1 /*

     2  * Copyright (C) 2009 Google Inc. All rights reserved.

     3  *

     4  * Redistribution and use in source and binary forms, with or without

     5  * modification, are permitted provided that the following conditions are

     6  * met:

     7  *

     8  *     * Redistributions of source code must retain the above copyright

     9  * notice, this list of conditions and the following disclaimer.

    10  *     * Redistributions in binary form must reproduce the above

    11  * copyright notice, this list of conditions and the following disclaimer

    12  * in the documentation and/or other materials provided with the

    13  * distribution.

    14  *     * Neither the name of Google Inc. nor the names of its

    15  * contributors may be used to endorse or promote products derived from

    16  * this software without specific prior written permission.

    17  *

    18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

    19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

    20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR

    21  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT

    22  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

    23  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

    24  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

    25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

    26  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

    27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

    28  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

    29  */

    30 

    31 #ifndef WebSecurityPolicy_h

    32 #define WebSecurityPolicy_h

    33 

    34 #include "WebCommon.h"

    35 

    36 namespace WebKit {

    37 

    38 class WebString;

    39 class WebURL;

    40 

    41 class WebSecurityPolicy {

    42 public:

    43     // Registers a URL scheme to be treated as a local scheme (i.e., with the

    44     // same security rules as those applied to "file" URLs).  This means that

    45     // normal pages cannot link to or access URLs of this scheme.

    46     WEBKIT_API static void registerURLSchemeAsLocal(const WebString&);

    47 

    48     // Registers a URL scheme to be treated as a noAccess scheme.  This means

    49     // that pages loaded with this URL scheme cannot access pages loaded with

    50     // any other URL scheme.

    51     WEBKIT_API static void registerURLSchemeAsNoAccess(const WebString&);

    52 

    53     // Registers a URL scheme to not generate mixed content warnings when

    54     // included by an HTTPS page.

    55     WEBKIT_API static void registerURLSchemeAsSecure(const WebString&);

    56 

    57     // Support for whitelisting access to origins beyond the same-origin policy.

    58     WEBKIT_API static void addOriginAccessWhitelistEntry(

    59         const WebURL& sourceOrigin, const WebString& destinationProtocol,

    60         const WebString& destinationHost, bool allowDestinationSubdomains);

    61     WEBKIT_API static void removeOriginAccessWhitelistEntry(

    62         const WebURL& sourceOrigin, const WebString& destinationProtocol,

    63         const WebString& destinationHost, bool allowDestinationSubdomains);

    64     WEBKIT_API static void resetOriginAccessWhitelists();

    65     

    66     // Returns whether the url should be allowed to see the referrer

    67     // based on their respective protocols.

    68     WEBKIT_API static bool shouldHideReferrer(const WebURL& url, const WebString& referrer);

    69 

    70 private:

    71     WebSecurityPolicy();

    72 };

    73 

    74 } // namespace WebKit

    75 

    76 #endif