blob: 5c365475b58870861fe2f2203cc471da9765125f [file] [log] [blame]
// Copyright (c) 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "content/browser/isolated_origin_util.h"
#include "base/strings/string_util.h"
#include "net/base/registry_controlled_domains/registry_controlled_domain.h"
#include "url/gurl.h"
namespace content {
// static
bool IsolatedOriginUtil::DoesOriginMatchIsolatedOrigin(
const url::Origin& origin,
const url::Origin& isolated_origin) {
// Don't match subdomains if the isolated origin is an IP address.
if (isolated_origin.GetURL().HostIsIPAddress())
return origin == isolated_origin;
// Compare scheme and hostname, but don't compare ports - see
if (origin.scheme() != isolated_origin.scheme())
return false;
// Subdomains of an isolated origin are considered to be in the same isolated
// origin.
return origin.DomainIs(;
// static
bool IsolatedOriginUtil::IsValidIsolatedOrigin(const url::Origin& origin) {
if (origin.opaque())
return false;
// Isolated origins should have HTTP or HTTPS schemes. Hosts in other
// schemes may not be compatible with subdomain matching.
GURL origin_gurl = origin.GetURL();
if (!origin_gurl.SchemeIsHTTPOrHTTPS())
return false;
// IP addresses are allowed.
if (origin_gurl.HostIsIPAddress())
return true;
// Disallow hosts such as, which don't have a valid
// registry-controlled domain. This prevents subdomain matching from
// grouping unrelated sites on a registry into the same origin.
const bool has_registry_domain =
if (!has_registry_domain)
return false;
// For now, disallow hosts with a trailing dot.
// TODO(alexmos): Enabling this would require carefully thinking about
// whether hosts without a trailing dot should match it.
if ( == '.')
return false;
return true;
} // namespace content