| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. |
| 3 * Copyright (C) 2011 Google Inc. All rights reserved. | 3 * Copyright (C) 2011 Google Inc. All rights reserved. |
| 4 * | 4 * |
| 5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
| 6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
| 7 * are met: | 7 * are met: |
| 8 * | 8 * |
| 9 * 1. Redistributions of source code must retain the above copyright | 9 * 1. Redistributions of source code must retain the above copyright |
| 10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
| (...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 100 , m_fetcher(FrameFetchContext::createContextAndFetcher(this, nullptr)) | 100 , m_fetcher(FrameFetchContext::createContextAndFetcher(this, nullptr)) |
| 101 , m_originalRequest(req) | 101 , m_originalRequest(req) |
| 102 , m_substituteData(substituteData) | 102 , m_substituteData(substituteData) |
| 103 , m_request(req) | 103 , m_request(req) |
| 104 , m_isClientRedirect(false) | 104 , m_isClientRedirect(false) |
| 105 , m_replacesCurrentHistoryItem(false) | 105 , m_replacesCurrentHistoryItem(false) |
| 106 , m_navigationType(NavigationTypeOther) | 106 , m_navigationType(NavigationTypeOther) |
| 107 , m_documentLoadTiming(*this) | 107 , m_documentLoadTiming(*this) |
| 108 , m_timeOfLastDataReceived(0.0) | 108 , m_timeOfLastDataReceived(0.0) |
| 109 , m_applicationCacheHost(ApplicationCacheHost::create(this)) | 109 , m_applicationCacheHost(ApplicationCacheHost::create(this)) |
| 110 , m_wasBlockedAfterCSP(false) | 110 , m_wasBlockedAfterXFrameOptionsOrCSP(false) |
| 111 , m_state(NotStarted) | 111 , m_state(NotStarted) |
| 112 , m_inDataReceived(false) | 112 , m_inDataReceived(false) |
| 113 , m_dataBuffer(SharedBuffer::create()) | 113 , m_dataBuffer(SharedBuffer::create()) |
| 114 { | 114 { |
| 115 } | 115 } |
| 116 | 116 |
| 117 FrameLoader* DocumentLoader::frameLoader() const | 117 FrameLoader* DocumentLoader::frameLoader() const |
| 118 { | 118 { |
| 119 if (!m_frame) | 119 if (!m_frame) |
| 120 return nullptr; | 120 return nullptr; |
| (...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 250 ASSERT(m_mainResource); | 250 ASSERT(m_mainResource); |
| 251 | 251 |
| 252 if (!m_mainResource->errorOccurred() && !m_mainResource->wasCanceled()) { | 252 if (!m_mainResource->errorOccurred() && !m_mainResource->wasCanceled()) { |
| 253 finishedLoading(m_mainResource->loadFinishTime()); | 253 finishedLoading(m_mainResource->loadFinishTime()); |
| 254 return; | 254 return; |
| 255 } | 255 } |
| 256 | 256 |
| 257 if (m_applicationCacheHost) | 257 if (m_applicationCacheHost) |
| 258 m_applicationCacheHost->failedLoadingMainResource(); | 258 m_applicationCacheHost->failedLoadingMainResource(); |
| 259 m_state = MainResourceDone; | 259 m_state = MainResourceDone; |
| 260 | |
| 261 // TODO(mkwst): Magic numbers bad. | |
| 262 if (m_mainResource->resourceError().errorCode() == -27) | |
| 263 InspectorInstrumentation::canceledAfterReceivedResourceResponse(m_frame,
this, mainResourceIdentifier(), resource->response(), m_mainResource.get()); | |
| 264 | |
| 265 frameLoader()->loadFailed(this, m_mainResource->resourceError()); | 260 frameLoader()->loadFailed(this, m_mainResource->resourceError()); |
| 266 clearMainResourceHandle(); | 261 clearMainResourceHandle(); |
| 267 } | 262 } |
| 268 | 263 |
| 269 void DocumentLoader::finishedLoading(double finishTime) | 264 void DocumentLoader::finishedLoading(double finishTime) |
| 270 { | 265 { |
| 271 ASSERT(!m_frame->page()->defersLoading() || InspectorInstrumentation::isDebu
ggerPaused(m_frame)); | 266 ASSERT(!m_frame->page()->defersLoading() || InspectorInstrumentation::isDebu
