content/common/origin_util.cc - chromium/src - Git at Google

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "content/public/common/origin_util.h"

 #include "base/lazy_instance.h"
 #include "base/macros.h"
 #include "base/stl_util.h"
 #include "base/strings/pattern.h"
 #include "content/common/url_schemes.h"
 #include "services/network/public/cpp/is_potentially_trustworthy.h"
 #include "url/gurl.h"
 #include "url/url_util.h"

 namespace content {

 bool IsOriginSecure(const GURL& url) {
   // TODO(lukasza): data: URLs (and opaque origins associated with them) should
   // be considered insecure according to
   // https://www.w3.org/TR/powerful-features/#is-url-trustworthy.
   // Unfortunately, changing this behavior of content::IsOriginSecure breaks
   // quite a few tests for now (e.g. considering data: insecure makes us think
   // that https + data = mixed content), so fixing this is postponed to a
   // follow-up CL.  WIP CL @ https://crrev.com/c/1505897.
   if (url.SchemeIs(url::kDataScheme))
     return true;

   // TODO(lukasza): trustworthiness of blob: URLs should depend on their inner
   // origin (just as it does for filesystem: URLs).  Changing this behavior of
   // content::IsOriginSecure breaks some tests, so fixing this is postponed to a
   // follow-up CL.  WIP CL @ https://crrev.com/c/1506941.
   if (url.SchemeIs(url::kBlobScheme))
     return false;

   return network::IsUrlPotentiallyTrustworthy(url);
 }

 bool OriginCanAccessServiceWorkers(const GURL& url) {
   if (url.SchemeIsHTTPOrHTTPS() && IsOriginSecure(url))
     return true;

   if (base::ContainsValue(GetServiceWorkerSchemes(), url.scheme())) {
     return true;
   }

   return false;
 }

 bool IsPotentiallyTrustworthyOrigin(const url::Origin& origin) {
   return network::IsOriginPotentiallyTrustworthy(origin);
 }

 }  // namespace content
	// Copyright 2015 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "content/public/common/origin_util.h"

	#include "base/lazy_instance.h"
	#include "base/macros.h"
	#include "base/stl_util.h"
	#include "base/strings/pattern.h"
	#include "content/common/url_schemes.h"
	#include "services/network/public/cpp/is_potentially_trustworthy.h"
	#include "url/gurl.h"
	#include "url/url_util.h"

	namespace content {

	bool IsOriginSecure(const GURL& url) {
	// TODO(lukasza): data: URLs (and opaque origins associated with them) should
	// be considered insecure according to
	// https://www.w3.org/TR/powerful-features/#is-url-trustworthy.
	// Unfortunately, changing this behavior of content::IsOriginSecure breaks
	// quite a few tests for now (e.g. considering data: insecure makes us think
	// that https + data = mixed content), so fixing this is postponed to a
	// follow-up CL. WIP CL @ https://crrev.com/c/1505897.
	if (url.SchemeIs(url::kDataScheme))
	return true;

	// TODO(lukasza): trustworthiness of blob: URLs should depend on their inner
	// origin (just as it does for filesystem: URLs). Changing this behavior of
	// content::IsOriginSecure breaks some tests, so fixing this is postponed to a
	// follow-up CL. WIP CL @ https://crrev.com/c/1506941.
	if (url.SchemeIs(url::kBlobScheme))
	return false;

	return network::IsUrlPotentiallyTrustworthy(url);
	}

	bool OriginCanAccessServiceWorkers(const GURL& url) {
	if (url.SchemeIsHTTPOrHTTPS() && IsOriginSecure(url))
	return true;

	if (base::ContainsValue(GetServiceWorkerSchemes(), url.scheme())) {
	return true;
	}

	return false;
	}

	bool IsPotentiallyTrustworthyOrigin(const url::Origin& origin) {
	return network::IsOriginPotentiallyTrustworthy(origin);
	}

	} // namespace content