OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. |
3 * Copyright (C) 2011 Google Inc. All rights reserved. | 3 * Copyright (C) 2011 Google Inc. All rights reserved. |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
7 * are met: | 7 * are met: |
8 * | 8 * |
9 * 1. Redistributions of source code must retain the above copyright | 9 * 1. Redistributions of source code must retain the above copyright |
10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
100 , m_fetcher(FrameFetchContext::createContextAndFetcher(this, nullptr)) | 100 , m_fetcher(FrameFetchContext::createContextAndFetcher(this, nullptr)) |
101 , m_originalRequest(req) | 101 , m_originalRequest(req) |
102 , m_substituteData(substituteData) | 102 , m_substituteData(substituteData) |
103 , m_request(req) | 103 , m_request(req) |
104 , m_isClientRedirect(false) | 104 , m_isClientRedirect(false) |
105 , m_replacesCurrentHistoryItem(false) | 105 , m_replacesCurrentHistoryItem(false) |
106 , m_navigationType(NavigationTypeOther) | 106 , m_navigationType(NavigationTypeOther) |
107 , m_documentLoadTiming(*this) | 107 , m_documentLoadTiming(*this) |
108 , m_timeOfLastDataReceived(0.0) | 108 , m_timeOfLastDataReceived(0.0) |
109 , m_applicationCacheHost(ApplicationCacheHost::create(this)) | 109 , m_applicationCacheHost(ApplicationCacheHost::create(this)) |
110 , m_wasBlockedAfterXFrameOptionsOrCSP(false) | 110 , m_wasBlockedAfterCSP(false) |
111 , m_state(NotStarted) | 111 , m_state(NotStarted) |
112 , m_inDataReceived(false) | 112 , m_inDataReceived(false) |
113 , m_dataBuffer(SharedBuffer::create()) | 113 , m_dataBuffer(SharedBuffer::create()) |
114 { | 114 { |
115 } | 115 } |
116 | 116 |
117 FrameLoader* DocumentLoader::frameLoader() const | 117 FrameLoader* DocumentLoader::frameLoader() const |
118 { | 118 { |
119 if (!m_frame) | 119 if (!m_frame) |
120 return nullptr; | 120 return nullptr; |
(...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
250 ASSERT(m_mainResource); | 250 ASSERT(m_mainResource); |
251 | 251 |
252 if (!m_mainResource->errorOccurred() && !m_mainResource->wasCanceled()) { | 252 if (!m_mainResource->errorOccurred() && !m_mainResource->wasCanceled()) { |
253 finishedLoading(m_mainResource->loadFinishTime()); | 253 finishedLoading(m_mainResource->loadFinishTime()); |
254 return; | 254 return; |
255 } | 255 } |
256 | 256 |
257 if (m_applicationCacheHost) | 257 if (m_applicationCacheHost) |
258 m_applicationCacheHost->failedLoadingMainResource(); | 258 m_applicationCacheHost->failedLoadingMainResource(); |
259 m_state = MainResourceDone; | 259 m_state = MainResourceDone; |
| 260 |
| 261 // TODO(mkwst): Magic numbers bad. |
| 262 if (m_mainResource->resourceError().errorCode() == -27) |
| 263 InspectorInstrumentation::canceledAfterReceivedResourceResponse(m_frame,
this, mainResourceIdentifier(), resource->response()); |
| 264 |
260 frameLoader()->loadFailed(this, m_mainResource->resourceError()); | 265 frameLoader()->loadFailed(this, m_mainResource->resourceError()); |
261 clearMainResourceHandle(); | 266 clearMainResourceHandle(); |
262 } | 267 } |
263 | 268 |
264 void DocumentLoader::finishedLoading(double finishTime) | 269 void DocumentLoader::finishedLoading(double finishTime) |
265 { | 270 { |
266 ASSERT(!m_frame->page()->defersLoading() || InspectorInstrumentation::isDebu
ggerPaused(m_frame)); | 271 ASSERT(!m_frame->page()->defersLoading() || InspectorInstrumentation::isDebu
