Index: Source/core/loader/cache/CachedResourceLoader.cpp |
diff --git a/Source/core/loader/cache/CachedResourceLoader.cpp b/Source/core/loader/cache/CachedResourceLoader.cpp |
index 6f1a33037b25294ae8fea1cae4247c88ef6ae961..8cd8019db18f88dd3b36505067afebaa670737ea 100644 |
--- a/Source/core/loader/cache/CachedResourceLoader.cpp |
+++ b/Source/core/loader/cache/CachedResourceLoader.cpp |
@@ -146,7 +146,7 @@ CachedResourceHandle<CachedImage> CachedResourceLoader::requestImage(CachedResou |
if (Frame* f = frame()) { |
if (f->loader()->pageDismissalEventBeingDispatched() != FrameLoader::NoDismissal) { |
KURL requestURL = request.resourceRequest().url(); |
- if (requestURL.isValid() && canRequest(CachedResource::ImageResource, requestURL)) |
+ if (requestURL.isValid() && canRequest(CachedResource::ImageResource, requestURL, String())) |
PingLoader::loadImage(f, requestURL); |
return 0; |
} |
@@ -268,7 +268,7 @@ bool CachedResourceLoader::checkInsecureContent(CachedResource::Type type, const |
return true; |
} |
-bool CachedResourceLoader::canRequest(CachedResource::Type type, const KURL& url, bool forPreload) |
+bool CachedResourceLoader::canRequest(CachedResource::Type type, const KURL& url, const String& nonce, bool forPreload) |
{ |
if (document() && !document()->securityOrigin()->canDisplay(url)) { |
if (!forPreload) |
@@ -310,11 +310,11 @@ bool CachedResourceLoader::canRequest(CachedResource::Type type, const KURL& url |
switch (type) { |
case CachedResource::XSLStyleSheet: |
- if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowScriptFromSource(url)) |
+ if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowScriptFromSource(url, nonce)) |
return false; |
break; |
case CachedResource::Script: |
- if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowScriptFromSource(url)) |
+ if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowScriptFromSource(url, nonce)) |
return false; |
if (frame()) { |
@@ -379,7 +379,8 @@ CachedResourceHandle<CachedResource> CachedResourceLoader::requestResource(Cache |
if (!url.isValid()) |
return 0; |
- if (!canRequest(type, url, request.forPreload())) |
+ const String& nonce = (request.initiatorElement() != NULL) ? request.initiatorElement()->fastGetAttribute(HTMLNames::nonceAttr) : AtomicString(); |
abarth-chromium
2013/05/14 05:58:16
Can we put this in the CachedResourceRequest inste
jww
2013/05/14 20:49:30
This is tough because there are 3 call sites for c
|
+ if (!canRequest(type, url, nonce, request.forPreload())) |
return 0; |
if (Frame* f = frame()) |