| alexmos | 4bc2632 | 2017-07-01 00:57:14 | [diff] [blame] | 1 | // Copyright (c) 2017 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "content/browser/isolated_origin_util.h" |
| 6 | |
| 7 | #include "base/strings/string_util.h" |
| 8 | #include "net/base/registry_controlled_domains/registry_controlled_domain.h" |
| 9 | #include "url/gurl.h" |
| 10 | |
| 11 | namespace content { |
| 12 | |
| 13 | // static |
| 14 | bool IsolatedOriginUtil::DoesOriginMatchIsolatedOrigin( |
| 15 | const url::Origin& origin, |
| 16 | const url::Origin& isolated_origin) { |
| 17 | // Don't match subdomains if the isolated origin is an IP address. |
| 18 | if (isolated_origin.GetURL().HostIsIPAddress()) |
| 19 | return origin == isolated_origin; |
| 20 | |
| 21 | if (origin.scheme() != isolated_origin.scheme()) |
| 22 | return false; |
| 23 | |
| 24 | if (origin.port() != isolated_origin.port()) |
| 25 | return false; |
| 26 | |
| 27 | // Subdomains of an isolated origin are considered to be in the same isolated |
| 28 | // origin. |
| 29 | return origin.DomainIs(isolated_origin.host()); |
| 30 | } |
| 31 | |
| 32 | // static |
| 33 | bool IsolatedOriginUtil::IsValidIsolatedOrigin(const url::Origin& origin) { |
| 34 | if (origin.unique()) |
| 35 | return false; |
| 36 | |
| 37 | // Isolated origins should have HTTP or HTTPS schemes. Hosts in other |
| 38 | // schemes may not be compatible with subdomain matching. |
| 39 | GURL origin_gurl = origin.GetURL(); |
| 40 | if (!origin_gurl.SchemeIsHTTPOrHTTPS()) |
| 41 | return false; |
| 42 | |
| 43 | // IP addresses are allowed. |
| 44 | if (origin_gurl.HostIsIPAddress()) |
| 45 | return true; |
| 46 | |
| 47 | // Disallow hosts such as http://co.uk/, which don't have a valid |
| 48 | // registry-controlled domain. This prevents subdomain matching from |
| 49 | // grouping unrelated sites on a registry into the same origin. |
| 50 | const bool has_registry_domain = |
| 51 | net::registry_controlled_domains::HostHasRegistryControlledDomain( |
| 52 | origin.host(), |
| 53 | net::registry_controlled_domains::INCLUDE_UNKNOWN_REGISTRIES, |
| 54 | net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES); |
| 55 | if (!has_registry_domain) |
| 56 | return false; |
| 57 | |
| 58 | // For now, disallow hosts with a trailing dot. |
| 59 | // TODO(alexmos): Enabling this would require carefully thinking about |
| 60 | // whether hosts without a trailing dot should match it. |
| 61 | if (origin.host().back() == '.') |
| 62 | return false; |
| 63 | |
| 64 | return true; |
| 65 | } |
| 66 | |
| 67 | } // namespace content |
