From 23e6ee4425b4f13b3dac9391119df9d74a425ab9 Mon Sep 17 00:00:00 2001 From: "estark@chromium.org" Date: Thu, 16 Apr 2015 16:11:24 +0000 Subject: Walk ancestor tree to decide if powerful features should be allowed As specified in https://w3c.github.io/webappsec/specs/powerfulfeatures/#settings-privileged, deciding if a powerful feature should be allowed involves walking up the ancestor chain and deciding if each origin is "potentially trustworthy." This CL adds a |isPrivilegedContext| method to |ExecutionContext|, which calls |isPotentiallyTrustworthy| for each origin in the ancestor chain. Because some sites heavily rely on the ability to use WebCrypto when the ancestor chain includes an insecure origin, there is a flag to skip the ancestor check, used only from WebCrypto. This CL also factors out the layout test helper |get_host_info()| into its own file, since it is used by many tests other than ServiceWorker tests. This CL does not yet implement ancestor-chain-checking for Workers (i.e. checking if the responsible document's origin and all of its ancestors are potentially trustworthy when a worker wants to access a powerful feature). That will be a follow-up CL. BUG=474710 Review URL: https://codereview.chromium.org/1077083004 git-svn-id: svn://svn.chromium.org/blink/trunk@193883 bbb929c8-8fbe-4397-9dbb-9b2b20218538 --- third_party/WebKit/public/web/WebSecurityOrigin.h | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'third_party/WebKit/public/web/WebSecurityOrigin.h') diff --git a/third_party/WebKit/public/web/WebSecurityOrigin.h b/third_party/WebKit/public/web/WebSecurityOrigin.h index 3ba25b4..3930f65 100644 --- a/third_party/WebKit/public/web/WebSecurityOrigin.h +++ b/third_party/WebKit/public/web/WebSecurityOrigin.h @@ -92,12 +92,11 @@ public: // from a given security origin to receive contents from a given URL. BLINK_PLATFORM_EXPORT bool canRequest(const WebURL&) const; - // A "secure origin" as defined by [1] are those that load resources either - // from the local machine (necessarily trusted) or over the network from a - // cryptographically-authenticated server. - // - // [1] http://www.chromium.org/Home/chromium-security/security-faq#TOC-Which-origins-are-secure- - BLINK_PLATFORM_EXPORT bool canAccessFeatureRequiringSecureOrigin(WebString& errorMessage) const; + // Returns true if the origin loads resources either from the local + // machine or over the network from a + // cryptographically-authenticated origin, as described in + // https://w3c.github.io/webappsec/specs/powerfulfeatures/#is-origin-trustworthy. + BLINK_PLATFORM_EXPORT bool isPotentiallyTrustworthy(WebString& errorMessage) const; // Returns a string representation of the WebSecurityOrigin. The empty // WebSecurityOrigin is represented by "null". The representation of a -- cgit v1.1