content/public/common/origin_util.h - chromium/src - Git at Google

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CONTENT_PUBLIC_COMMON_ORIGIN_UTIL_H_
 #define CONTENT_PUBLIC_COMMON_ORIGIN_UTIL_H_

 #include "content/common/content_export.h"
 #include "url/origin.h"

 class GURL;

 namespace content {

 // Returns true if |url|'s origin is trustworthy. There are two cases:
 // a) it can be said that |url|'s contents were transferred to the browser in a
 //    way that a network attacker cannot tamper with or observe. (see
 //    https://www.w3.org/TR/powerful-features/#is-origin-trustworthy).
 // b) IsWhitelistedAsSecureOrigin(url::Origin::Create(url)) returns true.
 //
 // Note that this is not equivalent to checking if an entire site is secure
 // (i.e. no degraded security state UI is displayed to the user), since there
 // may be insecure iframes present even if this method returns true.
 bool CONTENT_EXPORT IsOriginSecure(const GURL& url);

 // Returns true if |origin| is whitelisted as secure, e.g. it was specified via
 // the --unsafely-treat-insecure-origin-as-secure flag, and false otherwise.
 bool CONTENT_EXPORT IsWhitelistedAsSecureOrigin(const url::Origin& origin);

 // Returns true if the origin can register a service worker.  Scheme must be
 // http (localhost only), https, or a custom-set secure scheme.
 bool CONTENT_EXPORT OriginCanAccessServiceWorkers(const GURL& url);

 // This is based on SecurityOrigin::isPotentiallyTrustworthy and tries to mimic
 // its behavior.
 bool CONTENT_EXPORT IsPotentiallyTrustworthyOrigin(const url::Origin& origin);

 }  // namespace content

 #endif  // CONTENT_PUBLIC_COMMON_ORIGIN_UTIL_H_
	// Copyright 2015 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CONTENT_PUBLIC_COMMON_ORIGIN_UTIL_H_
	#define CONTENT_PUBLIC_COMMON_ORIGIN_UTIL_H_

	#include "content/common/content_export.h"
	#include "url/origin.h"

	class GURL;

	namespace content {

	// Returns true if \|url\|'s origin is trustworthy. There are two cases:
	// a) it can be said that \|url\|'s contents were transferred to the browser in a
	// way that a network attacker cannot tamper with or observe. (see
	// https://www.w3.org/TR/powerful-features/#is-origin-trustworthy).
	// b) IsWhitelistedAsSecureOrigin(url::Origin::Create(url)) returns true.
	//
	// Note that this is not equivalent to checking if an entire site is secure
	// (i.e. no degraded security state UI is displayed to the user), since there
	// may be insecure iframes present even if this method returns true.
	bool CONTENT_EXPORT IsOriginSecure(const GURL& url);

	// Returns true if \|origin\| is whitelisted as secure, e.g. it was specified via
	// the --unsafely-treat-insecure-origin-as-secure flag, and false otherwise.
	bool CONTENT_EXPORT IsWhitelistedAsSecureOrigin(const url::Origin& origin);

	// Returns true if the origin can register a service worker. Scheme must be
	// http (localhost only), https, or a custom-set secure scheme.
	bool CONTENT_EXPORT OriginCanAccessServiceWorkers(const GURL& url);

	// This is based on SecurityOrigin::isPotentiallyTrustworthy and tries to mimic
	// its behavior.
	bool CONTENT_EXPORT IsPotentiallyTrustworthyOrigin(const url::Origin& origin);

	} // namespace content

	#endif // CONTENT_PUBLIC_COMMON_ORIGIN_UTIL_H_