| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. |
| 3 * Copyright (C) 2011 Google Inc. All rights reserved. | 3 * Copyright (C) 2011 Google Inc. All rights reserved. |
| 4 * | 4 * |
| 5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
| 6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
| 7 * are met: | 7 * are met: |
| 8 * | 8 * |
| 9 * 1. Redistributions of source code must retain the above copyright | 9 * 1. Redistributions of source code must retain the above copyright |
| 10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
| (...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 100 , m_fetcher(FrameFetchContext::createContextAndFetcher(this, nullptr)) | 100 , m_fetcher(FrameFetchContext::createContextAndFetcher(this, nullptr)) |
| 101 , m_originalRequest(req) | 101 , m_originalRequest(req) |
| 102 , m_substituteData(substituteData) | 102 , m_substituteData(substituteData) |
| 103 , m_request(req) | 103 , m_request(req) |
| 104 , m_isClientRedirect(false) | 104 , m_isClientRedirect(false) |
| 105 , m_replacesCurrentHistoryItem(false) | 105 , m_replacesCurrentHistoryItem(false) |
| 106 , m_navigationType(NavigationTypeOther) | 106 , m_navigationType(NavigationTypeOther) |
| 107 , m_documentLoadTiming(*this) | 107 , m_documentLoadTiming(*this) |
| 108 , m_timeOfLastDataReceived(0.0) | 108 , m_timeOfLastDataReceived(0.0) |
| 109 , m_applicationCacheHost(ApplicationCacheHost::create(this)) | 109 , m_applicationCacheHost(ApplicationCacheHost::create(this)) |
| 110 , m_wasBlockedAfterXFrameOptionsOrCSP(false) | 110 , m_wasBlockedAfterCSP(false) |
| 111 , m_state(NotStarted) | 111 , m_state(NotStarted) |
| 112 , m_inDataReceived(false) | 112 , m_inDataReceived(false) |
| 113 , m_dataBuffer(SharedBuffer::create()) | 113 , m_dataBuffer(SharedBuffer::create()) |
| 114 { | 114 { |
| 115 } | 115 } |
| 116 | 116 |
| 117 FrameLoader* DocumentLoader::frameLoader() const | 117 FrameLoader* DocumentLoader::frameLoader() const |
| 118 { | 118 { |
| 119 if (!m_frame) | 119 if (!m_frame) |
| 120 return nullptr; | 120 return nullptr; |
| (...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 250 ASSERT(m_mainResource); | 250 ASSERT(m_mainResource); |
| 251 | 251 |
| 252 if (!m_mainResource->errorOccurred() && !m_mainResource->wasCanceled()) { | 252 if (!m_mainResource->errorOccurred() && !m_mainResource->wasCanceled()) { |
| 253 finishedLoading(m_mainResource->loadFinishTime()); | 253 finishedLoading(m_mainResource->loadFinishTime()); |
| 254 return; | 254 return; |
| 255 } | 255 } |
| 256 | 256 |
| 257 if (m_applicationCacheHost) | 257 if (m_applicationCacheHost) |
| 258 m_applicationCacheHost->failedLoadingMainResource(); | 258 m_applicationCacheHost->failedLoadingMainResource(); |
| 259 m_state = MainResourceDone; | 259 m_state = MainResourceDone; |
| 260 |
| 261 // TODO(mkwst): Magic numbers bad. |
| 262 if (m_mainResource->resourceError().errorCode() == -27) |
| 263 InspectorInstrumentation::canceledAfterReceivedResourceResponse(m_frame,
this, mainResourceIdentifier(), resource->response()); |
| 264 |
| 260 frameLoader()->loadFailed(this, m_mainResource->resourceError()); | 265 frameLoader()->loadFailed(this, m_mainResource->resourceError()); |
| 261 clearMainResourceHandle(); | 266 clearMainResourceHandle(); |
| 262 } | 267 } |
| 263 | 268 |
| 264 void DocumentLoader::finishedLoading(double finishTime) | 269 void DocumentLoader::finishedLoading(double finishTime) |
| 265 { | 270 { |
| 266 ASSERT(!m_frame->page()->defersLoading() || InspectorInstrumentation::isDebu
ggerPaused(m_frame)); | 271 ASSERT(!m_frame->page()->defersLoading() || InspectorInstrumentation::isDebu
