| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "config.h" | 5 #include "config.h" |
| 6 #include "core/frame/SubresourceIntegrity.h" | 6 #include "core/frame/SubresourceIntegrity.h" |
| 7 | 7 |
| 8 #include "core/HTMLNames.h" | 8 #include "core/HTMLNames.h" |
| 9 #include "core/dom/Document.h" | 9 #include "core/dom/Document.h" |
| 10 #include "core/dom/Element.h" | 10 #include "core/dom/Element.h" |
| (...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 103 | 103 |
| 104 bool SubresourceIntegrity::CheckSubresourceIntegrity(const Element& element, con
st String& source, const KURL& resourceUrl, const Resource& resource) | 104 bool SubresourceIntegrity::CheckSubresourceIntegrity(const Element& element, con
st String& source, const KURL& resourceUrl, const Resource& resource) |
| 105 { | 105 { |
| 106 Document& document = element.document(); | 106 Document& document = element.document(); |
| 107 String attribute = element.fastGetAttribute(HTMLNames::integrityAttr); | 107 String attribute = element.fastGetAttribute(HTMLNames::integrityAttr); |
| 108 if (attribute.isEmpty()) | 108 if (attribute.isEmpty()) |
| 109 return true; | 109 return true; |
| 110 | 110 |
| 111 if (!resource.isEligibleForIntegrityCheck(document.securityOrigin())) { | 111 if (!resource.isEligibleForIntegrityCheck(document.securityOrigin())) { |
| 112 UseCounter::count(document, UseCounter::SRIElementIntegrityAttributeButI
neligible); | 112 UseCounter::count(document, UseCounter::SRIElementIntegrityAttributeButI
neligible); |
| 113 logErrorToConsole("Subresource Integrity: The resource '" + resourceUrl.
elidedString() + "' has an integrity attribute, but the resource requires the re
quest to be CORS enabled to check the integrity, and it is not. The resource has
not been blocked, but no integrity check occurred.", document); | 113 logErrorToConsole("Subresource Integrity: The resource '" + resourceUrl.
elidedString() + "' has an integrity attribute, but the resource requires the re
quest to be CORS enabled to check the integrity, and it is not. The resource has
been blocked because the integrity cannot be enforced.", document); |
| 114 return false; | 114 return false; |
| 115 } | 115 } |
| 116 | 116 |
| 117 String errorMessage; | 117 String errorMessage; |
| 118 bool result = CheckSubresourceIntegrity(attribute, source, resourceUrl, docu
ment, errorMessage); | 118 bool result = CheckSubresourceIntegrity(attribute, source, resourceUrl, docu
ment, errorMessage); |
| 119 if (!result) | 119 if (!result) |
| 120 logErrorToConsole(errorMessage, document); | 120 logErrorToConsole(errorMessage, document); |
| 121 return result; | 121 return result; |
| 122 } | 122 } |
| 123 | 123 |
| (...skipping 202 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 326 metadataList.append(integrityMetadata); | 326 metadataList.append(integrityMetadata); |
| 327 } | 327 } |
| 328 | 328 |
| 329 if (metadataList.size() == 0 && error) | 329 if (metadataList.size() == 0 && error) |
| 330 return IntegrityParseNoValidResult; | 330 return IntegrityParseNoValidResult; |
| 331 | 331 |
| 332 return IntegrityParseValidResult; | 332 return IntegrityParseValidResult; |
| 333 } | 333 } |
| 334 | 334 |
| 335 } // namespace blink | 335 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1308253004:
Fix Subresource Integrity console message for lack of CORS (Closed)
Base URL: svn://svn.chromium.org/blink/trunk