content/browser/isolated_origin_util.h

// Copyright 2017 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CONTENT_BROWSER_ISOLATED_ORIGIN_UTIL_H_
#define CONTENT_BROWSER_ISOLATED_ORIGIN_UTIL_H_

#include <string>
#include <string_view>

#include "base/gtest_prod_util.h"
#include "content/common/content_export.h"
#include "url/origin.h"

namespace content {

// This class holds isolated origin patterns, providing support for double
// wildcard origins, e.g. https://[*.]foo.com indicates that all domains under
// foo.com are to be treated as if they are distinct isolated
// origins. Non-wildcard origins to be isolated are also supported, e.g.
// https://bar.com.
class CONTENT_EXPORT IsolatedOriginPattern {
 public:
  explicit IsolatedOriginPattern(std::string_view pattern);
  explicit IsolatedOriginPattern(const url::Origin& origin);
  ~IsolatedOriginPattern();

  // Copying and moving supported.
  IsolatedOriginPattern(const IsolatedOriginPattern& other);
  IsolatedOriginPattern& operator=(const IsolatedOriginPattern& other);

  IsolatedOriginPattern(IsolatedOriginPattern&& other);
  IsolatedOriginPattern& operator=(IsolatedOriginPattern&& other);

  bool operator==(const IsolatedOriginPattern& other) const {
    // |pattern_| is deliberately not considered during equality comparison as
    // it stores the pattern as supplied at construction time, before
    // normalisation. This leads to erroneous cases of mismatch where
    // IsolatedOriginPattern("foo.com") and IsolatedOriginPattern("foo.com/")
    // will fail equality comparison, despite both resolving to the same origin.
    return origin_ == other.origin_ &&
           isolate_all_subdomains_ == other.isolate_all_subdomains_ &&
           is_valid_ == other.is_valid_;
  }

  // Returns the url::Origin corresponding to the pattern supplied at
  // construction time or via a call to Parse. In the event of parsing failure
  // this oriqin will be opaque.
  const url::Origin& origin() const { return origin_; }

  // True if the supplied pattern was of the form https://[*.]foo.com,
  // indicating all subdomains of foo.com are to be isolated.
  bool isolate_all_subdomains() const { return isolate_all_subdomains_; }

  // Return the original pattern used to construct this instance.
  const std::string_view pattern() const { return pattern_; }

  // Return if this origin is valid for isolation purposes.
  bool is_valid() const { return is_valid_; }

 private:
  friend class ChildProcessSecurityPolicyTest;
  FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyTest,
                           IsolatedOriginPattern);

  // Checks if |pattern| is a wildcard pattern, checks the scheme is one of
  // {http, https} and constructs a url::Origin() that can be retrieved if
  // parsing is successful. Returns true on successful parsing.
  bool Parse(const std::string_view& pattern);

  std::string pattern_;
  url::Origin origin_;
  bool isolate_all_subdomains_;
  bool is_valid_;
};

class CONTENT_EXPORT IsolatedOriginUtil {
 public:
  // Checks whether |origin| matches the isolated origin specified by
  // |isolated_origin|.  Subdomains are considered to match isolated origins,
  // so this will be true if
  // (1) |origin| has the same scheme, host, and port as |isolated_origin|, or
  // (2) |origin| has the same scheme and port as |isolated_origin|, and its
  //     host is a subdomain of |isolated_origin|'s host.
  // This does not consider site URLs, which don't care about port.
  //
  // For example, if |isolated_origin| is https://isolated.foo.com, this will
  // return true if |origin| is https://isolated.foo.com or
  // https://bar.isolated.foo.com, but it will return false for an |origin| of
  // https://unisolated.foo.com or https://foo.com.
  static bool DoesOriginMatchIsolatedOrigin(const url::Origin& origin,
                                            const url::Origin& isolated_origin);

  // Check if |origin| is a valid isolated origin.  Invalid isolated origins
  // include opaque origins, origins that don't have an HTTP or HTTPS scheme,
  // and origins without a valid registry-controlled domain.  IP addresses are
  // allowed.
  static bool IsValidIsolatedOrigin(const url::Origin& origin);

  // Check if |origin| is a valid origin for opt-in origin isolation. Invalid
  // origins for this purpose include opaque origins, origins that don't have a
  // HTTP or HTTPS scheme, and origins that are not secure contexts.
  static bool IsValidOriginForOptInIsolation(const url::Origin& origin);

  // Check if |origin| is a valid origin for opting out of origin isolation.
  // Invalid origins for this purpose include opaque origins, and origins that
  // don't have a HTTP or HTTPS scheme.
  static bool IsValidOriginForOptOutIsolation(const url::Origin& origin);

 private:
  // Used to implement both IsValidIsolatedOrigin and
  // IsValidOriginForOptInIsolation. The legacy isolated origin case performs
  // some additional checks that don't apply to the opt-in case: it verifies the
  // origin has a registry domain (for subdomain matching) and disallows
  // trailing dots in the domain.
  static bool IsValidIsolatedOriginImpl(const url::Origin& origin,
                                        bool is_legacy_isolated_origin_check);
};

}  // namespace content

#endif  // CONTENT_BROWSER_ISOLATED_ORIGIN_UTIL_H_