| OLD | NEW |
|---|
| 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome_frame/urlmon_url_request.h" | 5 #include "chrome_frame/urlmon_url_request.h" |
| 6 | 6 |
| 7 #include <wininet.h> | 7 #include <wininet.h> |
| 8 #include <urlmon.h> | 8 #include <urlmon.h> |
| 9 | 9 |
| 10 #include "base/scoped_ptr.h" | 10 #include "base/scoped_ptr.h" |
| (...skipping 479 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 490 // hosted as iframes. For NPAPI and ActiveX documents, the Initialize() | 490 // hosted as iframes. For NPAPI and ActiveX documents, the Initialize() |
| 491 // function of the PluginUrlRequest object allows them to specify how they'd | 491 // function of the PluginUrlRequest object allows them to specify how they'd |
| 492 // like requests handled. Both should set enable_frame_busting_ to true to | 492 // like requests handled. Both should set enable_frame_busting_ to true to |
| 493 // avoid CSRF attacks. Should WebKit's handling of this ever change, we will | 493 // avoid CSRF attacks. Should WebKit's handling of this ever change, we will |
| 494 // need to re-visit how and when frames are killed to better mirror a policy | 494 // need to re-visit how and when frames are killed to better mirror a policy |
| 495 // which may do something other than kill the sub-document outright. | 495 // which may do something other than kill the sub-document outright. |
| 496 | 496 |
| 497 // NOTE(slightlyoff): We don't use net::HttpResponseHeaders here because | 497 // NOTE(slightlyoff): We don't use net::HttpResponseHeaders here because |
| 498 // of lingering ICU/base_noicu issues. | 498 // of lingering ICU/base_noicu issues. |
| 499 if (enable_frame_busting_) { | 499 if (enable_frame_busting_) { |
| 500 std::string http_headers = net::HttpUtil::AssembleRawHeaders( | 500 if (http_utils::HasFrameBustingHeader(raw_headers)) { |
| 501 raw_headers.c_str(), raw_headers.length()); | |
| 502 if (http_utils::HasFrameBustingHeader(http_headers)) { | |
| 503 DLOG(ERROR) << "X-Frame-Options header other than ALLOWALL " << | 501 DLOG(ERROR) << "X-Frame-Options header other than ALLOWALL " << |
| 504 "detected, navigation canceled"; | 502 "detected, navigation canceled"; |
| 505 return E_FAIL; | 503 return E_FAIL; |
| 506 } | 504 } |
| 507 } | 505 } |
| 508 | 506 |
| 509 DLOG(INFO) << "Calling OnResponseStarted"; | 507 DLOG(INFO) << "Calling OnResponseStarted"; |
| 510 | 508 |
| 511 // Inform the delegate. | 509 // Inform the delegate. |
| 512 headers_received_ = true; | 510 headers_received_ = true; |
| (...skipping 603 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1116 privacy_entry.flags |= flags; | 1114 privacy_entry.flags |= flags; |
| 1117 privacy_entry.policy_ref = UTF8ToWide(policy_ref); | 1115 privacy_entry.policy_ref = UTF8ToWide(policy_ref); |
| 1118 } | 1116 } |
| 1119 | 1117 |
| 1120 if (fire_privacy_event && IsWindow(notification_window_)) { | 1118 if (fire_privacy_event && IsWindow(notification_window_)) { |
| 1121 PostMessage(notification_window_, WM_FIRE_PRIVACY_CHANGE_NOTIFICATION, 1, | 1119 PostMessage(notification_window_, WM_FIRE_PRIVACY_CHANGE_NOTIFICATION, 1, |
| 1122 0); | 1120 0); |
| 1123 } | 1121 } |
| 1124 } | 1122 } |
| 1125 | 1123 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1128013:
Fix ChromeFrame referrer test which was flaky due to incorrect http header pa... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/