1 // Copyright 2018 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "third_party/blink/renderer/core/script/fetch_client_settings_object_impl.h" 6 7 #include "third_party/blink/public/mojom/security_context/insecure_request_policy.mojom-blink.h" 8 #include "third_party/blink/renderer/core/execution_context/execution_context.h" 9 #include "third_party/blink/renderer/core/execution_context/security_context.h" 10 #include "third_party/blink/renderer/platform/runtime_enabled_features.h" 11 12 namespace blink { 13 FetchClientSettingsObjectImpl(ExecutionContext & execution_context)14FetchClientSettingsObjectImpl::FetchClientSettingsObjectImpl( 15 ExecutionContext& execution_context) 16 : execution_context_(execution_context) { 17 DCHECK(execution_context_->IsContextThread()); 18 } 19 GlobalObjectUrl() const20const KURL& FetchClientSettingsObjectImpl::GlobalObjectUrl() const { 21 DCHECK(execution_context_->IsContextThread()); 22 return execution_context_->Url(); 23 } 24 BaseUrl() const25const KURL& FetchClientSettingsObjectImpl::BaseUrl() const { 26 DCHECK(execution_context_->IsContextThread()); 27 return execution_context_->BaseURL(); 28 } 29 GetSecurityOrigin() const30const SecurityOrigin* FetchClientSettingsObjectImpl::GetSecurityOrigin() const { 31 DCHECK(execution_context_->IsContextThread()); 32 return execution_context_->GetSecurityOrigin(); 33 } 34 35 network::mojom::ReferrerPolicy GetReferrerPolicy() const36FetchClientSettingsObjectImpl::GetReferrerPolicy() const { 37 DCHECK(execution_context_->IsContextThread()); 38 return execution_context_->GetReferrerPolicy(); 39 } 40 GetOutgoingReferrer() const41const String FetchClientSettingsObjectImpl::GetOutgoingReferrer() const { 42 DCHECK(execution_context_->IsContextThread()); 43 return execution_context_->OutgoingReferrer(); 44 } 45 GetHttpsState() const46HttpsState FetchClientSettingsObjectImpl::GetHttpsState() const { 47 DCHECK(execution_context_->IsContextThread()); 48 return execution_context_->GetHttpsState(); 49 } 50 51 AllowedByNosniff::MimeTypeCheck MimeTypeCheckForClassicWorkerScript() const52FetchClientSettingsObjectImpl::MimeTypeCheckForClassicWorkerScript() const { 53 if (RuntimeEnabledFeatures::StrictMimeTypesForWorkersEnabled()) 54 return AllowedByNosniff::MimeTypeCheck::kStrict; 55 56 if (execution_context_->IsDocument()) { 57 // For worker creation on a document, don't impose strict MIME-type checks 58 // on the top-level worker script for backward compatibility. Note that 59 // there is a plan to deprecate legacy mime types for workers. See 60 // https://crbug.com/794548. 61 // 62 // For worker creation on a document with off-the-main-thread top-level 63 // worker classic script loading, this value is propagated to 64 // outsideSettings FCSO. 65 return AllowedByNosniff::MimeTypeCheck::kLaxForWorker; 66 } 67 68 // For importScripts() and nested worker top-level scripts impose the strict 69 // MIME-type checks. 70 // Nested workers is a new feature (enabled by default in M69) and there is no 71 // backward compatibility issue. 72 return AllowedByNosniff::MimeTypeCheck::kStrict; 73 } 74 GetAddressSpace() const75network::mojom::IPAddressSpace FetchClientSettingsObjectImpl::GetAddressSpace() 76 const { 77 return execution_context_->GetSecurityContext().AddressSpace(); 78 } 79 80 mojom::blink::InsecureRequestPolicy GetInsecureRequestsPolicy() const81FetchClientSettingsObjectImpl::GetInsecureRequestsPolicy() const { 82 return execution_context_->GetSecurityContext().GetInsecureRequestPolicy(); 83 } 84 85 const FetchClientSettingsObject::InsecureNavigationsSet& GetUpgradeInsecureNavigationsSet() const86FetchClientSettingsObjectImpl::GetUpgradeInsecureNavigationsSet() const { 87 return execution_context_->GetSecurityContext() 88 .InsecureNavigationsToUpgrade(); 89 } 90 Trace(Visitor * visitor)91void FetchClientSettingsObjectImpl::Trace(Visitor* visitor) { 92 visitor->Trace(execution_context_); 93 FetchClientSettingsObject::Trace(visitor); 94 } 95 96 } // namespace blink 97