OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. |
3 * Copyright (C) 2011 Google Inc. All rights reserved. | 3 * Copyright (C) 2011 Google Inc. All rights reserved. |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
7 * are met: | 7 * are met: |
8 * | 8 * |
9 * 1. Redistributions of source code must retain the above copyright | 9 * 1. Redistributions of source code must retain the above copyright |
10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
(...skipping 368 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
379 memoryCache()->remove(m_mainResource.get()); | 379 memoryCache()->remove(m_mainResource.get()); |
380 | 380 |
381 m_contentSecurityPolicy = ContentSecurityPolicy::create(); | 381 m_contentSecurityPolicy = ContentSecurityPolicy::create(); |
382 m_contentSecurityPolicy->setOverrideURLForSelf(response.url()); | 382 m_contentSecurityPolicy->setOverrideURLForSelf(response.url()); |
383 m_contentSecurityPolicy->didReceiveHeaders(ContentSecurityPolicyResponseHead
ers(response)); | 383 m_contentSecurityPolicy->didReceiveHeaders(ContentSecurityPolicyResponseHead
ers(response)); |
384 if (!m_contentSecurityPolicy->allowAncestors(m_frame, response.url())) { | 384 if (!m_contentSecurityPolicy->allowAncestors(m_frame, response.url())) { |
385 cancelLoadAfterXFrameOptionsOrCSPDenied(response); | 385 cancelLoadAfterXFrameOptionsOrCSPDenied(response); |
386 return; | 386 return; |
387 } | 387 } |
388 | 388 |
389 // 'frame-ancestors' obviates 'x-frame-options': https://w3c.github.io/webap
psec/specs/content-security-policy/#frame-ancestors-and-frame-options | |
390 if (!m_contentSecurityPolicy->isFrameAncestorsEnforced()) { | |
391 HTTPHeaderMap::const_iterator it = response.httpHeaderFields().find(HTTP
Names::X_Frame_Options); | |
392 if (it != response.httpHeaderFields().end()) { | |
393 String content = it->value; | |
394 if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, resp
onse.url(), mainResourceIdentifier())) { | |
395 String message = "Refused to display '" + response.url().elidedS
tring() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'."; | |
396 ConsoleMessage* consoleMessage = ConsoleMessage::create(Security
MessageSource, ErrorMessageLevel, message); | |
397 consoleMessage->setRequestIdentifier(mainResourceIdentifier()); | |
398 frame()->document()->addConsoleMessage(consoleMessage); | |
399 | |
400 cancelLoadAfterXFrameOptionsOrCSPDenied(response); | |
401 return; | |
402 } | |
403 } | |
404 } | |
405 | |
406 ASSERT(!m_frame->page()->defersLoading()); | 389 ASSERT(!m_frame->page()->defersLoading()); |
407 | 390 |
408 m_response = response; | 391 m_response = response; |
409 | 392 |
410 if (isArchiveMIMEType(m_response.mimeType()) && m_mainResource->getDataBuffe
ringPolicy() != BufferData) | 393 if (isArchiveMIMEType(m_response.mimeType()) && m_mainResource->getDataBuffe
ringPolicy() != BufferData) |
411 m_mainResource->setDataBufferingPolicy(BufferData); | 394 m_mainResource->setDataBufferingPolicy(BufferData); |
412 | 395 |
413 if (!shouldContinueForResponse()) { | 396 if (!shouldContinueForResponse()) { |
414 InspectorInstrumentation::continueWithPolicyIgnore(m_frame, this, m_main
Resource->identifier(), m_response); | 397 InspectorInstrumentation::continueWithPolicyIgnore(m_frame, this, m_main
Resource->identifier(), m_response); |
415 m_fetcher->stopFetching(); | 398 m_fetcher->stopFetching(); |
(...skipping 269 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
685 { | 668 { |
686 m_writer = createWriterFor(init, mimeType(), m_writer ? m_writer->encoding()
: emptyAtom, true, ForceSynchronousParsing); | 669 m_writer = createWriterFor(init, mimeType(), m_writer ? m_writer->encoding()
: emptyAtom, true, ForceSynchronousParsing); |
687 if (!source.isNull()) | 670 if (!source.isNull()) |
688 m_writer->appendReplacingData(source); | 671 m_writer->appendReplacingData(source); |
689 endWriting(m_writer.get()); | 672 endWriting(m_writer.get()); |
690 } | 673 } |
691 | 674 |
692 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); | 675 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); |
693 | 676 |
694 } // namespace blink | 677 } // namespace blink |
OLD | NEW |