auto import from //depot/cupcake/@135843

1 files changed, 141 insertions, 0 deletions

diff --git a/WebCore/page/SecurityOrigin.h b/WebCore/page/SecurityOrigin.h
new file mode 100644
index 0000000..1f2624e
--- /dev/null
+++ b/WebCore/page/SecurityOrigin.h
@@ -0,0 +1,141 @@
+/*
+ * Copyright (C) 2007,2008 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef SecurityOrigin_h
+#define SecurityOrigin_h
+
+#include <wtf/RefCounted.h>
+#include <wtf/PassRefPtr.h>
+#include <wtf/Threading.h>
+
+#include "PlatformString.h"
+
+namespace WebCore {
+
+    class KURL;
+    
+    class SecurityOrigin : public ThreadSafeShared<SecurityOrigin> {
+    public:
+        static PassRefPtr<SecurityOrigin> createFromDatabaseIdentifier(const String&);
+        static PassRefPtr<SecurityOrigin> createFromString(const String&);
+        static PassRefPtr<SecurityOrigin> create(const KURL&);
+        static PassRefPtr<SecurityOrigin> createEmpty();
+
+        // Create a deep copy of this SecurityOrigin.  This method is useful
+        // when marshalling a SecurityOrigin to another thread.
+        PassRefPtr<SecurityOrigin> copy();
+
+        // Set the domain property of this security origin to newDomain.  This
+        // function does not check whether newDomain is a suffix of the current
+        // domain.  The caller is responsible for validating newDomain.
+        void setDomainFromDOM(const String& newDomain);
+        bool domainWasSetInDOM() const { return m_domainWasSetInDOM; }
+
+        String protocol() const { return m_protocol; }
+        String host() const { return m_host; }
+        String domain() const { return m_domain; }
+        unsigned short port() const { return m_port; }
+
+        // Returns true if this SecurityOrigin can script objects in the given
+        // SecurityOrigin.  For example, call this function before allowing
+        // script from one security origin to read or write objects from
+        // another SecurityOrigin.
+        bool canAccess(const SecurityOrigin*) const;
+
+        // Returns true if this SecurityOrigin can read content retrieved from
+        // the given URL.  For example, call this function before issuing
+        // XMLHttpRequests.
+        bool canRequest(const KURL&) const;
+
+        // Returns true if this SecurityOrigin can load local resources, such
+        // as images, iframes, and style sheets, and can link to local URLs.
+        // For example, call this function before creating an iframe to a
+        // file:// URL.
+        //
+        // Note: A SecurityOrigin might be allowed to load local resources
+        //       without being able to issue an XMLHttpRequest for a local URL.
+        //       To determine whether the SecurityOrigin can issue an
+        //       XMLHttpRequest for a URL, call canRequest(url).
+        bool canLoadLocalResources() const { return m_canLoadLocalResources; }
+
+        // Explicitly grant the ability to load local resources to this
+        // SecurityOrigin.
+        //
+        // Note: This method exists only to support backwards compatibility
+        //       with older versions of WebKit.
+        void grantLoadLocalResources();
+
+        bool isSecureTransitionTo(const KURL&) const;
+
+        // The local SecurityOrigin is the most privileged SecurityOrigin.
+        // The local SecurityOrigin can script any document, navigate to local
+        // resources, and can set arbitrary headers on XMLHttpRequests.
+        bool isLocal() const;
+
+        // The empty SecurityOrigin is the least privileged SecurityOrigin.
+        bool isEmpty() const;
+
+        // Convert this SecurityOrigin into a string.  The string
+        // representation of a SecurityOrigin is similar to a URL, except it
+        // lacks a path component.  The string representation does not encode
+        // the value of the SecurityOrigin's domain property.  The empty
+        // SecurityOrigin is represented with the string "null".
+        String toString() const;
+
+        // Serialize the security origin for storage in the database. This format is
+        // deprecated and should be used only for compatibility with old databases;
+        // use toString() and createFromString() instead.
+        String databaseIdentifier() const;
+
+        // This method checks for equality between SecurityOrigins, not whether
+        // one origin can access another.  It is used for hash table keys.
+        // For access checks, use canAccess().
+        // FIXME: If this method is really only useful for hash table keys, it
+        // should be refactored into SecurityOriginHash.
+        bool equal(const SecurityOrigin*) const;
+
+        // This method checks for equality, ignoring the value of document.domain
+        // (and whether it was set) but considering the host. It is used for postMessage.
+        bool isSameSchemeHostPort(const SecurityOrigin*) const;
+
+    private:
+        explicit SecurityOrigin(const KURL&);
+        explicit SecurityOrigin(const SecurityOrigin*);
+
+        String m_protocol;
+        String m_host;
+        String m_domain;
+        unsigned short m_port;
+        bool m_noAccess;
+        bool m_domainWasSetInDOM;
+        bool m_canLoadLocalResources;
+    };
+
+} // namespace WebCore
+
+#endif // SecurityOrigin_h