Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1088)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/loader/FrameLoader.cpp

Issue 1957783002: Replicate Content-Security-Policy into remote frame proxies. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp ('K') | « third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp ('k') | third_party/WebKit/Source/core/loader/FrameLoaderClient.h » ('j') | third_party/WebKit/Source/core/loader/FrameLoaderClient.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv ed. 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv ed.
3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) 3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/) 4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/)
5 * Copyright (C) 2008 Alp Toker <alp@atoker.com> 5 * Copyright (C) 2008 Alp Toker <alp@atoker.com>
6 * Copyright (C) Research In Motion Limited 2009. All rights reserved. 6 * Copyright (C) Research In Motion Limited 2009. All rights reserved.
7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> 7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com>
8 * Copyright (C) 2011 Google Inc. All rights reserved. 8 * Copyright (C) 2011 Google Inc. All rights reserved.
9 * 9 *
10 * Redistribution and use in source and binary forms, with or without 10 * Redistribution and use in source and binary forms, with or without
(...skipping 1328 matching lines...) Expand 10 before | Expand all | Expand 10 after
1339 bool FrameLoader::shouldContinueForNavigationPolicy(const ResourceRequest& reque st, const SubstituteData& substituteData, 1339 bool FrameLoader::shouldContinueForNavigationPolicy(const ResourceRequest& reque st, const SubstituteData& substituteData,
1340 DocumentLoader* loader, ContentSecurityPolicyDisposition shouldCheckMainWorl dContentSecurityPolicy, 1340 DocumentLoader* loader, ContentSecurityPolicyDisposition shouldCheckMainWorl dContentSecurityPolicy,
1341 NavigationType type, NavigationPolicy policy, bool replacesCurrentHistoryIte m, bool isClientRedirect) 1341 NavigationType type, NavigationPolicy policy, bool replacesCurrentHistoryIte m, bool isClientRedirect)
1342 { 1342 {
1343 // Don't ask if we are loading an empty URL. 1343 // Don't ask if we are loading an empty URL.
1344 if (request.url().isEmpty() || substituteData.isValid()) 1344 if (request.url().isEmpty() || substituteData.isValid())
1345 return true; 1345 return true;
1346 1346
1347 // If we're loading content into a subframe, check against the parent's Cont ent Security Policy 1347 // If we're loading content into a subframe, check against the parent's Cont ent Security Policy
1348 // and kill the load if that check fails, unless we should bypass the main w orld's CSP. 1348 // and kill the load if that check fails, unless we should bypass the main w orld's CSP.
1349 // FIXME: CSP checks are broken for OOPI. For now, this policy always allows frames with a remote parent... 1349 if (shouldCheckMainWorldContentSecurityPolicy == CheckContentSecurityPolicy) {
1350 if ((shouldCheckMainWorldContentSecurityPolicy == CheckContentSecurityPolicy ) && (m_frame->deprecatedLocalOwner() && !m_frame->deprecatedLocalOwner()->docum ent().contentSecurityPolicy()->allowChildFrameFromSource(request.url(), request. followedRedirect() ? ContentSecurityPolicy::DidRedirect : ContentSecurityPolicy: :DidNotRedirect))) { 1350 Frame* parentFrame = m_frame->tree().parent();
1351 // Fire a load event, as timing attacks would otherwise reveal that the 1351 if (parentFrame) {
1352 // frame was blocked. This way, it looks like every other cross-origin 1352 ContentSecurityPolicy* parentPolicy = parentFrame->securityContext() ->contentSecurityPolicy();
1353 // page load. 1353 ContentSecurityPolicy::RedirectStatus redirectStatus = request.follo wedRedirect()
1354 m_frame->document()->enforceSandboxFlags(SandboxOrigin); 1354 ? ContentSecurityPolicy::DidRedirect
1355 m_frame->owner()->dispatchLoad(); 1355 : ContentSecurityPolicy::DidNotRedirect;
1356 return false; 1356 if (!parentPolicy->allowChildFrameFromSource(request.url(), redirect Status)) {
1357 // Fire a load event, as timing attacks would otherwise reveal t hat the
1358 // frame was blocked. This way, it looks like every other cross- origin
1359 // page load.
1360 m_frame->document()->enforceSandboxFlags(SandboxOrigin);
1361 m_frame->owner()->dispatchLoad();
1362 return false;
1363 }
1364 }
1357 } 1365 }
1358 1366
1367
alexmos 2016/05/11 19:46:41 nit: unnecessary blank line.
Łukasz Anforowicz 2016/05/11 23:14:48 Done.
1359 bool isFormSubmission = type == NavigationTypeFormSubmitted || type == Navig ationTypeFormResubmitted; 1368 bool isFormSubmission = type == NavigationTypeFormSubmitted || type == Navig ationTypeFormResubmitted;
1360 if (isFormSubmission && !m_frame->document()->contentSecurityPolicy()->allow FormAction(request.url())) 1369 if (isFormSubmission && !m_frame->document()->contentSecurityPolicy()->allow FormAction(request.url()))
1361 return false; 1370 return false;
1362 1371
1363 policy = client()->decidePolicyForNavigation(request, loader, type, policy, replacesCurrentHistoryItem, isClientRedirect); 1372 policy = client()->decidePolicyForNavigation(request, loader, type, policy, replacesCurrentHistoryItem, isClientRedirect);
1364 if (policy == NavigationPolicyCurrentTab) 1373 if (policy == NavigationPolicyCurrentTab)
1365 return true; 1374 return true;
1366 if (policy == NavigationPolicyIgnore) 1375 if (policy == NavigationPolicyIgnore)
1367 return false; 1376 return false;
1368 if (policy == NavigationPolicyHandledByClient) { 1377 if (policy == NavigationPolicyHandledByClient) {
(...skipping 209 matching lines...) Expand 10 before | Expand all | Expand 10 after
1578 // FIXME: We need a way to propagate insecure requests policy flags to 1587 // FIXME: We need a way to propagate insecure requests policy flags to
1579 // out-of-process frames. For now, we'll always use default behavior. 1588 // out-of-process frames. For now, we'll always use default behavior.
1580 if (!parentFrame->isLocalFrame()) 1589 if (!parentFrame->isLocalFrame())
1581 return nullptr; 1590 return nullptr;
1582 1591
1583 ASSERT(toLocalFrame(parentFrame)->document()); 1592 ASSERT(toLocalFrame(parentFrame)->document());
1584 return toLocalFrame(parentFrame)->document()->insecureNavigationsToUpgrade() ; 1593 return toLocalFrame(parentFrame)->document()->insecureNavigationsToUpgrade() ;
1585 } 1594 }
1586 1595
1587 } // namespace blink 1596 } // namespace blink
OLDNEW
« third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp ('K') | « third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp ('k') | third_party/WebKit/Source/core/loader/FrameLoaderClient.h » ('j') | third_party/WebKit/Source/core/loader/FrameLoaderClient.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698