diff options
| author | estark@chromium.org <estark@chromium.org> | 2015-04-16 16:11:24 +0000 |
|---|---|---|
| committer | estark@chromium.org <estark@chromium.org> | 2015-04-16 16:11:24 +0000 |
| commit | 23e6ee4425b4f13b3dac9391119df9d74a425ab9 (patch) | |
| tree | 418d4dc1b34c74d0afd90bd05d345e98ef5e813a /third_party/WebKit/public/web/WebSecurityOrigin.h | |
| parent | c1e76c20b2541474ab0efa1de0c282770bea0cd7 (diff) | |
| download | chromium_src-23e6ee4425b4f13b3dac9391119df9d74a425ab9.zip chromium_src-23e6ee4425b4f13b3dac9391119df9d74a425ab9.tar.gz chromium_src-23e6ee4425b4f13b3dac9391119df9d74a425ab9.tar.bz2 | |
Walk ancestor tree to decide if powerful features should be allowed
As specified in
https://w3c.github.io/webappsec/specs/powerfulfeatures/#settings-privileged,
deciding if a powerful feature should be allowed involves walking up the
ancestor chain and deciding if each origin is "potentially trustworthy."
This CL adds a |isPrivilegedContext| method to |ExecutionContext|, which
calls |isPotentiallyTrustworthy| for each origin in the ancestor chain.
Because some sites heavily rely on the ability to use WebCrypto when the
ancestor chain includes an insecure origin, there is a flag to skip the
ancestor check, used only from WebCrypto.
This CL also factors out the layout test helper |get_host_info()| into
its own file, since it is used by many tests other than ServiceWorker
tests.
This CL does not yet implement ancestor-chain-checking for Workers
(i.e. checking if the responsible document's origin and all of its
ancestors are potentially trustworthy when a worker wants to access a
powerful feature). That will be a follow-up CL.
BUG=474710
Review URL: https://codereview.chromium.org/1077083004
git-svn-id: svn://svn.chromium.org/blink/trunk@193883 bbb929c8-8fbe-4397-9dbb-9b2b20218538
Diffstat (limited to 'third_party/WebKit/public/web/WebSecurityOrigin.h')
| -rw-r--r-- | third_party/WebKit/public/web/WebSecurityOrigin.h | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/third_party/WebKit/public/web/WebSecurityOrigin.h b/third_party/WebKit/public/web/WebSecurityOrigin.h index 3ba25b4..3930f65 100644 --- a/third_party/WebKit/public/web/WebSecurityOrigin.h +++ b/third_party/WebKit/public/web/WebSecurityOrigin.h @@ -92,12 +92,11 @@ public: // from a given security origin to receive contents from a given URL. BLINK_PLATFORM_EXPORT bool canRequest(const WebURL&) const; - // A "secure origin" as defined by [1] are those that load resources either - // from the local machine (necessarily trusted) or over the network from a - // cryptographically-authenticated server. - // - // [1] http://www.chromium.org/Home/chromium-security/security-faq#TOC-Which-origins-are-secure- - BLINK_PLATFORM_EXPORT bool canAccessFeatureRequiringSecureOrigin(WebString& errorMessage) const; + // Returns true if the origin loads resources either from the local + // machine or over the network from a + // cryptographically-authenticated origin, as described in + // https://w3c.github.io/webappsec/specs/powerfulfeatures/#is-origin-trustworthy. + BLINK_PLATFORM_EXPORT bool isPotentiallyTrustworthy(WebString& errorMessage) const; // Returns a string representation of the WebSecurityOrigin. The empty // WebSecurityOrigin is represented by "null". The representation of a |