Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(595)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/loader/HttpEquiv.cpp

Issue 1889433003: Ignore 'X-Frame-Options' inside '<meta>' tags. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: One more. Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/meta-tag-http-refresh-x-frame-options.html ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/core/loader/HttpEquiv.cpp
diff --git a/third_party/WebKit/Source/core/loader/HttpEquiv.cpp b/third_party/WebKit/Source/core/loader/HttpEquiv.cpp
index d4ff0b76de7a5ea1fac42d64be47af26308844c5..1298ad21930590876aa0166d7c10894f646ed60e 100644
--- a/third_party/WebKit/Source/core/loader/HttpEquiv.cpp
+++ b/third_party/WebKit/Source/core/loader/HttpEquiv.cpp
@@ -35,7 +35,7 @@ void HttpEquiv::process(Document& document, const AtomicString& equiv, const Ato
} else if (equalIgnoringCase(equiv, "x-dns-prefetch-control")) {
document.parseDNSPrefetchControlHeader(content);
} else if (equalIgnoringCase(equiv, "x-frame-options")) {
- processHttpEquivXFrameOptions(document, content);
+ document.addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside <meta>."));
} else if (equalIgnoringCase(equiv, "accept-ch")) {
processHttpEquivAcceptCH(document, content);
} else if (equalIgnoringCase(equiv, "content-security-policy") || equalIgnoringCase(equiv, "content-security-policy-report-only")) {
@@ -92,28 +92,4 @@ void HttpEquiv::processHttpEquivSetCookie(Document& document, const AtomicString
toHTMLDocument(document).setCookie(content, IGNORE_EXCEPTION);
}
-void HttpEquiv::processHttpEquivXFrameOptions(Document& document, const AtomicString& content)
-{
- LocalFrame* frame = document.frame();
- if (!frame)
- return;
-
- unsigned long requestIdentifier = document.loader()->mainResourceIdentifier();
- if (!frame->loader().shouldInterruptLoadForXFrameOptions(content, document.url(), requestIdentifier))
- return;
-
- ConsoleMessage* consoleMessage = ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel,
- "Refused to display '" + document.url().elidedString() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'.");
- consoleMessage->setRequestIdentifier(requestIdentifier);
- document.addConsoleMessage(consoleMessage);
-
- frame->loader().stopAllLoaders();
- // Stopping the loader isn't enough, as we're already parsing the document; to honor the header's
- // intent, we must navigate away from the possibly partially-rendered document to a location that
- // doesn't inherit the parent's SecurityOrigin.
- // TODO(dglazkov): This should probably check document lifecycle instead.
- if (document.frame())
- frame->navigate(document, SecurityOrigin::urlWithUniqueSecurityOrigin(), true, UserGestureStatus::None);
-}
-
} // namespace blink
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/meta-tag-http-refresh-x-frame-options.html ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698