| Index: third_party/WebKit/Source/core/loader/FrameLoader.cpp
|
| diff --git a/third_party/WebKit/Source/core/loader/FrameLoader.cpp b/third_party/WebKit/Source/core/loader/FrameLoader.cpp
|
| index 9477c3ba4bbfa71438314cf301c5e5baa40c27d5..a632db981677c6a60abacd57051a8ba62f277f97 100644
|
| --- a/third_party/WebKit/Source/core/loader/FrameLoader.cpp
|
| +++ b/third_party/WebKit/Source/core/loader/FrameLoader.cpp
|
| @@ -1431,53 +1431,6 @@ void FrameLoader::applyUserAgent(ResourceRequest& request)
|
| request.setHTTPUserAgent(AtomicString(userAgent));
|
| }
|
|
|
| -bool FrameLoader::shouldInterruptLoadForXFrameOptions(const String& content, const KURL& url, unsigned long requestIdentifier)
|
| -{
|
| - UseCounter::count(m_frame->domWindow()->document(), UseCounter::XFrameOptions);
|
| -
|
| - Frame* topFrame = m_frame->tree().top();
|
| - if (m_frame == topFrame)
|
| - return false;
|
| -
|
| - XFrameOptionsDisposition disposition = parseXFrameOptionsHeader(content);
|
| -
|
| - switch (disposition) {
|
| - case XFrameOptionsSameOrigin: {
|
| - UseCounter::count(m_frame->domWindow()->document(), UseCounter::XFrameOptionsSameOrigin);
|
| - RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url);
|
| - // Out-of-process ancestors are always a different origin.
|
| - if (!topFrame->isLocalFrame() || !origin->isSameSchemeHostPort(toLocalFrame(topFrame)->document()->getSecurityOrigin()))
|
| - return true;
|
| - for (Frame* frame = m_frame->tree().parent(); frame; frame = frame->tree().parent()) {
|
| - if (!frame->isLocalFrame() || !origin->isSameSchemeHostPort(toLocalFrame(frame)->document()->getSecurityOrigin())) {
|
| - UseCounter::count(m_frame->domWindow()->document(), UseCounter::XFrameOptionsSameOriginWithBadAncestorChain);
|
| - break;
|
| - }
|
| - }
|
| - return false;
|
| - }
|
| - case XFrameOptionsDeny:
|
| - return true;
|
| - case XFrameOptionsAllowAll:
|
| - return false;
|
| - case XFrameOptionsConflict: {
|
| - ConsoleMessage* consoleMessage = ConsoleMessage::create(JSMessageSource, ErrorMessageLevel, "Multiple 'X-Frame-Options' headers with conflicting values ('" + content + "') encountered when loading '" + url.elidedString() + "'. Falling back to 'DENY'.");
|
| - consoleMessage->setRequestIdentifier(requestIdentifier);
|
| - m_frame->document()->addConsoleMessage(consoleMessage);
|
| - return true;
|
| - }
|
| - case XFrameOptionsInvalid: {
|
| - ConsoleMessage* consoleMessage = ConsoleMessage::create(JSMessageSource, ErrorMessageLevel, "Invalid 'X-Frame-Options' header encountered when loading '" + url.elidedString() + "': '" + content + "' is not a recognized directive. The header will be ignored.");
|
| - consoleMessage->setRequestIdentifier(requestIdentifier);
|
| - m_frame->document()->addConsoleMessage(consoleMessage);
|
| - return false;
|
| - }
|
| - default:
|
| - ASSERT_NOT_REACHED();
|
| - return false;
|
| - }
|
| -}
|
| -
|
| bool FrameLoader::shouldTreatURLAsSameAsCurrent(const KURL& url) const
|
| {
|
| return m_currentItem && url == m_currentItem->url();
|
|
|
Chromium Code Reviews
Issue 1617043002:
Introduce AncestorThrottle, which will process 'X-Frame-Options' headers. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@block-response