| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) | 2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) |
| 3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) | 3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) |
| 4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) | 4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) |
| 5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All
rights reserved. | 5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All
rights reserved. |
| 6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ | 6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ |
| 7 | 7 |
| 8 This library is free software; you can redistribute it and/or | 8 This library is free software; you can redistribute it and/or |
| 9 modify it under the terms of the GNU Library General Public | 9 modify it under the terms of the GNU Library General Public |
| 10 License as published by the Free Software Foundation; either | 10 License as published by the Free Software Foundation; either |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 86 case CachedResource::XSLStyleSheet: | 86 case CachedResource::XSLStyleSheet: |
| 87 return new CachedXSLStyleSheet(request); | 87 return new CachedXSLStyleSheet(request); |
| 88 case CachedResource::LinkPrefetch: | 88 case CachedResource::LinkPrefetch: |
| 89 return new CachedResource(request, CachedResource::LinkPrefetch); | 89 return new CachedResource(request, CachedResource::LinkPrefetch); |
| 90 case CachedResource::LinkSubresource: | 90 case CachedResource::LinkSubresource: |
| 91 return new CachedResource(request, CachedResource::LinkSubresource); | 91 return new CachedResource(request, CachedResource::LinkSubresource); |
| 92 case CachedResource::TextTrackResource: | 92 case CachedResource::TextTrackResource: |
| 93 return new CachedTextTrack(request); | 93 return new CachedTextTrack(request); |
| 94 case CachedResource::ShaderResource: | 94 case CachedResource::ShaderResource: |
| 95 return new CachedShader(request); | 95 return new CachedShader(request); |
| 96 case CachedResource::ImportResource: |
| 97 return new CachedRawResource(request, type); |
| 96 } | 98 } |
| 99 |
| 97 ASSERT_NOT_REACHED(); | 100 ASSERT_NOT_REACHED(); |
| 98 return 0; | 101 return 0; |
| 99 } | 102 } |
| 100 | 103 |
| 101 static ResourceLoadPriority loadPriority(CachedResource::Type type, const Cached
ResourceRequest& request) | 104 static ResourceLoadPriority loadPriority(CachedResource::Type type, const Cached
ResourceRequest& request) |
| 102 { | 105 { |
| 103 if (request.priority() != ResourceLoadPriorityUnresolved) | 106 if (request.priority() != ResourceLoadPriorityUnresolved) |
| 104 return request.priority(); | 107 return request.priority(); |
| 105 | 108 |
| 106 switch (type) { | 109 switch (type) { |
| 107 case CachedResource::MainResource: | 110 case CachedResource::MainResource: |
| 108 return ResourceLoadPriorityVeryHigh; | 111 return ResourceLoadPriorityVeryHigh; |
| 109 case CachedResource::CSSStyleSheet: | 112 case CachedResource::CSSStyleSheet: |
| 110 return ResourceLoadPriorityHigh; | 113 return ResourceLoadPriorityHigh; |
| 111 case CachedResource::Script: | 114 case CachedResource::Script: |
| 112 case CachedResource::FontResource: | 115 case CachedResource::FontResource: |
| 113 case CachedResource::RawResource: | 116 case CachedResource::RawResource: |
| 117 case CachedResource::ImportResource: |
| 114 return ResourceLoadPriorityMedium; | 118 return ResourceLoadPriorityMedium; |
| 115 case CachedResource::ImageResource: | 119 case CachedResource::ImageResource: |
| 116 return request.forPreload() ? ResourceLoadPriorityVeryLow : ResourceLoad
PriorityLow; | 120 return request.forPreload() ? ResourceLoadPriorityVeryLow : ResourceLoad
PriorityLow; |
| 117 case CachedResource::XSLStyleSheet: | 121 case CachedResource::XSLStyleSheet: |
| 118 return ResourceLoadPriorityHigh; | 122 return ResourceLoadPriorityHigh; |
| 119 case CachedResource::SVGDocumentResource: | 123 case CachedResource::SVGDocumentResource: |
| 120 return ResourceLoadPriorityLow; | 124 return ResourceLoadPriorityLow; |
| 121 case CachedResource::LinkPrefetch: | 125 case CachedResource::LinkPrefetch: |
| 122 return ResourceLoadPriorityVeryLow; | 126 return ResourceLoadPriorityVeryLow; |
| 123 case CachedResource::LinkSubresource: | 127 case CachedResource::LinkSubresource: |
| (...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 229 CachedResourceHandle<CachedTextTrack> CachedResourceLoader::requestTextTrack(Cac
hedResourceRequest& request) | 233 CachedResourceHandle<CachedTextTrack> CachedResourceLoader::requestTextTrack(Cac
hedResourceRequest& request) |
| 230 { | 234 { |
| 231 return static_cast<CachedTextTrack*>(requestResource(CachedResource::TextTra
ckResource, request).get()); | 235 return static_cast<CachedTextTrack*>(requestResource(CachedResource::TextTra
