca7872b450ea4efacab6188849e5aac2ba161Steve Block}
758f72e70a9fd78eec56623b3a62e68f16b7b27e28Feng Qian
7621939df44de1705786c545cd1bf519d47250322dBen Murdochvoid WebSecurityPolicy::removeOriginAccessWhitelistEntry(
7721939df44de1705786c545cd1bf519d47250322dBen Murdoch    const WebURL& sourceOrigin,
7821939df44de1705786c545cd1bf519d47250322dBen Murdoch    const WebString& destinationProtocol,
7921939df44de1705786c545cd1bf519d47250322dBen Murdoch    const WebString& destinationHost,
8021939df44de1705786c545cd1bf519d47250322dBen Murdoch    bool allowDestinationSubdomains)
8121939df44de1705786c545cd1bf519d47250322dBen Murdoch{
8221939df44de1705786c545cd1bf519d47250322dBen Murdoch    SecurityOrigin::removeOriginAccessWhitelistEntry(
8321939df44de1705786c545cd1bf519d47250322dBen Murdoch        *SecurityOrigin::create(sourceOrigin), destinationProtocol,
8421939df44de1705786c545cd1bf519d47250322dBen Murdoch        destinationHost, allowDestinationSubdomains);
8521939df44de1705786c545cd1bf519d47250322dBen Murdoch}
8621939df44de1705786c545cd1bf519d47250322dBen Murdoch
8721939df44de1705786c545cd1bf519d47250322dBen Murdochvoid WebSecurityPolicy::resetOriginAccessWhitelists()
88643ca7872b450ea4efacab6188849e5aac2ba161Steve Block{
89dcc8cf2e65d1aa555cce12431a16547e66b469eeSteve Block    SecurityOrigin::resetOriginAccessWhitelists();
908f72e70a9fd78eec56623b3a62e68f16b7b27e28Feng Qian}
91635860845790a19bf50bbc51ba8fb66a96dde068The Android Open Source Project
92d0825bca7fe65beaee391d30da42e937db621564Steve Blockbool WebSecurityPolicy::shouldHideReferrer(const WebURL& url, const WebString& referrer)
93d0825bca7fe65beaee391d30da42e937db621564Steve Block{
94d0825bca7fe65beaee391d30da42e937db621564Steve Block    return SecurityOrigin::shouldHideReferrer(url, referrer);
95d0825bca7fe65beaee391d30da42e937db621564Steve Block}
96d0825bca7fe65beaee391d30da42e937db621564Steve Block
97643ca7872b450ea4efacab6188849e5aac2ba161Steve Block} // namespace WebKit
98