OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. |
3 * Copyright (C) 2011 Google Inc. All rights reserved. | 3 * Copyright (C) 2011 Google Inc. All rights reserved. |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
7 * are met: | 7 * are met: |
8 * | 8 * |
9 * 1. Redistributions of source code must retain the above copyright | 9 * 1. Redistributions of source code must retain the above copyright |
10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
(...skipping 436 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
447 memoryCache()->remove(m_mainResource.get()); | 447 memoryCache()->remove(m_mainResource.get()); |
448 | 448 |
449 m_contentSecurityPolicy = ContentSecurityPolicy::create(); | 449 m_contentSecurityPolicy = ContentSecurityPolicy::create(); |
450 m_contentSecurityPolicy->setOverrideURLForSelf(response.url()); | 450 m_contentSecurityPolicy->setOverrideURLForSelf(response.url()); |
451 m_contentSecurityPolicy->didReceiveHeaders(ContentSecurityPolicyResponseHead
ers(response)); | 451 m_contentSecurityPolicy->didReceiveHeaders(ContentSecurityPolicyResponseHead
ers(response)); |
452 if (!m_contentSecurityPolicy->allowAncestors(m_frame, response.url())) { | 452 if (!m_contentSecurityPolicy->allowAncestors(m_frame, response.url())) { |
453 cancelLoadAfterXFrameOptionsOrCSPDenied(response); | 453 cancelLoadAfterXFrameOptionsOrCSPDenied(response); |
454 return; | 454 return; |
455 } | 455 } |
456 | 456 |
457 // 'frame-ancestors' obviates 'x-frame-options': https://w3c.github.io/webap
psec/specs/content-security-policy/#frame-ancestors-and-frame-options | |
458 if (!m_contentSecurityPolicy->isFrameAncestorsEnforced()) { | |
459 HTTPHeaderMap::const_iterator it = response.httpHeaderFields().find(HTTP
Names::X_Frame_Options); | |
460 if (it != response.httpHeaderFields().end()) { | |
461 String content = it->value; | |
462 if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, resp
onse.url(), mainResourceIdentifier())) { | |
463 String message = "Refused to display '" + response.url().elidedS
tring() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'."; | |
464 RefPtrWillBeRawPtr<ConsoleMessage> consoleMessage = ConsoleMessa
ge::create(SecurityMessageSource, ErrorMessageLevel, message); | |
465 consoleMessage->setRequestIdentifier(mainResourceIdentifier()); | |
466 frame()->document()->addConsoleMessage(consoleMessage.release())
; | |
467 | |
468 cancelLoadAfterXFrameOptionsOrCSPDenied(response); | |
469 return; | |
470 } | |
471 } | |
472 } | |
473 | |
474 ASSERT(!mainResourceLoader() || !mainResourceLoader()->defersLoading()); | 457 ASSERT(!mainResourceLoader() || !mainResourceLoader()->defersLoading()); |
475 | 458 |
476 m_response = response; | 459 m_response = response; |
477 | 460 |
478 if (isArchiveMIMEType(m_response.mimeType()) && m_mainResource->dataBufferin
gPolicy() != BufferData) | 461 if (isArchiveMIMEType(m_response.mimeType()) && m_mainResource->dataBufferin
gPolicy() != BufferData) |
479 m_mainResource->setDataBufferingPolicy(BufferData); | 462 m_mainResource->setDataBufferingPolicy(BufferData); |
480 | 463 |
481 if (!shouldContinueForResponse()) { | 464 if (!shouldContinueForResponse()) { |
482 InspectorInstrumentation::continueWithPolicyIgnore(m_frame, this, m_main
Resource->identifier(), m_response); | 465 InspectorInstrumentation::continueWithPolicyIgnore(m_frame, this, m_main
Resource->identifier(), m_response); |
483 cancelMainResourceLoad(ResourceError::cancelledError(m_request.url())); | 466 cancelMainResourceLoad(ResourceError::cancelledError(m_request.url())); |
(...skipping 359 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
843 { | 826 { |
844 m_writer = createWriterFor(ownerDocument, init, mimeType(), m_writer ? m_wri
ter->encoding() : emptyAtom, true, ForceSynchronousParsing); | 827 m_writer = createWriterFor(ownerDocument, init, mimeType(), m_writer ? m_wri
ter->encoding() : emptyAtom, true, ForceSynchronousParsing); |
845 if (!source.isNull()) | 828 if (!source.isNull()) |
846 m_writer->appendReplacingData(source); | 829 m_writer->appendReplacingData(source); |
847 endWriting(m_writer.get()); | 830 endWriting(m_writer.get()); |
848 } | 831 } |
849 | 832 |
850 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); | 833 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); |
851 | 834 |
852 } // namespace blink | 835 } // namespace blink |
OLD | NEW |