OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv
ed. | 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv
ed. |
3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) | 3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) |
4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t
orchmobile.com/) | 4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t
orchmobile.com/) |
5 * Copyright (C) 2008 Alp Toker <alp@atoker.com> | 5 * Copyright (C) 2008 Alp Toker <alp@atoker.com> |
6 * Copyright (C) Research In Motion Limited 2009. All rights reserved. | 6 * Copyright (C) Research In Motion Limited 2009. All rights reserved. |
7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> | 7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> |
8 * Copyright (C) 2011 Google Inc. All rights reserved. | 8 * Copyright (C) 2011 Google Inc. All rights reserved. |
9 * | 9 * |
10 * Redistribution and use in source and binary forms, with or without | 10 * Redistribution and use in source and binary forms, with or without |
(...skipping 418 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
429 historyCommitType = HistoryInertCommit; | 429 historyCommitType = HistoryInertCommit; |
430 else if (historyCommitType == InitialCommitInChildFrame && MixedContentCheck
er::isMixedContent(m_frame->tree().top()->securityContext()->getSecurityOrigin()
, m_documentLoader->url())) | 430 else if (historyCommitType == InitialCommitInChildFrame && MixedContentCheck
er::isMixedContent(m_frame->tree().top()->securityContext()->getSecurityOrigin()
, m_documentLoader->url())) |
431 historyCommitType = HistoryInertCommit; | 431 historyCommitType = HistoryInertCommit; |
432 setHistoryItemStateForCommit(historyCommitType, HistoryNavigationType::Diffe
rentDocument); | 432 setHistoryItemStateForCommit(historyCommitType, HistoryNavigationType::Diffe
rentDocument); |
433 | 433 |
434 if (!m_stateMachine.committedMultipleRealLoads() && m_loadType == FrameLoadT
ypeStandard) | 434 if (!m_stateMachine.committedMultipleRealLoads() && m_loadType == FrameLoadT
ypeStandard) |
435 m_stateMachine.advanceTo(FrameLoaderStateMachine::CommittedMultipleRealL
oads); | 435 m_stateMachine.advanceTo(FrameLoaderStateMachine::CommittedMultipleRealL
oads); |
436 | 436 |
437 client()->dispatchDidCommitLoad(m_currentItem.get(), historyCommitType); | 437 client()->dispatchDidCommitLoad(m_currentItem.get(), historyCommitType); |
438 | 438 |
| 439 // When the embedder gets notified (above) that the new navigation has |
| 440 // committed, the embedder will drop the old Content Security Policy and |
| 441 // therefore now is a good time to report to the embedder the Content |
| 442 // Security Policies that have accumulated so far for the new navigation. |
| 443 m_frame->securityContext()->contentSecurityPolicy()->reportAccumulatedHeader
s(client()); |
| 444 |
439 // didObserveLoadingBehavior() must be called after dispatchDidCommitLoad()
is called for the metrics tracking logic to handle it properly. | 445 // didObserveLoadingBehavior() must be called after dispatchDidCommitLoad()
is called for the metrics tracking logic to handle it properly. |
440 if (client()->isControlledByServiceWorker(*m_documentLoader)) | 446 if (client()->isControlledByServiceWorker(*m_documentLoader)) |
441 client()->didObserveLoadingBehavior(WebLoadingBehaviorServiceWorkerContr
olled); | 447 client()->didObserveLoadingBehavior(WebLoadingBehaviorServiceWorkerContr
olled); |
442 | 448 |
443 TRACE_EVENT1("devtools.timeline", "CommitLoad", "data", InspectorCommitLoadE
vent::data(m_frame)); | 449 TRACE_EVENT1("devtools.timeline", "CommitLoad", "data", InspectorCommitLoadE
vent::data(m_frame)); |
444 InspectorInstrumentation::didCommitLoad(m_frame, m_documentLoader.get()); | 450 InspectorInstrumentation::didCommitLoad(m_frame, m_documentLoader.get()); |
445 m_frame->page()->didCommitLoad(m_frame); | 451 m_frame->page()->didCommitLoad(m_frame); |
446 dispatchDidClearDocumentOfWindowObject(); | 452 dispatchDidClearDocumentOfWindowObject(); |
447 | 453 |
448 takeObjectSnapshot(); | 454 takeObjectSnapshot(); |
(...skipping 903 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1352 bool FrameLoader::shouldContinueForNavigationPolicy(const ResourceRequest& reque
st, const SubstituteData& substituteData, | 1358 bool FrameLoader::shouldContinueForNavigationPolicy(const ResourceRequest& reque
st, const SubstituteData& substituteData, |
1353 DocumentLoader* loader, ContentSecurityPolicyDisposition shouldCheckMainWorl
dContentSecurityPolicy, | 1359 DocumentLoader* loader, ContentSecurityPolicyDisposition shouldCheckMainWorl
dContentSecurityPolicy, |
1354 NavigationType type, NavigationPolicy policy, bool replacesCurrentHistoryIte
m, bool isClientRedirect) | 1360 NavigationType type, NavigationPolicy policy, bool replacesCurrentHistoryIte
m, bool isClientRedirect) |
1355 { | 1361 { |
1356 // Don't ask if we are loading an empty URL. | 1362 // Don't ask if we are loading an empty URL. |
1357 if (request.url().isEmpty() || substituteData.isValid()) | 1363 if (request.url().isEmpty() || substituteData.isValid()) |
1358 return true; | 1364 return true; |
1359 | 1365 |
1360 // If we're loading content into a subframe, check against the parent's Cont
ent Security Policy | 1366 // If we're loading content into a subframe, check against the parent's Cont
ent Security Policy |
1361 // and kill the load if that check fails, unless we should bypass the main w
orld's CSP. | 1367 // and kill the load if that check fails, unless we should bypass the main w
orld's CSP. |
1362 // FIXME: CSP checks are broken for OOPI. For now, this policy always allows
frames with a remote parent... | 1368 if (shouldCheckMainWorldContentSecurityPolicy == CheckContentSecurityPolicy)
{ |
1363 if ((shouldCheckMainWorldContentSecurityPolicy == CheckContentSecurityPolicy
) && (m_frame->deprecatedLocalOwner() && !m_frame->deprecatedLocalOwner()->docum
ent().contentSecurityPolicy()->allowChildFrameFromSource(request.url(), request.
