Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
| 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
| 4 * (C) 2001 Dirk Mueller (mueller@kde.org) | 4 * (C) 2001 Dirk Mueller (mueller@kde.org) |
| 5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org) | 5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org) |
| 6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r ights reserved. | 6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r ights reserved. |
| 7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/) | 7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/) |
| 8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved. | 8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved. |
| 9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies) | 9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies) |
| 10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved. | 10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved. |
| (...skipping 4900 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 4911 | 4911 |
| 4912 bool Document::useSecureKeyboardEntryWhenActive() const | 4912 bool Document::useSecureKeyboardEntryWhenActive() const |
| 4913 { | 4913 { |
| 4914 return m_useSecureKeyboardEntryWhenActive; | 4914 return m_useSecureKeyboardEntryWhenActive; |
| 4915 } | 4915 } |
| 4916 | 4916 |
| 4917 void Document::initSecurityContext(const DocumentInit& initializer) | 4917 void Document::initSecurityContext(const DocumentInit& initializer) |
| 4918 { | 4918 { |
| 4919 ASSERT(!securityOrigin()); | 4919 ASSERT(!securityOrigin()); |
| 4920 | 4920 |
| 4921 setHostedInReservedIPRange(initializer.isHostedInReservedIPRange()); | |
| 4922 | |
| 4923 if (!initializer.hasSecurityContext()) { | 4921 if (!initializer.hasSecurityContext()) { |
| 4924 // No source for a security context. | 4922 // No source for a security context. |
| 4925 // This can occur via document.implementation.createDocument(). | 4923 // This can occur via document.implementation.createDocument(). |
| 4926 m_cookieURL = KURL(ParsedURLString, emptyString()); | 4924 m_cookieURL = KURL(ParsedURLString, emptyString()); |
| 4927 setSecurityOrigin(SecurityOrigin::createUnique()); | 4925 setSecurityOrigin(SecurityOrigin::createUnique()); |
| 4928 initContentSecurityPolicy(); | 4926 initContentSecurityPolicy(); |
| 4929 // Unique security origins cannot have a suborigin | 4927 // Unique security origins cannot have a suborigin |
| 4930 return; | 4928 return; |
| 4931 } | 4929 } |
| 4932 | 4930 |
| (...skipping 20 matching lines...) Expand all Loading... | |
| 4953 } else if (initializer.owner()) { | 4951 } else if (initializer.owner()) { |
| 4954 m_cookieURL = initializer.owner()->cookieURL(); | 4952 m_cookieURL = initializer.owner()->cookieURL(); |
| 4955 // We alias the SecurityOrigins to match Firefox, see Bug 15313 | 4953 // We alias the SecurityOrigins to match Firefox, see Bug 15313 |
| 4956 // https://bugs.webkit.org/show_bug.cgi?id=15313 | 4954 // https://bugs.webkit.org/show_bug.cgi?id=15313 |
| 4957 setSecurityOrigin(initializer.owner()->securityOrigin()); | 4955 setSecurityOrigin(initializer.owner()->securityOrigin()); |
| 4958 } else { | 4956 } else { |
| 4959 m_cookieURL = m_url; | 4957 m_cookieURL = m_url; |
| 4960 setSecurityOrigin(SecurityOrigin::create(m_url)); | 4958 setSecurityOrigin(SecurityOrigin::create(m_url)); |
| 4961 } | 4959 } |
| 4962 | 4960 |
| 4961 // Set the address space before setting up CSP, as the latter may override | |
|
philipj_slow
2016/03/04 04:35:08
OK, so that's https://mikewest.github.io/cors-rfc1
Mike West
2016/03/04 08:58:21
Done.
| |
| 4962 // the former. | |
| 4963 if (initializer.isHostedInReservedIPRange()) { | |
| 4964 setAddressSpace(securityOrigin()->isLocalhost() | |
| 4965 ? WebURLRequest::AddressSpaceLocal | |
| 4966 : WebURLRequest::AddressSpacePrivate); | |
| 4967 } else { | |
| 4968 setAddressSpace(WebURLRequest::AddressSpacePublic); | |
| 4969 } | |
| 4970 | |
| 4963 if (importsController()) { | 4971 if (importsController()) { |
| 4964 // If this document is an HTML import, grab a reference to it's master d ocument's Content | 4972 // If this document is an HTML import, grab a reference to it's master d ocument's Content |
| 4965 // Security Policy. We don't call 'initContentSecurityPolicy' in this ca se, as we can't | 4973 // Security Policy. We don't call 'initContentSecurityPolicy' in this ca se, as we can't |
| 4966 // rebind the master document's policy object: its ExecutionContext need s to remain tied | 4974 // rebind the master document's policy object: its ExecutionContext need s to remain tied |
| 4967 // to the master document. | 4975 // to the master document. |
| 4968 setContentSecurityPolicy(importsController()->master()->contentSecurityP olicy()); | 4976 setContentSecurityPolicy(importsController()->master()->contentSecurityP olicy()); |
| 4969 } else { | 4977 } else { |
| 4970 initContentSecurityPolicy(); | 4978 initContentSecurityPolicy(); |
| 4971 } | 4979 } |
| 4972 | 4980 |
| (...skipping 1016 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 5989 #ifndef NDEBUG | 5997 #ifndef NDEBUG |
| 5990 using namespace blink; | 5998 using namespace blink; |
| 5991 void showLiveDocumentInstances() | 5999 void showLiveDocumentInstances() |
| 5992 { | 6000 { |
| 5993 Document::WeakDocumentSet& set = Document::liveDocumentSet(); | 6001 Document::WeakDocumentSet& set = Document::liveDocumentSet(); |
| 5994 fprintf(stderr, "There are %u documents currently alive:\n", set.size()); | 6002 fprintf(stderr, "There are %u documents currently alive:\n", set.size()); |
| 5995 for (Document* document : set) | 6003 for (Document* document : set) |
| 5996 fprintf(stderr, "- Document %p URL: %s\n", document, document->url().str ing().utf8().data()); | 6004 fprintf(stderr, "- Document %p URL: %s\n", document, document->url().str ing().utf8().data()); |
| 5997 } | 6005 } |
| 5998 #endif | 6006 #endif |
| OLD | NEW |