ggerPaused(m_frame)); |
| 267 | 272 |
| 268 double responseEndTime = finishTime; | 273 double responseEndTime = finishTime; |
| 269 if (!responseEndTime) | 274 if (!responseEndTime) |
| (...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 343 // Downloading is handled by the embedder, but we still get the initial | 348 // Downloading is handled by the embedder, but we still get the initial |
| 344 // response so that we can ignore it and clean up properly. | 349 // response so that we can ignore it and clean up properly. |
| 345 return false; | 350 return false; |
| 346 } | 351 } |
| 347 | 352 |
| 348 if (!canShowMIMEType(m_response.mimeType(), m_frame->page())) | 353 if (!canShowMIMEType(m_response.mimeType(), m_frame->page())) |
| 349 return false; | 354 return false; |
| 350 return true; | 355 return true; |
| 351 } | 356 } |
| 352 | 357 |
| 353 void DocumentLoader::cancelLoadAfterXFrameOptionsOrCSPDenied(const ResourceRespo
nse& response) | 358 void DocumentLoader::cancelLoadAfterCSPDenied(const ResourceResponse& response) |
| 354 { | 359 { |
| 355 InspectorInstrumentation::continueAfterXFrameOptionsDenied(m_frame, this, ma
inResourceIdentifier(), response); | 360 InspectorInstrumentation::canceledAfterReceivedResourceResponse(m_frame, thi
s, mainResourceIdentifier(), response); |
| 356 | 361 |
| 357 setWasBlockedAfterXFrameOptionsOrCSP(); | 362 setWasBlockedAfterCSP(); |
| 358 | 363 |
| 359 // Pretend that this was an empty HTTP 200 response. | 364 // Pretend that this was an empty HTTP 200 response. |
| 360 clearMainResourceHandle(); | 365 clearMainResourceHandle(); |
| 361 m_response = ResourceResponse(blankURL(), "text/html", 0, nullAtom, String()
); | 366 m_response = ResourceResponse(blankURL(), "text/html", 0, nullAtom, String()
); |
| 362 finishedLoading(monotonicallyIncreasingTime()); | 367 finishedLoading(monotonicallyIncreasingTime()); |
| 363 | 368 |
| 364 return; | 369 return; |
| 365 } | 370 } |
| 366 | 371 |
| 367 void DocumentLoader::responseReceived(Resource* resource, const ResourceResponse
& response, PassOwnPtr<WebDataConsumerHandle> handle) | 372 void DocumentLoader::responseReceived(Resource* resource, const ResourceResponse
& response, PassOwnPtr<WebDataConsumerHandle> handle) |
| 368 { | 373 { |
| 369 ASSERT_UNUSED(resource, m_mainResource == resource); | 374 ASSERT_UNUSED(resource, m_mainResource == resource); |
| 370 ASSERT_UNUSED(handle, !handle); | 375 ASSERT_UNUSED(handle, !handle); |
| 371 ASSERT(frame()); | 376 ASSERT(frame()); |
| 372 | 377 |
| 373 m_applicationCacheHost->didReceiveResponseForMainResource(response); | 378 m_applicationCacheHost->didReceiveResponseForMainResource(response); |
| 374 | 379 |
| 375 // The memory cache doesn't understand the application cache or its caching
rules. So if a main resource is served | 380 // The memory cache doesn't understand the application cache or its caching
rules. So if a main resource is served |
| 376 // from the application cache, ensure we don't save the result for future us
e. All responses loaded | 381 // from the application cache, ensure we don't save the result for future us
e. All responses loaded |
| 377 // from appcache will have a non-zero appCacheID(). | 382 // from appcache will have a non-zero appCacheID(). |
| 378 if (response.appCacheID()) | 383 if (response.appCacheID()) |
| 379 memoryCache()->remove(m_mainResource.get()); | 384 memoryCache()->remove(m_mainResource.get()); |
| 380 | 385 |
| 381 m_contentSecurityPolicy = ContentSecurityPolicy::create(); | 386 m_contentSecurityPolicy = ContentSecurityPolicy::create(); |
