| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv
ed. | 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv
ed. |
| 3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) | 3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) |
| 4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t
orchmobile.com/) | 4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t
orchmobile.com/) |
| 5 * Copyright (C) 2008 Alp Toker <alp@atoker.com> | 5 * Copyright (C) 2008 Alp Toker <alp@atoker.com> |
| 6 * Copyright (C) Research In Motion Limited 2009. All rights reserved. | 6 * Copyright (C) Research In Motion Limited 2009. All rights reserved. |
| 7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> | 7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> |
| 8 * Copyright (C) 2011 Google Inc. All rights reserved. | 8 * Copyright (C) 2011 Google Inc. All rights reserved. |
| 9 * | 9 * |
| 10 * Redistribution and use in source and binary forms, with or without | 10 * Redistribution and use in source and binary forms, with or without |
| (...skipping 855 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 866 return WebURLRequest::RequestContextLocation; | 866 return WebURLRequest::RequestContextLocation; |
| 867 | 867 |
| 868 case NavigationTypeFormResubmitted: | 868 case NavigationTypeFormResubmitted: |
| 869 case NavigationTypeFormSubmitted: | 869 case NavigationTypeFormSubmitted: |
| 870 return WebURLRequest::RequestContextForm; | 870 return WebURLRequest::RequestContextForm; |
| 871 | 871 |
| 872 case NavigationTypeBackForward: | 872 case NavigationTypeBackForward: |
| 873 case NavigationTypeReload: | 873 case NavigationTypeReload: |
| 874 return WebURLRequest::RequestContextInternal; | 874 return WebURLRequest::RequestContextInternal; |
| 875 } | 875 } |
| 876 ASSERT_NOT_REACHED(); | 876 NOTREACHED(); |
| 877 return WebURLRequest::RequestContextHyperlink; | 877 return WebURLRequest::RequestContextHyperlink; |
| 878 } | 878 } |
| 879 | 879 |
| 880 static NavigationPolicy navigationPolicyForRequest(const FrameLoadRequest& reque
st) | 880 static NavigationPolicy navigationPolicyForRequest(const FrameLoadRequest& reque
st) |
| 881 { | 881 { |
| 882 NavigationPolicy policy = NavigationPolicyCurrentTab; | 882 NavigationPolicy policy = NavigationPolicyCurrentTab; |
| 883 Event* event = request.triggeringEvent(); | 883 Event* event = request.triggeringEvent(); |
| 884 if (!event) | 884 if (!event) |
| 885 return policy; | 885 return policy; |
| 886 | 886 |
| (...skipping 552 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1439 takeObjectSnapshot(); | 1439 takeObjectSnapshot(); |
| 1440 } | 1440 } |
| 1441 | 1441 |
| 1442 void FrameLoader::applyUserAgent(ResourceRequest& request) | 1442 void FrameLoader::applyUserAgent(ResourceRequest& request) |
| 1443 { | 1443 { |
| 1444 String userAgent = this->userAgent(); | 1444 String userAgent = this->userAgent(); |
| 1445 ASSERT(!userAgent.isNull()); | 1445 ASSERT(!userAgent.isNull()); |
| 1446 request.setHTTPUserAgent(AtomicString(userAgent)); | 1446 request.setHTTPUserAgent(AtomicString(userAgent)); |
| 1447 } | 1447 } |
| 1448 | 1448 |
| 1449 bool FrameLoader::shouldInterruptLoadForXFrameOptions(const String& content, con
st KURL& url, unsigned long requestIdentifier) |
| 1450 { |
| 1451 UseCounter::count(m_frame->domWindow()->document(), UseCounter::XFrameOption
s); |
| 1452 |
| 1453 Frame* topFrame = m_frame->tree().top(); |
| 1454 if (m_frame == topFrame) |
| 1455 return false; |
| 1456 |
| 1457 XFrameOptionsDisposition disposition = parseXFrameOptionsHeader(content); |
| 1458 |
| 1459 switch (disposition) { |
| 1460 case XFrameOptionsSameOrigin: { |
