chromium/third_party/blink/renderer/platform/loader/cors/cors.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

// Copyright 2018 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef THIRD_PARTY_BLINK_RENDERER_PLATFORM_LOADER_CORS_CORS_H_
#define THIRD_PARTY_BLINK_RENDERER_PLATFORM_LOADER_CORS_CORS_H_

#include "services/network/public/cpp/cors/cors_error_status.h"
#include "services/network/public/mojom/cors.mojom-blink-forward.h"
#include "services/network/public/mojom/fetch_api.mojom-blink-forward.h"
#include "third_party/blink/public/mojom/fetch/fetch_api_request.mojom-blink-forward.h"
#include "third_party/blink/renderer/platform/network/http_header_set.h"
#include "third_party/blink/renderer/platform/platform_export.h"
#include "third_party/blink/renderer/platform/wtf/text/wtf_string.h"
#include "third_party/blink/renderer/platform/wtf/vector.h"

namespace blink {

class HTTPHeaderMap;
class KURL;
class ResourceResponse;
class SecurityOrigin;

enum class CorsFlag : uint8_t {
  Unset,
  Set,
};

// CORS related utility functions.
namespace cors {

// Thin wrapper functions below are for calling ::network::cors functions from
// Blink core.
PLATFORM_EXPORT bool IsCorsEnabledRequestMode(network::mojom::RequestMode);
PLATFORM_EXPORT bool IsCorsSafelistedMethod(const String& method);
PLATFORM_EXPORT bool IsCorsSafelistedContentType(const String&);
PLATFORM_EXPORT bool IsNoCorsSafelistedHeader(const String& name,
                                              const String& value);
PLATFORM_EXPORT bool IsPrivilegedNoCorsHeaderName(const String& name);
PLATFORM_EXPORT bool IsNoCorsSafelistedHeaderName(const String& name);
PLATFORM_EXPORT Vector<String> PrivilegedNoCorsHeaderNames();
PLATFORM_EXPORT bool IsForbiddenRequestHeader(const String& name,
                                              const String& value);
PLATFORM_EXPORT bool ContainsOnlyCorsSafelistedHeaders(const HTTPHeaderMap&);

PLATFORM_EXPORT bool IsOkStatus(int status);

// Calculates and returns the CORS flag used in several "fetch" algorithms in
// https://fetch.spec.whatwg.org/. This function is corresponding to the CORS
// flag setting logic in https://fetch.spec.whatwg.org/#main-fetch.
// This function can return true even when |request_mode| is |kSameOrigin|.
// |origin| must not be nullptr when |request_mode| is neither |kNoCors| nor
// |kNavigate|.
// This should be identical to CalculateCorsFlag defined in
// //services/network/cors/cors_url_loader.cc.
PLATFORM_EXPORT bool CalculateCorsFlag(
    const KURL& url,
    const SecurityOrigin* initiator_origin,
    const SecurityOrigin* isolated_world_origin,
    network::mojom::RequestMode request_mode);

PLATFORM_EXPORT HTTPHeaderSet
ExtractCorsExposedHeaderNamesList(network::mojom::CredentialsMode,
                                  const ResourceResponse&);

PLATFORM_EXPORT bool IsCorsSafelistedResponseHeader(const String&);

// Checks whether request mode 'no-cors' is allowed for a certain context.
PLATFORM_EXPORT bool IsNoCorsAllowedContext(mojom::blink::RequestContextType);

}  // namespace cors

}  // namespace blink

#endif  // THIRD_PARTY_BLINK_RENDERER_PLATFORM_LOADER_CORS_CORS_H_