12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091 |
- /*
- * Copyright (c) 2023, Tim Flynn <trflynn89@serenityos.org>
- *
- * SPDX-License-Identifier: BSD-2-Clause
- */
- #include <AK/String.h>
- #include <AK/URL.h>
- #include <LibWeb/DOM/Document.h>
- #include <LibWeb/DOMURL/DOMURL.h>
- #include <LibWeb/HTML/Origin.h>
- #include <LibWeb/PermissionsPolicy/AutoplayAllowlist.h>
- // FIXME: This is an ad-hoc implementation of the "autoplay" policy-controlled feature:
- // https://w3c.github.io/webappsec-permissions-policy/#policy-controlled-feature
- namespace Web::PermissionsPolicy {
- AutoplayAllowlist& AutoplayAllowlist::the()
- {
- static AutoplayAllowlist filter;
- return filter;
- }
- AutoplayAllowlist::AutoplayAllowlist() = default;
- AutoplayAllowlist::~AutoplayAllowlist() = default;
- // https://w3c.github.io/webappsec-permissions-policy/#is-feature-enabled
- Decision AutoplayAllowlist::is_allowed_for_origin(DOM::Document const& document, HTML::Origin const& origin) const
- {
- // FIXME: 1. Let policy be document’s Permissions Policy
- // FIXME: 2. If policy’s inherited policy for feature is Disabled, return "Disabled".
- // 3. If feature is present in policy’s declared policy:
- if (m_allowlist.has_value()) {
- // 1. If the allowlist for feature in policy’s declared policy matches origin, then return "Enabled".
- // 2. Otherwise return "Disabled".
- return m_allowlist->visit(
- [](Global) {
- return Decision::Enabled;
- },
- [&](auto const& patterns) {
- for (auto const& pattern : patterns) {
- if (pattern.is_same_origin_domain(origin))
- return Decision::Enabled;
- }
- return Decision::Disabled;
- });
- }
- // 4. If feature’s default allowlist is *, return "Enabled".
- // 5. If feature’s default allowlist is 'self', and origin is same origin with document’s origin, return "Enabled".
- // NOTE: The "autoplay" feature's default allowlist is 'self'.
- // https://html.spec.whatwg.org/multipage/infrastructure.html#autoplay-feature
- if (origin.is_same_origin(document.origin()))
- return Decision::Enabled;
- // 6. Return "Disabled".
- return Decision::Disabled;
- }
- void AutoplayAllowlist::enable_globally()
- {
- m_allowlist = Global {};
- }
- ErrorOr<void> AutoplayAllowlist::enable_for_origins(ReadonlySpan<String> origins)
- {
- m_allowlist = Patterns {};
- auto& allowlist = m_allowlist->get<Patterns>();
- TRY(allowlist.try_ensure_capacity(origins.size()));
- for (auto const& origin : origins) {
- URL url { origin };
- if (!url.is_valid())
- url = TRY(String::formatted("https://{}", origin));
- if (!url.is_valid()) {
- dbgln("Invalid origin for autoplay allowlist: {}", origin);
- continue;
- }
- TRY(allowlist.try_append(DOMURL::url_origin(url)));
- }
- return {};
- }
- }
|