| 1461 UseCounter::count(m_frame->domWindow()->document(), UseCounter::XFrameOp
tionsSameOrigin); |
| 1462 RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url); |
| 1463 // Out-of-process ancestors are always a different origin. |
| 1464 if (!topFrame->isLocalFrame() || !origin->isSameSchemeHostPort(toLocalFr
ame(topFrame)->document()->getSecurityOrigin())) |
| 1465 return true; |
| 1466 for (Frame* frame = m_frame->tree().parent(); frame; frame = frame->tree
().parent()) { |
| 1467 if (!frame->isLocalFrame() || !origin->isSameSchemeHostPort(toLocalF
rame(frame)->document()->getSecurityOrigin())) { |
| 1468 UseCounter::count(m_frame->domWindow()->document(), UseCounter::
XFrameOptionsSameOriginWithBadAncestorChain); |
| 1469 break; |
| 1470 } |
| 1471 } |
| 1472 return false; |
| 1473 } |
| 1474 case XFrameOptionsDeny: |
| 1475 return true; |
| 1476 case XFrameOptionsAllowAll: |
| 1477 return false; |
| 1478 case XFrameOptionsConflict: { |
| 1479 ConsoleMessage* consoleMessage = ConsoleMessage::create(JSMessageSource,
ErrorMessageLevel, "Multiple 'X-Frame-Options' headers with conflicting values
('" + content + "') encountered when loading '" + url.elidedString() + "'. Falli
ng back to 'DENY'."); |
| 1480 consoleMessage->setRequestIdentifier(requestIdentifier); |
| 1481 m_frame->document()->addConsoleMessage(consoleMessage); |
| 1482 return true; |
| 1483 } |
| 1484 case XFrameOptionsInvalid: { |
| 1485 ConsoleMessage* consoleMessage = ConsoleMessage::create(JSMessageSource,
ErrorMessageLevel, "Invalid 'X-Frame-Options' header encountered when loading '
" + url.elidedString() + "': '" + content + "' is not a recognized directive. Th
e header will be ignored."); |
| 1486 consoleMessage->setRequestIdentifier(requestIdentifier); |
| 1487 m_frame->document()->addConsoleMessage(consoleMessage); |
| 1488 return false; |
| 1489 } |
| 1490 default: |
| 1491 NOTREACHED(); |
| 1492 return false; |
| 1493 } |
| 1494 } |
| 1495 |
| 1449 bool FrameLoader::shouldTreatURLAsSameAsCurrent(const KURL& url) const | 1496 bool FrameLoader::shouldTreatURLAsSameAsCurrent(const KURL& url) const |
| 1450 { | 1497 { |
| 1451 return m_currentItem && url == m_currentItem->url(); | 1498 return m_currentItem && url == m_currentItem->url(); |
| 1452 } | 1499 } |
| 1453 | 1500 |
| 1454 bool FrameLoader::shouldTreatURLAsSrcdocDocument(const KURL& url) const | 1501 bool FrameLoader::shouldTreatURLAsSrcdocDocument(const KURL& url) const |
| 1455 { | 1502 { |
| 1456 if (!url.isAboutSrcdocURL()) | 1503 if (!url.isAboutSrcdocURL()) |
| 1457 return false; | 1504 return false; |
| 1458 HTMLFrameOwnerElement* ownerElement = m_frame->deprecatedLocalOwner(); | 1505 HTMLFrameOwnerElement* ownerElement = m_frame->deprecatedLocalOwner(); |
| (...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1564 tracedValue->setString("documentLoaderURL", m_documentLoader ? m_documentLoa
der->url() : String()); | 1611 tracedValue->setString("documentLoaderURL", m_documentLoader ? m_documentLoa
der->url() : String()); |
| 1565 return tracedValue; | 1612 return tracedValue; |
| 1566 } | 1613 } |
| 1567 | 1614 |
| 1568 inline void FrameLoader::takeObjectSnapshot() const | 1615 inline void FrameLoader::takeObjectSnapshot() const |
| 1569 { | 1616 { |
| 1570 TRACE_EVENT_OBJECT_SNAPSHOT_WITH_ID("loading", "FrameLoader", this, toTraced
Value()); | 1617 TRACE_EVENT_OBJECT_SNAPSHOT_WITH_ID("loading", "FrameLoader", this, toTraced
Value()); |
| 1571 } | 1618 } |
| 1572 | 1619 |
| 1573 } // namespace blink | 1620 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1988933003:
Revert "Introduce AncestorThrottle, which will process 'X-Frame-Options' headers." (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master