OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. |
3 * Copyright (C) 2011 Google Inc. All rights reserved. | 3 * Copyright (C) 2011 Google Inc. All rights reserved. |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
7 * are met: | 7 * are met: |
8 * | 8 * |
9 * 1. Redistributions of source code must retain the above copyright | 9 * 1. Redistributions of source code must retain the above copyright |
10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
(...skipping 438 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
449 memoryCache()->remove(m_mainResource.get()); | 449 memoryCache()->remove(m_mainResource.get()); |
450 | 450 |
451 m_contentSecurityPolicy = ContentSecurityPolicy::create(); | 451 m_contentSecurityPolicy = ContentSecurityPolicy::create(); |
452 m_contentSecurityPolicy->setOverrideURLForSelf(response.url()); | 452 m_contentSecurityPolicy->setOverrideURLForSelf(response.url()); |
453 m_contentSecurityPolicy->didReceiveHeaders(ContentSecurityPolicyResponseHead
ers(response)); | 453 m_contentSecurityPolicy->didReceiveHeaders(ContentSecurityPolicyResponseHead
ers(response)); |
454 if (!m_contentSecurityPolicy->allowAncestors(m_frame, response.url())) { | 454 if (!m_contentSecurityPolicy->allowAncestors(m_frame, response.url())) { |
455 cancelLoadAfterXFrameOptionsOrCSPDenied(response); | 455 cancelLoadAfterXFrameOptionsOrCSPDenied(response); |
456 return; | 456 return; |
457 } | 457 } |
458 | 458 |
459 // 'frame-ancestors' obviates 'x-frame-options': https://w3c.github.io/webap
psec/specs/content-security-policy/#frame-ancestors-and-frame-options | |
460 if (!m_contentSecurityPolicy->isFrameAncestorsEnforced()) { | |
461 HTTPHeaderMap::const_iterator it = response.httpHeaderFields().find(HTTP
Names::X_Frame_Options); | |
462 if (it != response.httpHeaderFields().end()) { | |
463 String content = it->value; | |
464 if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, resp
onse.url(), mainResourceIdentifier())) { | |
465 String message = "Refused to display '" + response.url().elidedS
tring() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'."; | |
466 RefPtrWillBeRawPtr<ConsoleMessage> consoleMessage = ConsoleMessa
ge::create(SecurityMessageSource, ErrorMessageLevel, message); | |
467 consoleMessage->setRequestIdentifier(mainResourceIdentifier()); | |
468 frame()->document()->addConsoleMessage(consoleMessage.release())
; | |
469 | |
470 cancelLoadAfterXFrameOptionsOrCSPDenied(response); | |
471 return; | |
472 } | |
473 } | |
474 } | |
475 | |
476 ASSERT(!mainResourceLoader() || !mainResourceLoader()->defersLoading()); | 459 ASSERT(!mainResourceLoader() || !mainResourceLoader()->defersLoading()); |
477 | 460 |
478 m_response = response; | 461 m_response = response; |
479 | 462 |
480 if (isArchiveMIMEType(m_response.mimeType()) && m_mainResource->dataBufferin
gPolicy() != BufferData) | 463 if (isArchiveMIMEType(m_response.mimeType()) && m_mainResource->dataBufferin
gPolicy() != BufferData) |
481 m_mainResource->setDataBufferingPolicy(BufferData); | 464 m_mainResource->setDataBufferingPolicy(BufferData); |
482 | 465 |
483 if (!shouldContinueForResponse()) { | 466 if (!shouldContinueForResponse()) { |
484 InspectorInstrumentation::continueWithPolicyIgnore(m_frame, this, m_main
Resource->identifier(), m_response); | 467 InspectorInstrumentation::continueWithPolicyIgnore(m_frame, this, m_main
Resource->identifier(), m_response); |
485 cancelMainResourceLoad(ResourceError::cancelledError(m_request.url())); | 468 cancelMainResourceLoad(ResourceError::cancelledError(m_request.url())); |
(...skipping 359 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
845 { | 828 { |
846 m_writer = createWriterFor(ownerDocument, init, mimeType(), m_writer ? m_wri
ter->encoding() : emptyAtom, true, ForceSynchronousParsing); | 829 m_writer = createWriterFor(ownerDocument, init, mimeType(), m_writer ? m_wri
ter->encoding() : emptyAtom, true, ForceSynchronousParsing); |
847 if (!source.isNull()) | 830 if (!source.isNull()) |
848 m_writer->appendReplacingData(source); | 831 m_writer->appendReplacingData(source); |
849 endWriting(m_writer.get()); | 832 endWriting(m_writer.get()); |
850 } | 833 } |
851 | 834 |
852 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); | 835 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); |
853 | 836 |
854 } // namespace blink | 837 } // namespace blink |
OLD | NEW |