1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
content / browser / isolated_origin_util.h [blame]
// Copyright 2017 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CONTENT_BROWSER_ISOLATED_ORIGIN_UTIL_H_
#define CONTENT_BROWSER_ISOLATED_ORIGIN_UTIL_H_
#include <string>
#include <string_view>
#include "base/gtest_prod_util.h"
#include "base/strings/string_util.h"
#include "content/common/content_export.h"
#include "url/origin.h"
namespace content {
// This class holds isolated origin patterns, providing support for double
// wildcard origins, e.g. https://[*.]foo.com indicates that all domains under
// foo.com are to be treated as if they are distinct isolated
// origins. Non-wildcard origins to be isolated are also supported, e.g.
// https://bar.com.
class CONTENT_EXPORT IsolatedOriginPattern {
public:
explicit IsolatedOriginPattern(std::string_view pattern);
explicit IsolatedOriginPattern(const url::Origin& origin);
~IsolatedOriginPattern();
// Copying and moving supported.
IsolatedOriginPattern(const IsolatedOriginPattern& other);
IsolatedOriginPattern& operator=(const IsolatedOriginPattern& other);
IsolatedOriginPattern(IsolatedOriginPattern&& other);
IsolatedOriginPattern& operator=(IsolatedOriginPattern&& other);
bool operator==(const IsolatedOriginPattern& other) const {
// |pattern_| is deliberately not considered during equality comparison as
// it stores the pattern as supplied at construction time, before
// normalisation. This leads to erroneous cases of mismatch where
// IsolatedOriginPattern("foo.com") and IsolatedOriginPattern("foo.com/")
// will fail equality comparison, despite both resolving to the same origin.
return origin_ == other.origin_ &&
isolate_all_subdomains_ == other.isolate_all_subdomains_ &&
is_valid_ == other.is_valid_;
}
// Returns the url::Origin corresponding to the pattern supplied at
// construction time or via a call to Parse. In the event of parsing failure
// this oriqin will be opaque.
const url::Origin& origin() const { return origin_; }
// True if the supplied pattern was of the form https://[*.]foo.com,
// indicating all subdomains of foo.com are to be isolated.
bool isolate_all_subdomains() const { return isolate_all_subdomains_; }
// Return the original pattern used to construct this instance.
const std::string_view pattern() const { return pattern_; }
// Return if this origin is valid for isolation purposes.
bool is_valid() const { return is_valid_; }
private:
friend class ChildProcessSecurityPolicyTest;
FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyTest,
IsolatedOriginPattern);
// Checks if |pattern| is a wildcard pattern, checks the scheme is one of
// {http, https} and constructs a url::Origin() that can be retrieved if
// parsing is successful. Returns true on successful parsing.
bool Parse(const std::string_view& pattern);
std::string pattern_;
url::Origin origin_;
bool isolate_all_subdomains_;
bool is_valid_;
};
class CONTENT_EXPORT IsolatedOriginUtil {
public:
// Checks whether |origin| matches the isolated origin specified by
// |isolated_origin|. Subdomains are considered to match isolated origins,
// so this will be true if
// (1) |origin| has the same scheme, host, and port as |isolated_origin|, or
// (2) |origin| has the same scheme and port as |isolated_origin|, and its
// host is a subdomain of |isolated_origin|'s host.
// This does not consider site URLs, which don't care about port.
//
// For example, if |isolated_origin| is https://isolated.foo.com, this will
// return true if |origin| is https://isolated.foo.com or
// https://bar.isolated.foo.com, but it will return false for an |origin| of
// https://unisolated.foo.com or https://foo.com.
static bool DoesOriginMatchIsolatedOrigin(const url::Origin& origin,
const url::Origin& isolated_origin);
// Check if |origin| is a valid isolated origin. Invalid isolated origins
// include opaque origins, origins that don't have an HTTP or HTTPS scheme,
// and origins without a valid registry-controlled domain. IP addresses are
// allowed.
static bool IsValidIsolatedOrigin(const url::Origin& origin);
// Check if |origin| is a valid origin for opt-in origin isolation. Invalid
// origins for this purpose include opaque origins, origins that don't have a
// HTTP or HTTPS scheme, and origins that are not secure contexts.
static bool IsValidOriginForOptInIsolation(const url::Origin& origin);
// Check if |origin| is a valid origin for opting out of origin isolation.
// Invalid origins for this purpose include opaque origins, and origins that
// don't have a HTTP or HTTPS scheme.
static bool IsValidOriginForOptOutIsolation(const url::Origin& origin);
private:
// Used to implement both IsValidIsolatedOrigin and
// IsValidOriginForOptInIsolation. The legacy isolated origin case performs
// some additional checks that don't apply to the opt-in case: it verifies the
// origin has a registry domain (for subdomain matching) and disallows
// trailing dots in the domain.
static bool IsValidIsolatedOriginImpl(const url::Origin& origin,
bool is_legacy_isolated_origin_check);
};
} // namespace content
#endif // CONTENT_BROWSER_ISOLATED_ORIGIN_UTIL_H_