0
|
1 |
/*
|
|
2 |
* Copyright (C) 2009 Google Inc. All rights reserved.
|
|
3 |
*
|
|
4 |
* Redistribution and use in source and binary forms, with or without
|
|
5 |
* modification, are permitted provided that the following conditions are
|
|
6 |
* met:
|
|
7 |
*
|
|
8 |
* * Redistributions of source code must retain the above copyright
|
|
9 |
* notice, this list of conditions and the following disclaimer.
|
|
10 |
* * Redistributions in binary form must reproduce the above
|
|
11 |
* copyright notice, this list of conditions and the following disclaimer
|
|
12 |
* in the documentation and/or other materials provided with the
|
|
13 |
* distribution.
|
|
14 |
* * Neither the name of Google Inc. nor the names of its
|
|
15 |
* contributors may be used to endorse or promote products derived from
|
|
16 |
* this software without specific prior written permission.
|
|
17 |
*
|
|
18 |
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
19 |
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
20 |
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
21 |
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
22 |
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
23 |
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
24 |
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
25 |
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
26 |
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
27 |
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
28 |
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
29 |
*/
|
|
30 |
|
|
31 |
#include "config.h"
|
|
32 |
#include "OriginAccessEntry.h"
|
|
33 |
|
|
34 |
#include "SecurityOrigin.h"
|
|
35 |
|
|
36 |
namespace WebCore {
|
|
37 |
|
|
38 |
OriginAccessEntry::OriginAccessEntry(const String& protocol, const String& host, SubdomainSetting subdomainSetting)
|
|
39 |
: m_protocol(protocol.lower())
|
|
40 |
, m_host(host.lower())
|
|
41 |
, m_subdomainSettings(subdomainSetting)
|
|
42 |
{
|
|
43 |
ASSERT(m_protocol == "http" || m_protocol == "https");
|
|
44 |
ASSERT(subdomainSetting == AllowSubdomains || subdomainSetting == DisallowSubdomains);
|
|
45 |
|
|
46 |
// Assume that any host that ends with a digit is trying to be an IP address.
|
|
47 |
m_hostIsIPAddress = !m_host.isEmpty() && isASCIIDigit(m_host[m_host.length() - 1]);
|
|
48 |
}
|
|
49 |
|
|
50 |
bool OriginAccessEntry::matchesOrigin(const SecurityOrigin& origin) const
|
|
51 |
{
|
|
52 |
ASSERT(origin.host() == origin.host().lower());
|
|
53 |
ASSERT(origin.protocol() == origin.protocol().lower());
|
|
54 |
|
|
55 |
if (m_protocol != origin.protocol())
|
|
56 |
return false;
|
|
57 |
|
|
58 |
// Special case: Include subdomains and empty host means "all hosts, including ip addresses".
|
|
59 |
if (m_subdomainSettings == AllowSubdomains && m_host.isEmpty())
|
|
60 |
return true;
|
|
61 |
|
|
62 |
// Exact match.
|
|
63 |
if (m_host == origin.host())
|
|
64 |
return true;
|
|
65 |
|
|
66 |
// Otherwise we can only match if we're matching subdomains.
|
|
67 |
if (m_subdomainSettings == DisallowSubdomains)
|
|
68 |
return false;
|
|
69 |
|
|
70 |
// Don't try to do subdomain matching on IP addresses.
|
|
71 |
if (m_hostIsIPAddress)
|
|
72 |
return false;
|
|
73 |
|
|
74 |
// Match subdomains.
|
|
75 |
if (origin.host().length() > m_host.length() && origin.host()[origin.host().length() - m_host.length() - 1] == '.' && origin.host().endsWith(m_host))
|
|
76 |
return true;
|
|
77 |
|
|
78 |
return false;
|
|
79 |
}
|
|
80 |
|
|
81 |
} // namespace WebCore
|