| /* |
| * Copyright (C) 2010 Apple Inc. All Rights Reserved. |
| * |
| * Redistribution and use in source and binary forms, with or without |
| * modification, are permitted provided that the following conditions |
| * are met: |
| * 1. Redistributions of source code must retain the above copyright |
| * notice, this list of conditions and the following disclaimer. |
| * 2. Redistributions in binary form must reproduce the above copyright |
| * notice, this list of conditions and the following disclaimer in the |
| * documentation and/or other materials provided with the distribution. |
| * |
| * THIS SOFTWARE IS PROVIDED BY APPLE, INC. ``AS IS'' AND ANY |
| * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR |
| * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
| * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
| * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR |
| * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
| * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| * |
| */ |
| |
| #pragma once |
| |
| #include <wtf/HashSet.h> |
| #include <wtf/text/StringHash.h> |
| #include <wtf/text/WTFString.h> |
| |
| namespace WebCore { |
| |
| // FIXME: Make HashSet<String>::contains(StringView) work and use StringViews here. |
| using URLSchemesMap = HashSet<String, ASCIICaseInsensitiveHash>; |
| |
| class LegacySchemeRegistry { |
| public: |
| WEBCORE_EXPORT static void registerURLSchemeAsLocal(const String&); // Thread safe. |
| static void removeURLSchemeRegisteredAsLocal(const String&); // Thread safe. |
| |
| WEBCORE_EXPORT static bool shouldTreatURLSchemeAsLocal(const String&); // Thread safe. |
| WEBCORE_EXPORT static bool isBuiltinScheme(const String&); |
| |
| // Secure schemes do not trigger mixed content warnings. For example, |
| // https and data are secure schemes because they cannot be corrupted by |
| // active network attackers. |
| WEBCORE_EXPORT static void registerURLSchemeAsSecure(const String&); // Thread safe. |
| static bool shouldTreatURLSchemeAsSecure(const String&); // Thread safe. |
| |
| WEBCORE_EXPORT static void registerURLSchemeAsNoAccess(const String&); // Thread safe. |
| static bool shouldTreatURLSchemeAsNoAccess(const String&); // Thread safe. |
| |
| // Display-isolated schemes can only be displayed (in the sense of |
| // SecurityOrigin::canDisplay) by documents from the same scheme. |
| WEBCORE_EXPORT static void registerURLSchemeAsDisplayIsolated(const String&); // Thread safe. |
| static bool shouldTreatURLSchemeAsDisplayIsolated(const String&); // Thread safe. |
| |
| WEBCORE_EXPORT static void registerURLSchemeAsEmptyDocument(const String&); |
| WEBCORE_EXPORT static bool shouldLoadURLSchemeAsEmptyDocument(const String&); |
| |
| WEBCORE_EXPORT static void setDomainRelaxationForbiddenForURLScheme(bool forbidden, const String&); |
| static bool isDomainRelaxationForbiddenForURLScheme(const String&); |
| |
| // Such schemes should delegate to SecurityOrigin::canRequest for any URL |
| // passed to SecurityOrigin::canDisplay. |
| static bool canDisplayOnlyIfCanRequest(const String& scheme); // Thread safe. |
| WEBCORE_EXPORT static void registerAsCanDisplayOnlyIfCanRequest(const String& scheme); // Thread safe. |
| |
| // Schemes against which javascript: URLs should not be allowed to run (stop |
| // bookmarklets from running on sensitive pages). |
| static void registerURLSchemeAsNotAllowingJavascriptURLs(const String& scheme); |
| static bool shouldTreatURLSchemeAsNotAllowingJavascriptURLs(const String& scheme); |
| |
| // Let some schemes opt-out of Private Browsing's default behavior of prohibiting read/write |
| // access to Local Storage and Databases. |
| WEBCORE_EXPORT static void registerURLSchemeAsAllowingDatabaseAccessInPrivateBrowsing(const String& scheme); |
| static bool allowsDatabaseAccessInPrivateBrowsing(const String& scheme); |
| |
| // Allow non-HTTP schemes to be registered to allow CORS requests. |
| WEBCORE_EXPORT static void registerURLSchemeAsCORSEnabled(const String& scheme); |
| WEBCORE_EXPORT static bool shouldTreatURLSchemeAsCORSEnabled(const String& scheme); |
| WEBCORE_EXPORT static Vector<String> allURLSchemesRegisteredAsCORSEnabled(); |
| |
| // Allow resources from some schemes to load on a page, regardless of its |
| // Content Security Policy. |
| WEBCORE_EXPORT static void registerURLSchemeAsBypassingContentSecurityPolicy(const String& scheme); // Thread safe. |
| WEBCORE_EXPORT static void removeURLSchemeRegisteredAsBypassingContentSecurityPolicy(const String& scheme); // Thread safe. |
| static bool schemeShouldBypassContentSecurityPolicy(const String& scheme); // Thread safe. |
| |
| // Schemes whose responses should always be revalidated. |
| WEBCORE_EXPORT static void registerURLSchemeAsAlwaysRevalidated(const String&); |
| static bool shouldAlwaysRevalidateURLScheme(const String&); |
| |
| // Schemes whose requests should be partitioned in the cache |
| WEBCORE_EXPORT static void registerURLSchemeAsCachePartitioned(const String& scheme); // Thread safe. |
| static bool shouldPartitionCacheForURLScheme(const String& scheme); // Thread safe. |
| |
| // Schemes besides http(s) that service workers are allowed to handle |
| WEBCORE_EXPORT static void registerURLSchemeServiceWorkersCanHandle(const String& scheme); // Thread safe. |
| WEBCORE_EXPORT static bool canServiceWorkersHandleURLScheme(const String& scheme); // Thread safe. |
| static bool isServiceWorkerContainerCustomScheme(const String& scheme); // Thread safe. |
| |
| static bool isUserExtensionScheme(const String& scheme); |
| }; |
| |
| } // namespace WebCore |
