Revert "Introduce AncestorThrottle, which will process 'X-Frame-Options' headers."

third_party/WebKit/Source/core/loader/FrameLoader.cpp

Index: third_party/WebKit/Source/core/loader/FrameLoader.cpp
diff --git a/third_party/WebKit/Source/core/loader/FrameLoader.cpp b/third_party/WebKit/Source/core/loader/FrameLoader.cpp
index 20e75c7471e8d09b8edc94fca8659cf1f219e9c2..b93eecb9ad75eef3c0318c98911c816ac76abbc9 100644
--- a/third_party/WebKit/Source/core/loader/FrameLoader.cpp
+++ b/third_party/WebKit/Source/core/loader/FrameLoader.cpp
@@ -879,7 +879,7 @@ static WebURLRequest::RequestContext determineRequestContextFromNavigationType(c
     case NavigationTypeReload:
         return WebURLRequest::RequestContextInternal;
     }
-    ASSERT_NOT_REACHED();
+    NOTREACHED();
     return WebURLRequest::RequestContextHyperlink;
 }
 
@@ -1460,6 +1460,53 @@ void FrameLoader::applyUserAgent(ResourceRequest& request)
     request.setHTTPUserAgent(AtomicString(userAgent));
 }
 
+bool FrameLoader::shouldInterruptLoadForXFrameOptions(const String& content, const KURL& url, unsigned long requestIdentifier)
+{
+    UseCounter::count(m_frame->domWindow()->document(), UseCounter::XFrameOptions);
+
+    Frame* topFrame = m_frame->tree().top();
+    if (m_frame == topFrame)
+        return false;
+
+    XFrameOptionsDisposition disposition = parseXFrameOptionsHeader(content);
+
+    switch (disposition) {
+    case XFrameOptionsSameOrigin: {
+        UseCounter::count(m_frame->domWindow()->document(), UseCounter::XFrameOptionsSameOrigin);
+        RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url);
+        // Out-of-process ancestors are always a different origin.
+        if (!topFrame->isLocalFrame() || !origin->isSameSchemeHostPort(toLocalFrame(topFrame)->document()->getSecurityOrigin()))
+            return true;
+        for (Frame* frame = m_frame->tree().parent(); frame; frame = frame->tree().parent()) {
+            if (!frame->isLocalFrame() || !origin->isSameSchemeHostPort(toLocalFrame(frame)->document()->getSecurityOrigin())) {
+                UseCounter::count(m_frame->domWindow()->document(), UseCounter::XFrameOptionsSameOriginWithBadAncestorChain);
+                break;
+            }
+        }
+        return false;
+    }
+    case XFrameOptionsDeny:
+        return true;
+    case XFrameOptionsAllowAll:
+        return false;
+    case XFrameOptionsConflict: {
+        ConsoleMessage* consoleMessage = ConsoleMessage::create(JSMessageSource, ErrorMessageLevel, "Multiple 'X-Frame-Options' headers with conflicting values ('" + content + "') encountered when loading '" + url.elidedString() + "'. Falling back to 'DENY'.");
+        consoleMessage->setRequestIdentifier(requestIdentifier);
+        m_frame->document()->addConsoleMessage(consoleMessage);
+        return true;
+    }
+    case XFrameOptionsInvalid: {
+        ConsoleMessage* consoleMessage = ConsoleMessage::create(JSMessageSource, ErrorMessageLevel, "Invalid 'X-Frame-Options' header encountered when loading '" + url.elidedString() + "': '" + content + "' is not a recognized directive. The header will be ignored.");
+        consoleMessage->setRequestIdentifier(requestIdentifier);
+        m_frame->document()->addConsoleMessage(consoleMessage);
+        return false;
+    }
+    default:
+        NOTREACHED();
+        return false;
+    }
+}
+
 bool FrameLoader::shouldTreatURLAsSameAsCurrent(const KURL& url) const
 {
     return m_currentItem && url == m_currentItem->url();