Index: third_party/WebKit/Source/core/loader/DocumentLoader.cpp |
diff --git a/third_party/WebKit/Source/core/loader/DocumentLoader.cpp b/third_party/WebKit/Source/core/loader/DocumentLoader.cpp |
index 074398824ef02635387beee3cf6a43ae4b6ae920..d8daff758f0b6461436a1714212f49c75edcd233 100644 |
--- a/third_party/WebKit/Source/core/loader/DocumentLoader.cpp |
+++ b/third_party/WebKit/Source/core/loader/DocumentLoader.cpp |
@@ -456,23 +456,6 @@ void DocumentLoader::responseReceived(Resource* resource, const ResourceResponse |
return; |
} |
- // 'frame-ancestors' obviates 'x-frame-options': https://w3c.github.io/webappsec/specs/content-security-policy/#frame-ancestors-and-frame-options |
- if (!m_contentSecurityPolicy->isFrameAncestorsEnforced()) { |
- HTTPHeaderMap::const_iterator it = response.httpHeaderFields().find(HTTPNames::X_Frame_Options); |
- if (it != response.httpHeaderFields().end()) { |
- String content = it->value; |
- if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, response.url(), mainResourceIdentifier())) { |
- String message = "Refused to display '" + response.url().elidedString() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'."; |
- RefPtrWillBeRawPtr<ConsoleMessage> consoleMessage = ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, message); |
- consoleMessage->setRequestIdentifier(mainResourceIdentifier()); |
- frame()->document()->addConsoleMessage(consoleMessage.release()); |
- |
- cancelLoadAfterXFrameOptionsOrCSPDenied(response); |
- return; |
- } |
- } |
- } |
- |
ASSERT(!mainResourceLoader() || !mainResourceLoader()->defersLoading()); |
m_response = response; |