1d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)// Copyright 2014 The Chromium Authors. All rights reserved. 2d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 3d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)// found in the LICENSE file. 4d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 5d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "config.h" 6d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "core/frame/csp/CSPSource.h" 7d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 8d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "core/frame/csp/ContentSecurityPolicy.h" 9d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "platform/weborigin/KURL.h" 10d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "platform/weborigin/KnownPorts.h" 11d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "platform/weborigin/SecurityOrigin.h" 12d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "wtf/text/WTFString.h" 13d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 14c1847b1379d12d0e05df27436bf19a9b1bf12deaTorne (Richard Coles)namespace blink { 15d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 167242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano TucciCSPSource::CSPSource(ContentSecurityPolicy* policy, const String& scheme, const String& host, int port, const String& path, WildcardDisposition hostWildcard, WildcardDisposition portWildcard) 17d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) : m_policy(policy) 18d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) , m_scheme(scheme) 19d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) , m_host(host) 20d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) , m_port(port) 21d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) , m_path(path) 227242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci , m_hostWildcard(hostWildcard) 237242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci , m_portWildcard(portWildcard) 24d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 25d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 26d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 27d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool CSPSource::matches(const KURL& url) const 28d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 29d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (!schemeMatches(url)) 30d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return false; 31d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (isSchemeOnly()) 32d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return true; 33d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return hostMatches(url) && portMatches(url) && pathMatches(url); 34d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 35d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 36d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool CSPSource::schemeMatches(const KURL& url) const 37d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 387242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci if (m_scheme.isEmpty()) 397242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci return m_policy->protocolMatchesSelf(url); 40d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return equalIgnoringCase(url.protocol(), m_scheme); 41d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 42d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 43d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool CSPSource::hostMatches(const KURL& url) const 44d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 45d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) const String& host = url.host(); 46d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (equalIgnoringCase(host, m_host)) 47d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return true; 487242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci return m_hostWildcard == HasWildcard && host.endsWith("." + m_host, false); 49d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 50d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 51d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 52d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool CSPSource::pathMatches(const KURL& url) const 53d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 54d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (m_path.isEmpty()) 55d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return true; 56d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 57d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) String path = decodeURLEscapeSequences(url.path()); 58d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 59d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (m_path.endsWith("/")) 60d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return path.startsWith(m_path, false); 61d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 62d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return path == m_path; 63d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 64d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 65d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool CSPSource::portMatches(const KURL& url) const 66d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 677242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci if (m_portWildcard == HasWildcard) 68d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return true; 69d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 70d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) int port = url.port(); 71d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 72d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (port == m_port) 73d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return true; 74d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 75d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (!port) 76d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return isDefaultPortForProtocol(m_port, url.protocol()); 77d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 78d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (!m_port) 79d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return isDefaultPortForProtocol(port, url.protocol()); 80d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 81d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return false; 82d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 83d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 84d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool CSPSource::isSchemeOnly() const 85d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 86d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return m_host.isEmpty(); 87d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 88d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 89d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} // namespace 90