ggerPaused(m_frame)); |
267 | 272 |
268 double responseEndTime = finishTime; | 273 double responseEndTime = finishTime; |
269 if (!responseEndTime) | 274 if (!responseEndTime) |
(...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
343 // Downloading is handled by the embedder, but we still get the initial | 348 // Downloading is handled by the embedder, but we still get the initial |
344 // response so that we can ignore it and clean up properly. | 349 // response so that we can ignore it and clean up properly. |
345 return false; | 350 return false; |
346 } | 351 } |
347 | 352 |
348 if (!canShowMIMEType(m_response.mimeType(), m_frame->page())) | 353 if (!canShowMIMEType(m_response.mimeType(), m_frame->page())) |
349 return false; | 354 return false; |
350 return true; | 355 return true; |
351 } | 356 } |
352 | 357 |
353 void DocumentLoader::cancelLoadAfterXFrameOptionsOrCSPDenied(const ResourceRespo
nse& response) | 358 void DocumentLoader::cancelLoadAfterCSPDenied(const ResourceResponse& response) |
354 { | 359 { |
355 InspectorInstrumentation::continueAfterXFrameOptionsDenied(m_frame, this, ma
inResourceIdentifier(), response); | 360 InspectorInstrumentation::canceledAfterReceivedResourceResponse(m_frame, thi
s, mainResourceIdentifier(), response); |
356 | 361 |
357 setWasBlockedAfterXFrameOptionsOrCSP(); | 362 setWasBlockedAfterCSP(); |
358 | 363 |
359 // Pretend that this was an empty HTTP 200 response. | 364 // Pretend that this was an empty HTTP 200 response. |
360 clearMainResourceHandle(); | 365 clearMainResourceHandle(); |
361 m_response = ResourceResponse(blankURL(), "text/html", 0, nullAtom, String()
); | 366 m_response = ResourceResponse(blankURL(), "text/html", 0, nullAtom, String()
); |
362 finishedLoading(monotonicallyIncreasingTime()); | 367 finishedLoading(monotonicallyIncreasingTime()); |
363 | 368 |
364 return; | 369 return; |
365 } | 370 } |
366 | 371 |
367 void DocumentLoader::responseReceived(Resource* resource, const ResourceResponse
& response, PassOwnPtr<WebDataConsumerHandle> handle) | 372 void DocumentLoader::responseReceived(Resource* resource, const ResourceResponse
& response, PassOwnPtr<WebDataConsumerHandle> handle) |
368 { | 373 { |
369 ASSERT_UNUSED(resource, m_mainResource == resource); | 374 ASSERT_UNUSED(resource, m_mainResource == resource); |
370 ASSERT_UNUSED(handle, !handle); | 375 ASSERT_UNUSED(handle, !handle); |
371 ASSERT(frame()); | 376 ASSERT(frame()); |
372 | 377 |
373 m_applicationCacheHost->didReceiveResponseForMainResource(response); | 378 m_applicationCacheHost->didReceiveResponseForMainResource(response); |
374 | 379 |
375 // The memory cache doesn't understand the application cache or its caching
rules. So if a main resource is served | 380 // The memory cache doesn't understand the application cache or its caching
rules. So if a main resource is served |
376 // from the application cache, ensure we don't save the result for future us
e. All responses loaded | 381 // from the application cache, ensure we don't save the result for future us
e. All responses loaded |
377 // from appcache will have a non-zero appCacheID(). | 382 // from appcache will have a non-zero appCacheID(). |
378 if (response.appCacheID()) | 383 if (response.appCacheID()) |
379 memoryCache()->remove(m_mainResource.get()); | 384 memoryCache()->remove(m_mainResource.get()); |
380 | 385 |
381 m_contentSecurityPolicy = ContentSecurityPolicy::create(); | 386 m_contentSecurityPolicy = ContentSecurityPolicy::create(); |
