Userland/Libraries/LibWeb/SecureContexts/AbstractOperations.cpp at master

jcs.org / serenity
fork atom
Serenity Operating System
fork atom
serenity / Userland / Libraries / LibWeb / SecureContexts / AbstractOperations.cpp
at master 76 lines 3.4 kB view raw
wrap content
Linus Groh Everywhere: Rename to_{string => deprecated_string}() where applicable 3y ago
57dc179b
 1/*
 2 * Copyright (c) 2022, Linus Groh <linusg@serenityos.org>
 3 *
 4 * SPDX-License-Identifier: BSD-2-Clause
 5 */
 6
 7#include <AK/IPv4Address.h>
 8#include <AK/IPv6Address.h>
 9#include <AK/URL.h>
10#include <LibWeb/HTML/Origin.h>
11#include <LibWeb/SecureContexts/AbstractOperations.h>
12#include <LibWeb/URL/URL.h>
13
14namespace Web::SecureContexts {
15
16// https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
17Trustworthiness is_origin_potentially_trustworthy(HTML::Origin const& origin)
18{
19    // 1. If origin is an opaque origin, return "Not Trustworthy".
20    if (origin.is_opaque())
21        return Trustworthiness::NotTrustworthy;
22
23    // 2. Assert: origin is a tuple origin.
24
25    // 3. If origin’s scheme is either "https" or "wss", return "Potentially Trustworthy".
26    // Note: This is meant to be analog to the a priori authenticated URL concept in [MIX].
27    if (origin.scheme().is_one_of("https"sv, "wss"sv))
28        return Trustworthiness::PotentiallyTrustworthy;
29
30    // 4. If origin’s host matches one of the CIDR notations 127.0.0.0/8 or ::1/128 [RFC4632], return "Potentially Trustworthy".
31    if (auto ipv4_address = IPv4Address::from_string(origin.host()); ipv4_address.has_value() && (ipv4_address->to_u32() & 0xff000000) != 0)
32        return Trustworthiness::PotentiallyTrustworthy;
33    if (auto ipv6_address = IPv6Address::from_string(origin.host()); ipv6_address.has_value() && ipv6_address->to_deprecated_string() == "::1")
34        return Trustworthiness::PotentiallyTrustworthy;
35
36    // 5. If the user agent conforms to the name resolution rules in [let-localhost-be-localhost] and one of the following is true:
37    // - origin’s host is "localhost" or "localhost."
38    // - origin’s host ends with ".localhost" or ".localhost."
39    // then return "Potentially Trustworthy".
40    // Note: See § 5.2 localhost for details on the requirements here.
41    if (origin.host().is_one_of("localhost"sv, "localhost.")
42        || origin.host().ends_with(".localhost"sv)
43        || origin.host().ends_with(".localhost."sv)) {
44        return Trustworthiness::PotentiallyTrustworthy;
45    }
46
47    // 6. If origin’s scheme is "file", return "Potentially Trustworthy".
48    if (origin.scheme() == "file"sv)
49        return Trustworthiness::PotentiallyTrustworthy;
50
51    // 7. If origin’s scheme component is one which the user agent considers to be authenticated, return "Potentially Trustworthy".
52    // Note: See § 7.1 Packaged Applications for detail here.
53
54    // 8. If origin has been configured as a trustworthy origin, return "Potentially Trustworthy".
55    // Note: See § 7.2 Development Environments for detail here.
56
57    // 9. Return "Not Trustworthy".
58    return Trustworthiness::NotTrustworthy;
59}
60
61// https://w3c.github.io/webappsec-secure-contexts/#is-url-trustworthy
62Trustworthiness is_url_potentially_trustworthy(AK::URL const& url)
63{
64    // 1. If url is "about:blank" or "about:srcdoc", return "Potentially Trustworthy".
65    if (url == "about:blank"sv || url == "about:srcdoc"sv)
66        return Trustworthiness::PotentiallyTrustworthy;
67
68    // 2. If url’s scheme is "data", return "Potentially Trustworthy".
69    if (url.scheme() == "data"sv)
70        return Trustworthiness::PotentiallyTrustworthy;
71
72    // 3. Return the result of executing § 3.1 Is origin potentially trustworthy? on url’s origin.
73    return is_origin_potentially_trustworthy(URL::url_origin(url));
74}
75
76}