chromium/third_party/blink/renderer/platform/weborigin/scheme_registry.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

/*
 * Copyright (C) 2010 Apple Inc. All Rights Reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY APPLE, INC. ``AS IS'' AND ANY
 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */

#ifndef THIRD_PARTY_BLINK_RENDERER_PLATFORM_WEBORIGIN_SCHEME_REGISTRY_H_
#define THIRD_PARTY_BLINK_RENDERER_PLATFORM_WEBORIGIN_SCHEME_REGISTRY_H_

#include "third_party/blink/renderer/platform/platform_export.h"
#include "third_party/blink/renderer/platform/wtf/allocator.h"
#include "third_party/blink/renderer/platform/wtf/hash_map.h"
#include "third_party/blink/renderer/platform/wtf/hash_set.h"
#include "third_party/blink/renderer/platform/wtf/text/string_hash.h"
#include "third_party/blink/renderer/platform/wtf/text/wtf_string.h"

namespace blink {

using URLSchemesSet = HashSet<String>;

template <typename Mapped, typename MappedTraits>
using URLSchemesMap = HashMap<String,
                              Mapped,
                              DefaultHash<String>::Hash,
                              HashTraits<String>,
                              MappedTraits>;

class PLATFORM_EXPORT SchemeRegistry {
  STATIC_ONLY(SchemeRegistry);

 public:
  static void Initialize();

  static void RegisterURLSchemeAsLocal(const String&);
  static bool ShouldTreatURLSchemeAsLocal(const String&);

  static bool ShouldTreatURLSchemeAsRestrictingMixedContent(const String&);

  // Subresources transported by secure schemes do not trigger mixed content
  // warnings. For example, https and data are secure schemes because they
  // cannot be corrupted by active network attackers.
  static void RegisterURLSchemeAsSecure(const String&);
  static bool ShouldTreatURLSchemeAsSecure(const String&);

  static bool ShouldTreatURLSchemeAsNoAccess(const String&);

  // Display-isolated schemes can only be displayed (in the sense of
  // SecurityOrigin::canDisplay) by documents from the same scheme.
  static void RegisterURLSchemeAsDisplayIsolated(const String&);
  static bool ShouldTreatURLSchemeAsDisplayIsolated(const String&);

  static bool ShouldLoadURLSchemeAsEmptyDocument(const String&);

  static void SetDomainRelaxationForbiddenForURLScheme(bool forbidden,
                                                       const String&);
  static bool IsDomainRelaxationForbiddenForURLScheme(const String&);

  // Such schemes should delegate to SecurityOrigin::canRequest for any URL
  // passed to SecurityOrigin::canDisplay.
  static bool CanDisplayOnlyIfCanRequest(const String& scheme);

  // Schemes against which javascript: URLs should not be allowed to run (stop
  // bookmarklets from running on sensitive pages).
  static void RegisterURLSchemeAsNotAllowingJavascriptURLs(
      const String& scheme);
  static void RemoveURLSchemeAsNotAllowingJavascriptURLs(const String& scheme);
  static bool ShouldTreatURLSchemeAsNotAllowingJavascriptURLs(
      const String& scheme);

  static bool ShouldTreatURLSchemeAsCorsEnabled(const String& scheme);

  // Serialize the registered schemes in a comma-separated list.
  static String ListOfCorsEnabledURLSchemes();

  // "Legacy" schemes (e.g. 'ftp:', 'gopher:') which we might want to treat
  // differently from "webby" schemes.
  static bool ShouldTreatURLSchemeAsLegacy(const String& scheme);

  // Does the scheme represent a location relevant to web compatibility metrics?
  static bool ShouldTrackUsageMetricsForScheme(const String& scheme);

  // Schemes that can register a service worker.
  static void RegisterURLSchemeAsAllowingServiceWorkers(const String& scheme);
  static bool ShouldTreatURLSchemeAsAllowingServiceWorkers(
      const String& scheme);

  // HTTP-like schemes that are treated as supporting the Fetch API.
  static void RegisterURLSchemeAsSupportingFetchAPI(const String& scheme);
  static bool ShouldTreatURLSchemeAsSupportingFetchAPI(const String& scheme);

  // Schemes which override the first-/third-party checks on a Document.
  static void RegisterURLSchemeAsFirstPartyWhenTopLevel(const String& scheme);
  static void RemoveURLSchemeAsFirstPartyWhenTopLevel(const String& scheme);
  static bool ShouldTreatURLSchemeAsFirstPartyWhenTopLevel(
      const String& scheme);

  // Schemes that can be used in a referrer.
  static void RegisterURLSchemeAsAllowedForReferrer(const String& scheme);
  static void RemoveURLSchemeAsAllowedForReferrer(const String& scheme);
  static bool ShouldTreatURLSchemeAsAllowedForReferrer(const String& scheme);

  // Allow resources from some schemes to load on a page, regardless of its
  // Content Security Policy.
  enum PolicyAreas : uint32_t {
    kPolicyAreaNone = 0,
    kPolicyAreaImage = 1 << 0,
    kPolicyAreaStyle = 1 << 1,
    // Add more policy areas as needed by clients.
    kPolicyAreaAll = ~static_cast<uint32_t>(0),
  };
  static void RegisterURLSchemeAsBypassingContentSecurityPolicy(
      const String& scheme,
      PolicyAreas = kPolicyAreaAll);
  static void RemoveURLSchemeRegisteredAsBypassingContentSecurityPolicy(
      const String& scheme);
  static bool SchemeShouldBypassContentSecurityPolicy(
      const String& scheme,
      PolicyAreas = kPolicyAreaAll);

  // Schemes which bypass Secure Context checks defined in
  // https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
  static void RegisterURLSchemeBypassingSecureContextCheck(
      const String& scheme);
  static bool SchemeShouldBypassSecureContextCheck(const String& scheme);

  // Schemes that can use 'wasm-eval'.
  static void RegisterURLSchemeAsAllowingWasmEvalCSP(const String& scheme);
  static bool SchemeSupportsWasmEvalCSP(const String& scheme);

 private:
  static const URLSchemesSet& LocalSchemes();
};

}  // namespace blink

#endif  // THIRD_PARTY_BLINK_RENDERER_PLATFORM_WEBORIGIN_SCHEME_REGISTRY_H_