| // Copyright (c) 2012 Marshall A. Greenblatt. All rights reserved. |
| // |
| // Redistribution and use in source and binary forms, with or without |
| // modification, are permitted provided that the following conditions are |
| // met: |
| // |
| // * Redistributions of source code must retain the above copyright |
| // notice, this list of conditions and the following disclaimer. |
| // * Redistributions in binary form must reproduce the above |
| // copyright notice, this list of conditions and the following disclaimer |
| // in the documentation and/or other materials provided with the |
| // distribution. |
| // * Neither the name of Google Inc. nor the name Chromium Embedded |
| // Framework nor the names of its contributors may be used to endorse |
| // or promote products derived from this software without specific prior |
| // written permission. |
| // |
| // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
| // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
| // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
| // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| // |
| // --------------------------------------------------------------------------- |
| // |
| // The contents of this file must follow a specific format in order to |
| // support the CEF translator tool. See the translator.README.txt file in the |
| // tools directory for more information. |
| // |
| |
| #ifndef CEF_INCLUDE_CEF_ORIGIN_WHITELIST_H_ |
| #define CEF_INCLUDE_CEF_ORIGIN_WHITELIST_H_ |
| #pragma once |
| |
| #include "include/cef_base.h" |
| |
| /// |
| // Add an entry to the cross-origin access whitelist. |
| // |
| // The same-origin policy restricts how scripts hosted from different origins |
| // (scheme + domain + port) can communicate. By default, scripts can only access |
| // resources with the same origin. Scripts hosted on the HTTP and HTTPS schemes |
| // (but no other schemes) can use the "Access-Control-Allow-Origin" header to |
| // allow cross-origin requests. For example, https://source.example.com can make |
| // XMLHttpRequest requests on http://target.example.com if the |
| // http://target.example.com request returns an "Access-Control-Allow-Origin: |
| // https://source.example.com" response header. |
| // |
| // Scripts in separate frames or iframes and hosted from the same protocol and |
| // domain suffix can execute cross-origin JavaScript if both pages set the |
| // document.domain value to the same domain suffix. For example, |
| // scheme://foo.example.com and scheme://bar.example.com can communicate using |
| // JavaScript if both domains set document.domain="example.com". |
| // |
| // This method is used to allow access to origins that would otherwise violate |
| // the same-origin policy. Scripts hosted underneath the fully qualified |
| // |source_origin| URL (like http://www.example.com) will be allowed access to |
| // all resources hosted on the specified |target_protocol| and |target_domain|. |
| // If |target_domain| is non-empty and |allow_target_subdomains| if false only |
| // exact domain matches will be allowed. If |target_domain| contains a top- |
| // level domain component (like "example.com") and |allow_target_subdomains| is |
| // true sub-domain matches will be allowed. If |target_domain| is empty and |
| // |allow_target_subdomains| if true all domains and IP addresses will be |
| // allowed. |
| // |
| // This method cannot be used to bypass the restrictions on local or display |
| // isolated schemes. See the comments on CefRegisterCustomScheme for more |
| // information. |
| // |
| // This function may be called on any thread. Returns false if |source_origin| |
| // is invalid or the whitelist cannot be accessed. |
| /// |
| /*--cef(optional_param=target_domain)--*/ |
| bool CefAddCrossOriginWhitelistEntry(const CefString& source_origin, |
| const CefString& target_protocol, |
| const CefString& target_domain, |
| bool allow_target_subdomains); |
| |
| /// |
| // Remove an entry from the cross-origin access whitelist. Returns false if |
| // |source_origin| is invalid or the whitelist cannot be accessed. |
| /// |
| /*--cef(optional_param=target_domain)--*/ |
| bool CefRemoveCrossOriginWhitelistEntry(const CefString& source_origin, |
| const CefString& target_protocol, |
| const CefString& target_domain, |
| bool allow_target_subdomains); |
| |
| /// |
| // Remove all entries from the cross-origin access whitelist. Returns false if |
| // the whitelist cannot be accessed. |
| /// |
| /*--cef()--*/ |
| bool CefClearCrossOriginWhitelist(); |
| |
| #endif // CEF_INCLUDE_CEF_ORIGIN_WHITELIST_H_ |