OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. |
3 * Copyright (C) 2011 Google Inc. All rights reserved. | 3 * Copyright (C) 2011 Google Inc. All rights reserved. |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
7 * are met: | 7 * are met: |
8 * | 8 * |
9 * 1. Redistributions of source code must retain the above copyright | 9 * 1. Redistributions of source code must retain the above copyright |
10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
(...skipping 439 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
450 memoryCache()->remove(m_mainResource.get()); | 450 memoryCache()->remove(m_mainResource.get()); |
451 | 451 |
452 m_contentSecurityPolicy = ContentSecurityPolicy::create(); | 452 m_contentSecurityPolicy = ContentSecurityPolicy::create(); |
453 m_contentSecurityPolicy->setOverrideURLForSelf(response.url()); | 453 m_contentSecurityPolicy->setOverrideURLForSelf(response.url()); |
454 m_contentSecurityPolicy->didReceiveHeaders(ContentSecurityPolicyResponseHead
ers(response)); | 454 m_contentSecurityPolicy->didReceiveHeaders(ContentSecurityPolicyResponseHead
ers(response)); |
455 if (!m_contentSecurityPolicy->allowAncestors(m_frame, response.url())) { | 455 if (!m_contentSecurityPolicy->allowAncestors(m_frame, response.url())) { |
456 cancelLoadAfterXFrameOptionsOrCSPDenied(response); | 456 cancelLoadAfterXFrameOptionsOrCSPDenied(response); |
457 return; | 457 return; |
458 } | 458 } |
459 | 459 |
460 // 'frame-ancestors' obviates 'x-frame-options': https://w3c.github.io/webap
psec/specs/content-security-policy/#frame-ancestors-and-frame-options | |
461 if (!m_contentSecurityPolicy->isFrameAncestorsEnforced()) { | |
462 HTTPHeaderMap::const_iterator it = response.httpHeaderFields().find(HTTP
Names::X_Frame_Options); | |
463 if (it != response.httpHeaderFields().end()) { | |
464 String content = it->value; | |
465 if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, resp
onse.url(), mainResourceIdentifier())) { | |
466 String message = "Refused to display '" + response.url().elidedS
tring() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'."; | |
467 RefPtrWillBeRawPtr<ConsoleMessage> consoleMessage = ConsoleMessa
ge::create(SecurityMessageSource, ErrorMessageLevel, message); | |
468 consoleMessage->setRequestIdentifier(mainResourceIdentifier()); | |
469 frame()->document()->addConsoleMessage(consoleMessage.release())
; | |
470 | |
471 cancelLoadAfterXFrameOptionsOrCSPDenied(response); | |
472 return; | |
473 } | |
474 } | |
475 } | |
476 | |
477 ASSERT(!mainResourceLoader() || !mainResourceLoader()->defersLoading()); | 460 ASSERT(!mainResourceLoader() || !mainResourceLoader()->defersLoading()); |
478 | 461 |
479 m_response = response; | 462 m_response = response; |
480 | 463 |
481 if (isArchiveMIMEType(m_response.mimeType()) && m_mainResource->dataBufferin
gPolicy() != BufferData) | 464 if (isArchiveMIMEType(m_response.mimeType()) && m_mainResource->dataBufferin
gPolicy() != BufferData) |
482 m_mainResource->setDataBufferingPolicy(BufferData); | 465 m_mainResource->setDataBufferingPolicy(BufferData); |
483 | 466 |
484 if (!shouldContinueForResponse()) { | 467 if (!shouldContinueForResponse()) { |
485 InspectorInstrumentation::continueWithPolicyIgnore(m_frame, this, m_main
Resource->identifier(), m_response); | 468 InspectorInstrumentation::continueWithPolicyIgnore(m_frame, this, m_main
Resource->identifier(), m_response); |
486 cancelMainResourceLoad(ResourceError::cancelledError(m_request.url())); | 469 cancelMainResourceLoad(ResourceError::cancelledError(m_request.url())); |
(...skipping 359 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
846 { | 829 { |
847 m_writer = createWriterFor(ownerDocument, init, mimeType(), m_writer ? m_wri
ter->encoding() : emptyAtom, true, ForceSynchronousParsing); | 830 m_writer = createWriterFor(ownerDocument, init, mimeType(), m_writer ? m_wri
ter->encoding() : emptyAtom, true, ForceSynchronousParsing); |
848 if (!source.isNull()) | 831 if (!source.isNull()) |
849 m_writer->appendReplacingData(source); | 832 m_writer->appendReplacingData(source); |
850 endWriting(m_writer.get()); | 833 endWriting(m_writer.get()); |
851 } | 834 } |
852 | 835 |
853 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); | 836 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); |
854 | 837 |
855 } // namespace blink | 838 } // namespace blink |
OLD | NEW |