| 382 m_contentSecurityPolicy->setOverrideURLForSelf(response.url()); | 387 m_contentSecurityPolicy->setOverrideURLForSelf(response.url()); |
| 383 m_contentSecurityPolicy->didReceiveHeaders(ContentSecurityPolicyResponseHead
ers(response)); | 388 m_contentSecurityPolicy->didReceiveHeaders(ContentSecurityPolicyResponseHead
ers(response)); |
| 384 if (!m_contentSecurityPolicy->allowAncestors(m_frame, response.url())) { | 389 if (!m_contentSecurityPolicy->allowAncestors(m_frame, response.url())) { |
| 385 cancelLoadAfterXFrameOptionsOrCSPDenied(response); | 390 cancelLoadAfterCSPDenied(response); |
| 386 return; | 391 return; |
| 387 } | 392 } |
| 388 | 393 |
| 389 // 'frame-ancestors' obviates 'x-frame-options': https://w3c.github.io/webap
psec/specs/content-security-policy/#frame-ancestors-and-frame-options | |
| 390 if (!m_contentSecurityPolicy->isFrameAncestorsEnforced()) { | |
| 391 HTTPHeaderMap::const_iterator it = response.httpHeaderFields().find(HTTP
Names::X_Frame_Options); | |
| 392 if (it != response.httpHeaderFields().end()) { | |
| 393 String content = it->value; | |
| 394 if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, resp
onse.url(), mainResourceIdentifier())) { | |
| 395 String message = "Refused to display '" + response.url().elidedS
tring() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'."; | |
| 396 ConsoleMessage* consoleMessage = ConsoleMessage::create(Security
MessageSource, ErrorMessageLevel, message); | |
| 397 consoleMessage->setRequestIdentifier(mainResourceIdentifier()); | |
| 398 frame()->document()->addConsoleMessage(consoleMessage); | |
| 399 | |
| 400 cancelLoadAfterXFrameOptionsOrCSPDenied(response); | |
| 401 return; | |
| 402 } | |
| 403 } | |
| 404 } | |
| 405 | |
| 406 ASSERT(!m_frame->page()->defersLoading()); | 394 ASSERT(!m_frame->page()->defersLoading()); |
| 407 | 395 |
| 408 m_response = response; | 396 m_response = response; |
| 409 | 397 |
| 410 if (isArchiveMIMEType(m_response.mimeType()) && m_mainResource->getDataBuffe
ringPolicy() != BufferData) | 398 if (isArchiveMIMEType(m_response.mimeType()) && m_mainResource->getDataBuffe
ringPolicy() != BufferData) |
| 411 m_mainResource->setDataBufferingPolicy(BufferData); | 399 m_mainResource->setDataBufferingPolicy(BufferData); |
| 412 | 400 |
| 413 if (!shouldContinueForResponse()) { | 401 if (!shouldContinueForResponse()) { |
| 414 InspectorInstrumentation::continueWithPolicyIgnore(m_frame, this, m_main
Resource->identifier(), m_response); | 402 InspectorInstrumentation::continueWithPolicyIgnore(m_frame, this, m_main
Resource->identifier(), m_response); |
| 415 m_fetcher->stopFetching(); | 403 m_fetcher->stopFetching(); |
| (...skipping 269 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 685 { | 673 { |
| 686 m_writer = createWriterFor(init, mimeType(), m_writer ? m_writer->encoding()
: emptyAtom, true, ForceSynchronousParsing); | 674 m_writer = createWriterFor(init, mimeType(), m_writer ? m_writer->encoding()
: emptyAtom, true, ForceSynchronousParsing); |
| 687 if (!source.isNull()) | 675 if (!source.isNull()) |
| 688 m_writer->appendReplacingData(source); | 676 m_writer->appendReplacingData(source); |
| 689 endWriting(m_writer.get()); | 677 endWriting(m_writer.get()); |
| 690 } | 678 } |
| 691 | 679 |
| 692 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); | 680 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); |
| 693 | 681 |
| 694 } // namespace blink | 682 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1617043002:
Introduce AncestorThrottle, which will process 'X-Frame-Options' headers. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@block-response