diff options
Diffstat (limited to 'chromium/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.h')
-rw-r--r-- | chromium/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.h | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/chromium/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.h b/chromium/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.h index f3db0976b27..9b903ad7dfa 100644 --- a/chromium/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.h +++ b/chromium/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.h @@ -113,6 +113,13 @@ public: // display content from the user's files system. bool canDisplay(const KURL&) const; + // A "secure origin" as defined by [1] are those that load resources either + // from the local machine (necessarily trusted) or over the network from a + // cryptographically-authenticated server. + // + // [1] http://www.chromium.org/Home/chromium-security/security-faq#TOC-Which-origins-are-secure- + bool canAccessFeatureRequiringSecureOrigin() const; + // Returns true if this SecurityOrigin can load local resources, such // as images, iframes, and style sheets, and can link to local URLs. // For example, call this function before creating an iframe to a @@ -131,7 +138,7 @@ public: // with older versions of WebKit. void grantLoadLocalResources(); - // Explicitly grant the ability to access very other SecurityOrigin. + // Explicitly grant the ability to access every other SecurityOrigin. // // WARNING: This is an extremely powerful ability. Use with caution! void grantUniversalAccess(); @@ -154,6 +161,9 @@ public: // resources, and can set arbitrary headers on XMLHttpRequests. bool isLocal() const; + // Returns true if the host is one of 127.0.0.1/8, ::1/128, or "localhost". + bool isLocalhost() const; + // The origin is a globally unique identifier assigned when the Document is // created. http://www.whatwg.org/specs/web-apps/current-work/#sandboxOrigin // @@ -178,17 +188,12 @@ public: // SecurityOrigin might be empty, or we might have explicitly decided that // we shouldTreatURLSchemeAsNoAccess. String toString() const; + AtomicString toAtomicString() const; // Similar to toString(), but does not take into account any factors that // could make the string return "null". String toRawString() const; - - // This method checks for equality between SecurityOrigins, not whether - // one origin can access another. It is used for hash table keys. - // For access checks, use canAccess(). - // FIXME: If this method is really only useful for hash table keys, it - // should be refactored into SecurityOriginHash. - bool equal(const SecurityOrigin*) const; + AtomicString toRawAtomicString() const; // This method checks for equality, ignoring the value of document.domain // (and whether it was set) but considering the host. It is used for postMessage. @@ -205,6 +210,7 @@ private: // FIXME: Rename this function to something more semantic. bool passesFileCheck(const SecurityOrigin*) const; + void buildRawString(StringBuilder&) const; String m_protocol; String m_host; |