#pragma once
#include <memory>
#include <wtf/Forward.h>
#include <wtf/OptionSet.h>
#include <wtf/RefPtr.h>
namespace WebCore {
class SecurityOrigin;
class SecurityOriginPolicy;
class ContentSecurityPolicy;
enum SandboxFlag {
SandboxNone = 0,
SandboxNavigation = 1,
SandboxPlugins = 1 << 1,
SandboxOrigin = 1 << 2,
SandboxForms = 1 << 3,
SandboxScripts = 1 << 4,
SandboxTopNavigation = 1 << 5,
SandboxPopups = 1 << 6, SandboxAutomaticFeatures = 1 << 7,
SandboxPointerLock = 1 << 8,
SandboxPropagatesToAuxiliaryBrowsingContexts = 1 << 9,
SandboxTopNavigationByUserActivation = 1 << 10,
SandboxDocumentDomain = 1 << 11,
SandboxModals = 1 << 12,
SandboxStorageAccessByUserActivation = 1 << 13,
SandboxAll = -1 };
typedef int SandboxFlags;
class SecurityContext {
public:
SandboxFlags sandboxFlags() const { return m_sandboxFlags; }
ContentSecurityPolicy* contentSecurityPolicy() { return m_contentSecurityPolicy.get(); }
bool isSecureTransitionTo(const URL&) const;
void enforceSandboxFlags(SandboxFlags mask);
bool isSandboxed(SandboxFlags mask) const { return m_sandboxFlags & mask; }
SecurityOriginPolicy* securityOriginPolicy() const { return m_securityOriginPolicy.get(); }
void setSecurityOriginPolicy(RefPtr<SecurityOriginPolicy>&&);
void setContentSecurityPolicy(std::unique_ptr<ContentSecurityPolicy>&&);
WEBCORE_EXPORT SecurityOrigin* securityOrigin() const;
static SandboxFlags parseSandboxPolicy(const String& policy, String& invalidTokensErrorMessage);
static bool isSupportedSandboxPolicy(StringView);
enum MixedContentType {
Inactive = 1 << 0,
Active = 1 << 1,
};
bool usedLegacyTLS() const { return m_usedLegacyTLS; }
void setUsedLegacyTLS(bool used) { m_usedLegacyTLS = used; }
const OptionSet<MixedContentType>& foundMixedContent() const { return m_mixedContentTypes; }
void setFoundMixedContent(MixedContentType type) { m_mixedContentTypes.add(type); }
bool geolocationAccessed() const { return m_geolocationAccessed; }
void setGeolocationAccessed() { m_geolocationAccessed = true; }
bool secureCookiesAccessed() const { return m_secureCookiesAccessed; }
void setSecureCookiesAccessed() { m_secureCookiesAccessed = true; }
bool isStrictMixedContentMode() const { return m_isStrictMixedContentMode; }
void setStrictMixedContentMode(bool strictMixedContentMode) { m_isStrictMixedContentMode = strictMixedContentMode; }
virtual bool isSecureContext() const = 0;
protected:
SecurityContext();
virtual ~SecurityContext();
void disableSandboxFlags(SandboxFlags mask) { m_sandboxFlags &= ~mask; }
void didFailToInitializeSecurityOrigin() { m_haveInitializedSecurityOrigin = false; }
bool haveInitializedSecurityOrigin() const { return m_haveInitializedSecurityOrigin; }
private:
RefPtr<SecurityOriginPolicy> m_securityOriginPolicy;
std::unique_ptr<ContentSecurityPolicy> m_contentSecurityPolicy;
SandboxFlags m_sandboxFlags { SandboxNone };
OptionSet<MixedContentType> m_mixedContentTypes;
bool m_haveInitializedSecurityOrigin { false };
bool m_geolocationAccessed { false };
bool m_secureCookiesAccessed { false };
bool m_isStrictMixedContentMode { false };
bool m_usedLegacyTLS { false };
};
}