ggerPaused(m_frame)); |
| 272 | 267 |
| 273 double responseEndTime = finishTime; | 268 double responseEndTime = finishTime; |
| 274 if (!responseEndTime) | 269 if (!responseEndTime) |
| (...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 348 // Downloading is handled by the embedder, but we still get the initial | 343 // Downloading is handled by the embedder, but we still get the initial |
| 349 // response so that we can ignore it and clean up properly. | 344 // response so that we can ignore it and clean up properly. |
| 350 return false; | 345 return false; |
| 351 } | 346 } |
| 352 | 347 |
| 353 if (!canShowMIMEType(m_response.mimeType(), m_frame->page())) | 348 if (!canShowMIMEType(m_response.mimeType(), m_frame->page())) |
| 354 return false; | 349 return false; |
| 355 return true; | 350 return true; |
| 356 } | 351 } |
| 357 | 352 |
| 358 void DocumentLoader::cancelLoadAfterCSPDenied(const ResourceResponse& response) | 353 void DocumentLoader::cancelLoadAfterXFrameOptionsOrCSPDenied(const ResourceRespo
nse& response) |
| 359 { | 354 { |
| 360 InspectorInstrumentation::canceledAfterReceivedResourceResponse(m_frame, thi
s, mainResourceIdentifier(), response, m_mainResource.get()); | 355 InspectorInstrumentation::continueAfterXFrameOptionsDenied(m_frame, this, ma
inResourceIdentifier(), response, m_mainResource.get()); |
| 361 | 356 |
| 362 setWasBlockedAfterCSP(); | 357 setWasBlockedAfterXFrameOptionsOrCSP(); |
| 363 | 358 |
| 364 // Pretend that this was an empty HTTP 200 response. | 359 // Pretend that this was an empty HTTP 200 response. |
| 365 clearMainResourceHandle(); | 360 clearMainResourceHandle(); |
| 366 m_response = ResourceResponse(blankURL(), "text/html", 0, nullAtom, String()
); | 361 m_response = ResourceResponse(blankURL(), "text/html", 0, nullAtom, String()
); |
| 367 finishedLoading(monotonicallyIncreasingTime()); | 362 finishedLoading(monotonicallyIncreasingTime()); |
| 368 | 363 |
| 369 return; | 364 return; |
| 370 } | 365 } |
| 371 | 366 |
| 372 void DocumentLoader::responseReceived(Resource* resource, const ResourceResponse
& response, PassOwnPtr<WebDataConsumerHandle> handle) | 367 void DocumentLoader::responseReceived(Resource* resource, const ResourceResponse
& response, PassOwnPtr<WebDataConsumerHandle> handle) |
| 373 { | 368 { |
| 374 ASSERT_UNUSED(resource, m_mainResource == resource); | 369 ASSERT_UNUSED(resource, m_mainResource == resource); |
| 375 ASSERT_UNUSED(handle, !handle); | 370 ASSERT_UNUSED(handle, !handle); |
| 376 ASSERT(frame()); | 371 ASSERT(frame()); |
| 377 | 372 |
| 378 m_applicationCacheHost->didReceiveResponseForMainResource(response); | 373 m_applicationCacheHost->didReceiveResponseForMainResource(response); |
| 379 | 374 |
| 380 // The memory cache doesn't understand the application cache or its caching
rules. So if a main resource is served | 375 // The memory cache doesn't understand the application cache or its caching
rules. So if a main resource is served |
| 381 // from the application cache, ensure we don't save the result for future us
e. All responses loaded | 376 // from the application cache, ensure we don't save the result for future us
e. All responses loaded |
| 382 // from appcache will have a non-zero appCacheID(). | 377 // from appcache will have a non-zero appCacheID(). |
| 383 if (response.appCacheID()) | 378 if (response.appCacheID()) |
| 384 memoryCache()->remove(m_mainResource.get()); | 379 memoryCache()->remove(m_mainResource.get()); |
| 385 | 380 |
| 386 m_contentSecurityPolicy = ContentSecurityPolicy::create(); | 381 m_contentSecurityPolicy = ContentSecurityPolicy::create(); |
