Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(177)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/loader/DocumentLoader.cpp

Issue 1710283003: OOPIF: Handle cross-site frames being blocked by X-Frame-Options or CSP. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Split off the relaxed DCHECK in OnCrossSiteResponse into separate CL Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/frame/LocalFrame.cpp ('k') | third_party/WebKit/Source/core/loader/FrameLoaderClient.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. 2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved.
3 * Copyright (C) 2011 Google Inc. All rights reserved. 3 * Copyright (C) 2011 Google Inc. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
(...skipping 359 matching lines...) Expand 10 before | Expand all | Expand 10 after
370 return false; 370 return false;
371 } 371 }
372 372
373 if (!canShowMIMEType(m_response.mimeType(), m_frame->page())) 373 if (!canShowMIMEType(m_response.mimeType(), m_frame->page()))
374 return false; 374 return false;
375 return true; 375 return true;
376 } 376 }
377 377
378 void DocumentLoader::cancelLoadAfterXFrameOptionsOrCSPDenied(const ResourceRespo nse& response) 378 void DocumentLoader::cancelLoadAfterXFrameOptionsOrCSPDenied(const ResourceRespo nse& response)
379 { 379 {
380 // TODO(alexmos): Figure out how this needs to be called in OOPIF scenarios.
380 InspectorInstrumentation::continueAfterXFrameOptionsDenied(m_frame, this, ma inResourceIdentifier(), response); 381 InspectorInstrumentation::continueAfterXFrameOptionsDenied(m_frame, this, ma inResourceIdentifier(), response);
381 382
382 frame()->document()->enforceSandboxFlags(SandboxOrigin); 383 // If this load was started in a different process, that process needs to
383 if (FrameOwner* owner = frame()->owner()) 384 // be notified about the block, so that it can fire the FrameOwner load
384 owner->dispatchLoad(); 385 // event and set a unique origin for the frame that was blocked.
386 //
387 // TODO(mkwst,alexmos): This will become unnecessary after XFO and CSP
388 // enforcement is moved to the browser process (https://crbug.com/555418).
389 frameLoader()->client()->didBlockLoad();
390
391 frame()->updateForBlockedLoad();
385 392
386 // The load event might have detached this frame. In that case, the load wil l already have been cancelled during detach. 393 // The load event might have detached this frame. In that case, the load wil l already have been cancelled during detach.
387 if (frameLoader()) 394 if (frameLoader())
388 cancelMainResourceLoad(ResourceError::cancelledError(m_request.url())); 395 cancelMainResourceLoad(ResourceError::cancelledError(m_request.url()));
389 return; 396 return;
390 } 397 }
391 398
392 void DocumentLoader::responseReceived(Resource* resource, const ResourceResponse & response, PassOwnPtr<WebDataConsumerHandle> handle) 399 void DocumentLoader::responseReceived(Resource* resource, const ResourceResponse & response, PassOwnPtr<WebDataConsumerHandle> handle)
393 { 400 {
394 ASSERT_UNUSED(resource, m_mainResource == resource); 401 ASSERT_UNUSED(resource, m_mainResource == resource);
(...skipping 370 matching lines...) Expand 10 before | Expand all | Expand 10 after
765 { 772 {
766 m_writer = createWriterFor(ownerDocument, init, mimeType(), m_writer ? m_wri ter->encoding() : emptyAtom, true, ForceSynchronousParsing); 773 m_writer = createWriterFor(ownerDocument, init, mimeType(), m_writer ? m_wri ter->encoding() : emptyAtom, true, ForceSynchronousParsing);
767 if (!source.isNull()) 774 if (!source.isNull())
768 m_writer->appendReplacingData(source); 775 m_writer->appendReplacingData(source);
769 endWriting(m_writer.get()); 776 endWriting(m_writer.get());
770 } 777 }
771 778
772 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); 779 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader);
773 780
774 } // namespace blink 781 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/frame/LocalFrame.cpp ('k') | third_party/WebKit/Source/core/loader/FrameLoaderClient.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698