WebCore/SecurityOrigin.h

   1 /*
   2  * Copyright (C) 2007,2008 Apple Inc. All rights reserved.
   3  *
   4  * Redistribution and use in source and binary forms, with or without
   5  * modification, are permitted provided that the following conditions
   6  * are met:
   7  *
   8  * 1.  Redistributions of source code must retain the above copyright
   9  *     notice, this list of conditions and the following disclaimer.
  10  * 2.  Redistributions in binary form must reproduce the above copyright
  11  *     notice, this list of conditions and the following disclaimer in the
  12  *     documentation and/or other materials provided with the distribution.
  13  * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
  14  *     its contributors may be used to endorse or promote products derived
  15  *     from this software without specific prior written permission.
  16  *
  17  * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
  18  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  19  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  20  * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
  21  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  22  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  23  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  24  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  25  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  26  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  27  */
  28
  29 #ifndef SecurityOrigin_h
  30 #define SecurityOrigin_h
  31
  32 #include <wtf/RefCounted.h>
  33 #include <wtf/PassRefPtr.h>
  34 #include <wtf/Threading.h>
  35
  36 #include "PlatformString.h"
  37
  38 namespace WebCore {
  39
  40     class KURL;
  41
  42     class SecurityOrigin : public ThreadSafeShared<SecurityOrigin> {
  43     public:
  44         static PassRefPtr<SecurityOrigin> createFromDatabaseIdentifier(const String&);
  45         static PassRefPtr<SecurityOrigin> createFromString(const String&);
  46         static PassRefPtr<SecurityOrigin> create(const KURL&);
  47         static PassRefPtr<SecurityOrigin> createEmpty();
  48
  49         // Create a deep copy of this SecurityOrigin.  This method is useful
  50         // when marshalling a SecurityOrigin to another thread.
  51         PassRefPtr<SecurityOrigin> copy();
  52
  53         // Set the domain property of this security origin to newDomain.  This
  54         // function does not check whether newDomain is a suffix of the current
  55         // domain.  The caller is responsible for validating newDomain.
  56         void setDomainFromDOM(const String& newDomain);
  57         bool domainWasSetInDOM() const { return m_domainWasSetInDOM; }
  58
  59         String protocol() const { return m_protocol; }
  60         String host() const { return m_host; }
  61         String domain() const { return m_domain; }
  62         unsigned short port() const { return m_port; }
  63
  64         // Returns true if this SecurityOrigin can script objects in the given
  65         // SecurityOrigin.  For example, call this function before allowing
  66         // script from one security origin to read or write objects from
  67         // another SecurityOrigin.
  68         bool canAccess(const SecurityOrigin*) const;
  69
  70         // Returns true if this SecurityOrigin can read content retrieved from
  71         // the given URL.  For example, call this function before issuing
  72         // XMLHttpRequests.
  73         bool canRequest(const KURL&) const;
  74
  75         // Returns true if this SecurityOrigin can load local resources, such
  76         // as images, iframes, and style sheets, and can link to local URLs.
  77         // For example, call this function before creating an iframe to a
  78         // file:// URL.
  79         //
  80         // Note: A SecurityOrigin might be allowed to load local resources
  81         //       without being able to issue an XMLHttpRequest for a local URL.
  82         //       To determine whether the SecurityOrigin can issue an
  83         //       XMLHttpRequest for a URL, call canRequest(url).
  84         bool canLoadLocalResources() const { return m_canLoadLocalResources; }
  85
  86         // Explicitly grant the ability to load local resources to this
  87         // SecurityOrigin.
  88         //
  89         // Note: This method exists only to support backwards compatibility
  90         //       with older versions of WebKit.
  91         void grantLoadLocalResources();
  92
  93         bool isSecureTransitionTo(const KURL&) const;
  94
  95         // The local SecurityOrigin is the most privileged SecurityOrigin.
  96         // The local SecurityOrigin can script any document, navigate to local
  97         // resources, and can set arbitrary headers on XMLHttpRequests.
  98         bool isLocal() const;
  99
 100         // The empty SecurityOrigin is the least privileged SecurityOrigin.
 101         bool isEmpty() const;
 102
 103         // Convert this SecurityOrigin into a string.  The string
 104         // representation of a SecurityOrigin is similar to a URL, except it
 105         // lacks a path component.  The string representation does not encode
 106         // the value of the SecurityOrigin's domain property.  The empty
 107         // SecurityOrigin is represented with the string "null".
 108         String toString() const;
 109
 110         // Serialize the security origin for storage in the database. This format is
 111         // deprecated and should be used only for compatibility with old databases;
 112         // use toString() and createFromString() instead.
 113         String databaseIdentifier() const;
 114
 115         // This method checks for equality between SecurityOrigins, not whether
 116         // one origin can access another.  It is used for hash table keys.
 117         // For access checks, use canAccess().
 118         // FIXME: If this method is really only useful for hash table keys, it
 119         // should be refactored into SecurityOriginHash.
 120         bool equal(const SecurityOrigin*) const;
 121
 122         // This method checks for equality, ignoring the value of document.domain
 123         // (and whether it was set) but considering the host. It is used for postMessage.
 124         bool isSameSchemeHostPort(const SecurityOrigin*) const;
 125
 126     private:
 127         explicit SecurityOrigin(const KURL&);
 128         explicit SecurityOrigin(const SecurityOrigin*);
 129
 130         String m_protocol;
 131         String m_host;
 132         String m_domain;
 133         unsigned short m_port;
 134         bool m_noAccess;
 135         bool m_domainWasSetInDOM;
 136         bool m_canLoadLocalResources;
 137     };
 138
 139 } // namespace WebCore
 140
 141 #endif // SecurityOrigin_h