blob: 20ec53b8ec7eebf4d2a69aac5803562f708584c8 [file] [log] [blame]
/*
* Copyright (C) 2021 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
* THE POSSIBILITY OF SUCH DAMAGE.
*/
#pragma once
#include <wtf/URL.h>
#include <wtf/text/WTFString.h>
namespace WebCore {
class ContentSecurityPolicy;
class Frame;
class ResourceResponse;
class ScriptExecutionContext;
class SecurityOrigin;
struct NavigationRequester;
typedef int SandboxFlags;
// https://html.spec.whatwg.org/multipage/origin.html#cross-origin-opener-policy-value
enum class CrossOriginOpenerPolicyValue : uint8_t {
UnsafeNone,
SameOrigin,
SameOriginPlusCOEP,
SameOriginAllowPopups
};
enum class COOPDisposition : bool { Reporting , Enforce };
// https://html.spec.whatwg.org/multipage/origin.html#cross-origin-opener-policy
struct CrossOriginOpenerPolicy {
CrossOriginOpenerPolicyValue value { CrossOriginOpenerPolicyValue::UnsafeNone };
String reportingEndpoint;
CrossOriginOpenerPolicyValue reportOnlyValue { CrossOriginOpenerPolicyValue::UnsafeNone };
String reportOnlyReportingEndpoint;
const String& reportingEndpointForDisposition(COOPDisposition) const;
bool hasReportingEndpoint(COOPDisposition) const;
CrossOriginOpenerPolicy isolatedCopy() const &;
CrossOriginOpenerPolicy isolatedCopy() &&;
template<class Encoder> void encode(Encoder&) const;
template<class Decoder> static std::optional<CrossOriginOpenerPolicy> decode(Decoder&);
};
inline const String& CrossOriginOpenerPolicy::reportingEndpointForDisposition(COOPDisposition disposition) const
{
return disposition == COOPDisposition::Enforce ? reportingEndpoint : reportOnlyReportingEndpoint;
}
inline bool CrossOriginOpenerPolicy::hasReportingEndpoint(COOPDisposition disposition) const
{
return !reportingEndpointForDisposition(disposition).isEmpty();
}
inline bool operator==(const CrossOriginOpenerPolicy& a, const CrossOriginOpenerPolicy& b)
{
return a.value == b.value && a.reportingEndpoint == b.reportingEndpoint && a.reportOnlyValue == b.reportOnlyValue && a.reportOnlyReportingEndpoint == b.reportOnlyReportingEndpoint;
}
template<class Encoder>
void CrossOriginOpenerPolicy::encode(Encoder& encoder) const
{
encoder << value << reportingEndpoint << reportOnlyValue << reportOnlyReportingEndpoint;
}
template<class Decoder>
std::optional<CrossOriginOpenerPolicy> CrossOriginOpenerPolicy::decode(Decoder& decoder)
{
std::optional<CrossOriginOpenerPolicyValue> value;
decoder >> value;
if (!value)
return std::nullopt;
std::optional<String> reportingEndpoint;
decoder >> reportingEndpoint;
if (!reportingEndpoint)
return std::nullopt;
std::optional<CrossOriginOpenerPolicyValue> reportOnlyValue;
decoder >> reportOnlyValue;
if (!reportOnlyValue)
return std::nullopt;
std::optional<String> reportOnlyReportingEndpoint;
decoder >> reportOnlyReportingEndpoint;
if (!reportOnlyReportingEndpoint)
return std::nullopt;
return {{
*value,
WTFMove(*reportingEndpoint),
*reportOnlyValue,
WTFMove(*reportOnlyReportingEndpoint)
}};
}
// https://html.spec.whatwg.org/multipage/origin.html#coop-enforcement-result
struct CrossOriginOpenerPolicyEnforcementResult {
WEBCORE_EXPORT static CrossOriginOpenerPolicyEnforcementResult from(const URL& currentURL, Ref<SecurityOrigin>&& currentOrigin, const CrossOriginOpenerPolicy&, std::optional<NavigationRequester>, const URL& openerURL);
URL url;
Ref<SecurityOrigin> currentOrigin;
CrossOriginOpenerPolicy crossOriginOpenerPolicy;
bool isCurrentContextNavigationSource { true };
bool needsBrowsingContextGroupSwitch { false };
bool needsBrowsingContextGroupSwitchDueToReportOnly { false };
};
CrossOriginOpenerPolicy obtainCrossOriginOpenerPolicy(const ResourceResponse&);
WEBCORE_EXPORT void addCrossOriginOpenerPolicyHeaders(ResourceResponse&, const CrossOriginOpenerPolicy&);
WEBCORE_EXPORT std::optional<CrossOriginOpenerPolicyEnforcementResult> doCrossOriginOpenerHandlingOfResponse(const ResourceResponse&, const std::optional<NavigationRequester>&, ContentSecurityPolicy* responseCSP, SandboxFlags effectiveSandboxFlags, bool isDisplayingInitialEmptyDocument, const CrossOriginOpenerPolicyEnforcementResult& currentCoopEnforcementResult);
} // namespace WebCore
namespace WTF {
template<> struct EnumTraits<WebCore::CrossOriginOpenerPolicyValue> {
using values = EnumValues<
WebCore::CrossOriginOpenerPolicyValue,
WebCore::CrossOriginOpenerPolicyValue::UnsafeNone,
WebCore::CrossOriginOpenerPolicyValue::SameOrigin,
WebCore::CrossOriginOpenerPolicyValue::SameOriginPlusCOEP,
WebCore::CrossOriginOpenerPolicyValue::SameOriginAllowPopups
>;
};
} // namespace WTF