OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv
ed. | 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv
ed. |
3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) | 3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) |
4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t
orchmobile.com/) | 4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t
orchmobile.com/) |
5 * Copyright (C) 2008 Alp Toker <alp@atoker.com> | 5 * Copyright (C) 2008 Alp Toker <alp@atoker.com> |
6 * Copyright (C) Research In Motion Limited 2009. All rights reserved. | 6 * Copyright (C) Research In Motion Limited 2009. All rights reserved. |
7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> | 7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> |
8 * Copyright (C) 2011 Google Inc. All rights reserved. | 8 * Copyright (C) 2011 Google Inc. All rights reserved. |
9 * | 9 * |
10 * Redistribution and use in source and binary forms, with or without | 10 * Redistribution and use in source and binary forms, with or without |
(...skipping 1413 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1424 m_provisionalDocumentLoader->startLoadingMainResource(); | 1424 m_provisionalDocumentLoader->startLoadingMainResource(); |
1425 } | 1425 } |
1426 | 1426 |
1427 void FrameLoader::applyUserAgent(ResourceRequest& request) | 1427 void FrameLoader::applyUserAgent(ResourceRequest& request) |
1428 { | 1428 { |
1429 String userAgent = this->userAgent(); | 1429 String userAgent = this->userAgent(); |
1430 ASSERT(!userAgent.isNull()); | 1430 ASSERT(!userAgent.isNull()); |
1431 request.setHTTPUserAgent(AtomicString(userAgent)); | 1431 request.setHTTPUserAgent(AtomicString(userAgent)); |
1432 } | 1432 } |
1433 | 1433 |
1434 bool FrameLoader::shouldInterruptLoadForXFrameOptions(const String& content, con
st KURL& url, unsigned long requestIdentifier) | |
1435 { | |
1436 UseCounter::count(m_frame->domWindow()->document(), UseCounter::XFrameOption
s); | |
1437 | |
1438 Frame* topFrame = m_frame->tree().top(); | |
1439 if (m_frame == topFrame) | |
1440 return false; | |
1441 | |
1442 XFrameOptionsDisposition disposition = parseXFrameOptionsHeader(content); | |
1443 | |
1444 switch (disposition) { | |
1445 case XFrameOptionsSameOrigin: { | |
1446 UseCounter::count(m_frame->domWindow()->document(), UseCounter::XFrameOp
tionsSameOrigin); | |
1447 RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url); | |
1448 // Out-of-process ancestors are always a different origin. | |
1449 if (!topFrame->isLocalFrame() || !origin->isSameSchemeHostPort(toLocalFr
ame(topFrame)->document()->getSecurityOrigin())) | |
1450 return true; | |
1451 for (Frame* frame = m_frame->tree().parent(); frame; frame = frame->tree
().parent()) { | |
1452 if (!frame->isLocalFrame() || !origin->isSameSchemeHostPort(toLocalF
rame(frame)->document()->getSecurityOrigin())) { | |
1453 UseCounter::count(m_frame->domWindow()->document(), UseCounter::
XFrameOptionsSameOriginWithBadAncestorChain); | |
1454 break; | |
1455 } | |
1456 } | |
1457 return false; | |
1458 } | |
1459 case XFrameOptionsDeny: | |
1460 return true; | |
1461 case XFrameOptionsAllowAll: | |
1462 return false; | |
1463 case XFrameOptionsConflict: { | |
1464 ConsoleMessage* consoleMessage = ConsoleMessage::create(JSMessageSource,
ErrorMessageLevel, "Multiple 'X-Frame-Options' headers with conflicting values
('" + content + "') encountered when loading '" + url.elidedString() + "'. Falli
ng back to 'DENY'."); | |
1465 consoleMessage->setRequestIdentifier(requestIdentifier); | |
1466 m_frame->document()->addConsoleMessage(consoleMessage); | |
1467 return true; | |
1468 } | |
1469 case XFrameOptionsInvalid: { | |
1470 ConsoleMessage* consoleMessage = ConsoleMessage::create(JSMessageSource,
ErrorMessageLevel, "Invalid 'X-Frame-Options' header encountered when loading '
" + url.elidedString() + "': '" + content + "' is not a recognized directive. Th
e header will be ignored."); | |
1471 consoleMessage->setRequestIdentifier(requestIdentifier); | |
1472 m_frame->document()->addConsoleMessage(consoleMessage); | |
1473 return false; | |
1474 } | |
1475 default: | |
1476 ASSERT_NOT_REACHED(); | |
1477 return false; | |
1478 } | |
1479 } | |
1480 | |
1481 bool FrameLoader::shouldTreatURLAsSameAsCurrent(const KURL& url) const | 1434 bool FrameLoader::shouldTreatURLAsSameAsCurrent(const KURL& url) const |
1482 { | 1435 { |
1483 return m_currentItem && url == m_currentItem->url(); | 1436 return m_currentItem && url == m_currentItem->url(); |
1484 } | 1437 } |
1485 | 1438 |
1486 bool FrameLoader::shouldTreatURLAsSrcdocDocument(const KURL& url) const | 1439 bool FrameLoader::shouldTreatURLAsSrcdocDocument(const KURL& url) const |
1487 { | 1440 { |
1488 if (!url.isAboutSrcdocURL()) | 1441 if (!url.isAboutSrcdocURL()) |
1489 return false; | 1442 return false; |
1490 HTMLFrameOwnerElement* ownerElement = m_frame->deprecatedLocalOwner(); | 1443 HTMLFrameOwnerElement* ownerElement = m_frame->deprecatedLocalOwner(); |
(...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1578 // FIXME: We need a way to propagate insecure requests policy flags to | 1531 // FIXME: We need a way to propagate insecure requests policy flags to |
1579 // out-of-process frames. For now, we'll always use default behavior. | 1532 // out-of-process frames. For now, we'll always use default behavior. |
1580 if (!parentFrame->isLocalFrame()) | 1533 if (!parentFrame->isLocalFrame()) |
1581 return nullptr; | 1534 return nullptr; |
1582 | 1535 |
1583 ASSERT(toLocalFrame(parentFrame)->document()); | 1536 ASSERT(toLocalFrame(parentFrame)->document()); |
1584 return toLocalFrame(parentFrame)->document()->insecureNavigationsToUpgrade()
; | 1537 return toLocalFrame(parentFrame)->document()->insecureNavigationsToUpgrade()
; |
1585 } | 1538 } |
1586 | 1539 |
1587 } // namespace blink | 1540 } // namespace blink |
OLD | NEW |