| // Copyright 2023 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "chrome/browser/ssl/https_upgrades_util.h" |
| |
| #include "base/values.h" |
| #include "components/content_settings/core/common/content_settings_pattern.h" |
| #include "url/gurl.h" |
| |
| bool IsHostnameInAllowlist(const GURL& url, |
| const base::Value::List& allowed_hosts) { |
| // Though this is not technically a Content Setting, ContentSettingsPattern |
| // aligns better than URLMatcher with the rules from |
| // https://chromeenterprise.google/policies/url-patterns/. |
| for (const auto& value : allowed_hosts) { |
| if (!value.is_string()) { |
| continue; |
| } |
| auto pattern = ContentSettingsPattern::FromString(value.GetString()); |
| // Blanket host wildcard patterns are not allowed (matching every host), |
| // because admins should instead explicitly disable upgrades using the |
| // HttpsOnlyMode policy. |
| if (pattern.IsValid() && !pattern.MatchesAllHosts() && |
| pattern.Matches(url)) { |
| return true; |
| } |
| } |
| return false; |
| } |