followedRedirect() ? ContentSecurityPolicy::DidRedirect : ContentSecurityPolicy:
:DidNotRedirect))) { | 1369 Frame* parentFrame = m_frame->tree().parent(); |
1364 // Fire a load event, as timing attacks would otherwise reveal that the | 1370 if (parentFrame) { |
1365 // frame was blocked. This way, it looks like every other cross-origin | 1371 ContentSecurityPolicy* parentPolicy = parentFrame->securityContext()
->contentSecurityPolicy(); |
1366 // page load. | 1372 ContentSecurityPolicy::RedirectStatus redirectStatus = request.follo
wedRedirect() |
1367 m_frame->document()->enforceSandboxFlags(SandboxOrigin); | 1373 ? ContentSecurityPolicy::DidRedirect |
1368 m_frame->owner()->dispatchLoad(); | 1374 : ContentSecurityPolicy::DidNotRedirect; |
1369 return false; | 1375 if (!parentPolicy->allowChildFrameFromSource(request.url(), redirect
Status)) { |
| 1376 // Fire a load event, as timing attacks would otherwise reveal t
hat the |
| 1377 // frame was blocked. This way, it looks like every other cross-
origin |
| 1378 // page load. |
| 1379 m_frame->document()->enforceSandboxFlags(SandboxOrigin); |
| 1380 m_frame->owner()->dispatchLoad(); |
| 1381 return false; |
| 1382 } |
| 1383 } |
1370 } | 1384 } |
1371 | 1385 |
1372 bool isFormSubmission = type == NavigationTypeFormSubmitted || type == Navig
ationTypeFormResubmitted; | 1386 bool isFormSubmission = type == NavigationTypeFormSubmitted || type == Navig
ationTypeFormResubmitted; |
1373 if (isFormSubmission && !m_frame->document()->contentSecurityPolicy()->allow
FormAction(request.url())) | 1387 if (isFormSubmission && !m_frame->document()->contentSecurityPolicy()->allow
FormAction(request.url())) |
1374 return false; | 1388 return false; |
1375 | 1389 |
1376 policy = client()->decidePolicyForNavigation(request, loader, type, policy,
replacesCurrentHistoryItem, isClientRedirect); | 1390 policy = client()->decidePolicyForNavigation(request, loader, type, policy,
replacesCurrentHistoryItem, isClientRedirect); |
1377 if (policy == NavigationPolicyCurrentTab) | 1391 if (policy == NavigationPolicyCurrentTab) |
1378 return true; | 1392 return true; |
1379 if (policy == NavigationPolicyIgnore) | 1393 if (policy == NavigationPolicyIgnore) |
(...skipping 184 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1564 tracedValue->setString("documentLoaderURL", m_documentLoader ? m_documentLoa
der->url() : String()); | 1578 tracedValue->setString("documentLoaderURL", m_documentLoader ? m_documentLoa
der->url() : String()); |
1565 return tracedValue; | 1579 return tracedValue; |
1566 } | 1580 } |
1567 | 1581 |
1568 inline void FrameLoader::takeObjectSnapshot() const | 1582 inline void FrameLoader::takeObjectSnapshot() const |
1569 { | 1583 { |
1570 TRACE_EVENT_OBJECT_SNAPSHOT_WITH_ID("loading", "FrameLoader", this, toTraced
Value()); | 1584 TRACE_EVENT_OBJECT_SNAPSHOT_WITH_ID("loading", "FrameLoader", this, toTraced
Value()); |
1571 } | 1585 } |
1572 | 1586 |
1573 } // namespace blink | 1587 } // namespace blink |
OLD | NEW |