| Index: Source/WebCore/loader/MainResourceLoader.cpp
|
| ===================================================================
|
| --- Source/WebCore/loader/MainResourceLoader.cpp (revision 96956)
|
| +++ Source/WebCore/loader/MainResourceLoader.cpp (working copy)
|
| @@ -182,6 +182,15 @@
|
|
|
| ASSERT(documentLoader()->timing()->fetchStart);
|
| if (!redirectResponse.isNull()) {
|
| + // If the redirecting url is not allowed to display content from the target origin,
|
| + // then block the redirect.
|
| + RefPtr<SecurityOrigin> redirectingOrigin = SecurityOrigin::create(redirectResponse.url());
|
| + if (!redirectingOrigin->canDisplay(newRequest.url())) {
|
| + FrameLoader::reportLocalLoadFailed(m_frame.get(), newRequest.url().string());
|
| + cancel();
|
| + return;
|
| + }
|
| +
|
| DocumentLoadTiming* documentLoadTiming = documentLoader()->timing();
|
|
|
| // Check if the redirected url is allowed to access the redirecting url's timing information.
|
|
|
Chromium Code Reviews
Issue 8198008:
Merge 96610 - Resource loader should block HTTP redirects to local resources (Closed)
Base URL: http://svn.webkit.org/repository/webkit/branches/chromium/874/