| 387 m_contentSecurityPolicy->setOverrideURLForSelf(response.url()); | 382 m_contentSecurityPolicy->setOverrideURLForSelf(response.url()); |
| 388 m_contentSecurityPolicy->didReceiveHeaders(ContentSecurityPolicyResponseHead
ers(response)); | 383 m_contentSecurityPolicy->didReceiveHeaders(ContentSecurityPolicyResponseHead
ers(response)); |
| 389 if (!m_contentSecurityPolicy->allowAncestors(m_frame, response.url())) { | 384 if (!m_contentSecurityPolicy->allowAncestors(m_frame, response.url())) { |
| 390 cancelLoadAfterCSPDenied(response); | 385 cancelLoadAfterXFrameOptionsOrCSPDenied(response); |
| 391 return; | 386 return; |
| 392 } | 387 } |
| 393 | 388 |
| 389 // 'frame-ancestors' obviates 'x-frame-options': https://w3c.github.io/webap
psec/specs/content-security-policy/#frame-ancestors-and-frame-options |
| 390 if (!m_contentSecurityPolicy->isFrameAncestorsEnforced()) { |
| 391 HTTPHeaderMap::const_iterator it = response.httpHeaderFields().find(HTTP
Names::X_Frame_Options); |
| 392 if (it != response.httpHeaderFields().end()) { |
| 393 String content = it->value; |
| 394 if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, resp
onse.url(), mainResourceIdentifier())) { |
| 395 String message = "Refused to display '" + response.url().elidedS
tring() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'."; |
| 396 ConsoleMessage* consoleMessage = ConsoleMessage::create(Security
MessageSource, ErrorMessageLevel, message); |
| 397 consoleMessage->setRequestIdentifier(mainResourceIdentifier()); |
| 398 frame()->document()->addConsoleMessage(consoleMessage); |
| 399 |
| 400 cancelLoadAfterXFrameOptionsOrCSPDenied(response); |
| 401 return; |
| 402 } |
| 403 } |
| 404 } |
| 405 |
| 394 ASSERT(!m_frame->page()->defersLoading()); | 406 ASSERT(!m_frame->page()->defersLoading()); |
| 395 | 407 |
| 396 m_response = response; | 408 m_response = response; |
| 397 | 409 |
| 398 if (isArchiveMIMEType(m_response.mimeType()) && m_mainResource->getDataBuffe
ringPolicy() != BufferData) | 410 if (isArchiveMIMEType(m_response.mimeType()) && m_mainResource->getDataBuffe
ringPolicy() != BufferData) |
| 399 m_mainResource->setDataBufferingPolicy(BufferData); | 411 m_mainResource->setDataBufferingPolicy(BufferData); |
| 400 | 412 |
| 401 if (!shouldContinueForResponse()) { | 413 if (!shouldContinueForResponse()) { |
| 402 InspectorInstrumentation::continueWithPolicyIgnore(m_frame, this, m_main
Resource->identifier(), m_response, m_mainResource.get()); | 414 InspectorInstrumentation::continueWithPolicyIgnore(m_frame, this, m_main
Resource->identifier(), m_response, m_mainResource.get()); |
| 403 m_fetcher->stopFetching(); | 415 m_fetcher->stopFetching(); |
| (...skipping 269 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 673 { | 685 { |
| 674 m_writer = createWriterFor(init, mimeType(), m_writer ? m_writer->encoding()
: emptyAtom, true, ForceSynchronousParsing); | 686 m_writer = createWriterFor(init, mimeType(), m_writer ? m_writer->encoding()
: emptyAtom, true, ForceSynchronousParsing); |
| 675 if (!source.isNull()) | 687 if (!source.isNull()) |
| 676 m_writer->appendReplacingData(source); | 688 m_writer->appendReplacingData(source); |
| 677 endWriting(m_writer.get()); | 689 endWriting(m_writer.get()); |
| 678 } | 690 } |
| 679 | 691 |
| 680 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); | 692 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); |
| 681 | 693 |
| 682 } // namespace blink | 694 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1988933003:
Revert "Introduce AncestorThrottle, which will process 'X-Frame-Options' headers." (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master