382 m_contentSecurityPolicy->setOverrideURLForSelf(response.url()); | 387 m_contentSecurityPolicy->setOverrideURLForSelf(response.url()); |
383 m_contentSecurityPolicy->didReceiveHeaders(ContentSecurityPolicyResponseHead
ers(response)); | 388 m_contentSecurityPolicy->didReceiveHeaders(ContentSecurityPolicyResponseHead
ers(response)); |
384 if (!m_contentSecurityPolicy->allowAncestors(m_frame, response.url())) { | 389 if (!m_contentSecurityPolicy->allowAncestors(m_frame, response.url())) { |
385 cancelLoadAfterXFrameOptionsOrCSPDenied(response); | 390 cancelLoadAfterCSPDenied(response); |
386 return; | 391 return; |
387 } | 392 } |
388 | 393 |
389 // 'frame-ancestors' obviates 'x-frame-options': https://w3c.github.io/webap
psec/specs/content-security-policy/#frame-ancestors-and-frame-options | |
390 if (!m_contentSecurityPolicy->isFrameAncestorsEnforced()) { | |
391 HTTPHeaderMap::const_iterator it = response.httpHeaderFields().find(HTTP
Names::X_Frame_Options); | |
392 if (it != response.httpHeaderFields().end()) { | |
393 String content = it->value; | |
394 if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, resp
onse.url(), mainResourceIdentifier())) { | |
395 String message = "Refused to display '" + response.url().elidedS
tring() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'."; | |
396 ConsoleMessage* consoleMessage = ConsoleMessage::create(Security
MessageSource, ErrorMessageLevel, message); | |
397 consoleMessage->setRequestIdentifier(mainResourceIdentifier()); | |
398 frame()->document()->addConsoleMessage(consoleMessage); | |
399 | |
400 cancelLoadAfterXFrameOptionsOrCSPDenied(response); | |
401 return; | |
402 } | |
403 } | |
404 } | |
405 | |
406 ASSERT(!m_frame->page()->defersLoading()); | 394 ASSERT(!m_frame->page()->defersLoading()); |
407 | 395 |
408 m_response = response; | 396 m_response = response; |
409 | 397 |
410 if (isArchiveMIMEType(m_response.mimeType()) && m_mainResource->getDataBuffe
ringPolicy() != BufferData) | 398 if (isArchiveMIMEType(m_response.mimeType()) && m_mainResource->getDataBuffe
ringPolicy() != BufferData) |
411 m_mainResource->setDataBufferingPolicy(BufferData); | 399 m_mainResource->setDataBufferingPolicy(BufferData); |
412 | 400 |
413 if (!shouldContinueForResponse()) { | 401 if (!shouldContinueForResponse()) { |
414 InspectorInstrumentation::continueWithPolicyIgnore(m_frame, this, m_main
Resource->identifier(), m_response); | 402 InspectorInstrumentation::continueWithPolicyIgnore(m_frame, this, m_main
Resource->identifier(), m_response); |
415 m_fetcher->stopFetching(); | 403 m_fetcher->stopFetching(); |
(...skipping 269 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
685 { | 673 { |
686 m_writer = createWriterFor(init, mimeType(), m_writer ? m_writer->encoding()
: emptyAtom, true, ForceSynchronousParsing); | 674 m_writer = createWriterFor(init, mimeType(), m_writer ? m_writer->encoding()
: emptyAtom, true, ForceSynchronousParsing); |
687 if (!source.isNull()) | 675 if (!source.isNull()) |
688 m_writer->appendReplacingData(source); | 676 m_writer->appendReplacingData(source); |
689 endWriting(m_writer.get()); | 677 endWriting(m_writer.get()); |
690 } | 678 } |
691 | 679 |
692 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); | 680 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); |
693 | 681 |
694 } // namespace blink | 682 } // namespace blink |
OLD | NEW |