SecurityOrigin.cpp [plain text]
#include "config.h"
#include "SecurityOrigin.h"
#include "Document.h"
#include "Frame.h"
#include "FrameLoader.h"
#include "FrameTree.h"
#include "KURL.h"
#include "PlatformString.h"
namespace WebCore {
SecurityOrigin::SecurityOrigin()
: m_port(0)
, m_portSet(false)
, m_noAccess(false)
, m_domainWasSetInDOM(false)
{
}
void SecurityOrigin::clear()
{
m_protocol = String();
m_host = String();
m_port = 0;
m_portSet = false;
m_noAccess = false;
m_domainWasSetInDOM = false;
}
bool SecurityOrigin::isEmpty() const
{
return m_protocol.isEmpty();
}
void SecurityOrigin::setForFrame(Frame* frame)
{
clear();
FrameLoader* loader = frame->loader();
const KURL& securityPolicyURL = loader->url();
if (!securityPolicyURL.isEmpty()) {
m_protocol = securityPolicyURL.protocol().lower();
m_host = securityPolicyURL.host().lower();
m_port = securityPolicyURL.port();
if (m_port)
m_portSet = true;
if (m_protocol == "data") {
m_noAccess = true;
return;
}
if (m_protocol != "about")
return;
}
Frame* openerFrame = frame->tree()->parent();
if (!openerFrame) {
openerFrame = loader->opener();
if (!openerFrame)
return;
}
Document* openerDocument = openerFrame->document();
if (!openerDocument)
return;
*this = openerDocument->securityOrigin();
}
void SecurityOrigin::setDomainFromDOM(const String& newDomain)
{
m_domainWasSetInDOM = true;
m_host = newDomain.lower();
}
bool SecurityOrigin::canAccess(const SecurityOrigin& other) const
{
if (m_protocol == "file")
return true;
if (m_noAccess || other.m_noAccess)
return false;
if (m_domainWasSetInDOM && other.m_domainWasSetInDOM && m_host == other.m_host)
return true;
return m_host == other.m_host && m_protocol == other.m_protocol && m_port == other.m_port;
}
bool SecurityOrigin::isSecureTransitionTo(const KURL& url) const
{
if (isEmpty())
return true;
if (m_protocol == "file")
return true;
return equalIgnoringCase(m_host, String(url.host())) && equalIgnoringCase(m_protocol, String(url.protocol())) && m_port == url.port();
}
}