ckResource, request).get()); |
| 232 } | 236 } |
| 233 | 237 |
| 234 CachedResourceHandle<CachedShader> CachedResourceLoader::requestShader(CachedRes
ourceRequest& request) | 238 CachedResourceHandle<CachedShader> CachedResourceLoader::requestShader(CachedRes
ourceRequest& request) |
| 235 { | 239 { |
| 236 return static_cast<CachedShader*>(requestResource(CachedResource::ShaderReso
urce, request).get()); | 240 return static_cast<CachedShader*>(requestResource(CachedResource::ShaderReso
urce, request).get()); |
| 237 } | 241 } |
| 238 | 242 |
| 243 CachedResourceHandle<CachedRawResource> CachedResourceLoader::requestImport(Cach
edResourceRequest& request) |
| 244 { |
| 245 return static_cast<CachedRawResource*>(requestResource(CachedResource::Impor
tResource, request).get()); |
| 246 } |
| 247 |
| 239 CachedResourceHandle<CachedCSSStyleSheet> CachedResourceLoader::requestCSSStyleS
heet(CachedResourceRequest& request) | 248 CachedResourceHandle<CachedCSSStyleSheet> CachedResourceLoader::requestCSSStyleS
heet(CachedResourceRequest& request) |
| 240 { | 249 { |
| 241 return static_cast<CachedCSSStyleSheet*>(requestResource(CachedResource::CSS
StyleSheet, request).get()); | 250 return static_cast<CachedCSSStyleSheet*>(requestResource(CachedResource::CSS
StyleSheet, request).get()); |
| 242 } | 251 } |
| 243 | 252 |
| 244 CachedResourceHandle<CachedCSSStyleSheet> CachedResourceLoader::requestUserCSSSt
yleSheet(CachedResourceRequest& request) | 253 CachedResourceHandle<CachedCSSStyleSheet> CachedResourceLoader::requestUserCSSSt
yleSheet(CachedResourceRequest& request) |
| 245 { | 254 { |
| 246 KURL url = MemoryCache::removeFragmentIdentifierIfNeeded(request.resourceReq
uest().url()); | 255 KURL url = MemoryCache::removeFragmentIdentifierIfNeeded(request.resourceReq
uest().url()); |
| 247 | 256 |
| 248 if (CachedResource* existing = memoryCache()->resourceForURL(url)) { | 257 if (CachedResource* existing = memoryCache()->resourceForURL(url)) { |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 287 return static_cast<CachedRawResource*>(requestResource(CachedResource::MainR
esource, request).get()); | 296 return static_cast<CachedRawResource*>(requestResource(CachedResource::MainR
esource, request).get()); |
| 288 } | 297 } |
| 289 | 298 |
| 290 bool CachedResourceLoader::checkInsecureContent(CachedResource::Type type, const
KURL& url) const | 299 bool CachedResourceLoader::checkInsecureContent(CachedResource::Type type, const
KURL& url) const |
| 291 { | 300 { |
| 292 switch (type) { | 301 switch (type) { |
| 293 case CachedResource::Script: | 302 case CachedResource::Script: |
| 294 case CachedResource::XSLStyleSheet: | 303 case CachedResource::XSLStyleSheet: |
| 295 case CachedResource::SVGDocumentResource: | 304 case CachedResource::SVGDocumentResource: |
| 296 case CachedResource::CSSStyleSheet: | 305 case CachedResource::CSSStyleSheet: |
| 306 case CachedResource::ImportResource: |
| 297 // These resource can inject script into the current document (Script, | 307 // These resource can inject script into the current document (Script, |
| 298 // XSL) or exfiltrate the content of the current document (CSS). | 308 // XSL) or exfiltrate the content of the current document (CSS). |
| 299 if (Frame* f = frame()) | 309 if (Frame* f = frame()) |
| 300 if (!f->loader()->mixedContentChecker()->canRunInsecureContent(m_doc
ument->securityOrigin(), url)) | 310 if (!f->loader()->mixedContentChecker()->canRunInsecureContent(m_doc
ument->securityOrigin(), url)) |
| 301 return false; | 311 return false; |
| 302 break; | 312 break; |
| 303 case CachedResource::TextTrackResource: | 313 case CachedResource::TextTrackResource: |
| 304 case CachedResource::ShaderResource: | 314 case CachedResource::ShaderResource: |
| 305 case CachedResource::RawResource: | 315 case CachedResource::RawResource: |
| 306 case CachedResource::ImageResource: | 316 case CachedResource::ImageResource: |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 341 case CachedResource::MainResource: | 351 case CachedResource::MainResource: |
| 342 case CachedResource::ImageResource: | 352 case CachedResource::ImageResource: |
| 343 case CachedResource::CSSStyleSheet: | 353 case CachedResource::CSSStyleSheet: |
| 344 case CachedResource::Script: | 354 case CachedResource::Script: |
| 345 case CachedResource::FontResource: | 355 case CachedResource::FontResource: |
| 346 case CachedResource::RawResource: | 356 case CachedResource::RawResource: |
| 347 case CachedResource::LinkPrefetch: | 357 case CachedResource::LinkPrefetch: |
| 348 case CachedResource::LinkSubresource: | 358 case CachedResource::LinkSubresource: |
| 349 case CachedResource::TextTrackResource: | 359 case CachedResource::TextTrackResource: |
| 350 case CachedResource::ShaderResource: | 360 case CachedResource::ShaderResource: |
| 361 case CachedResource::ImportResource: |
| 351 // By default these types of resources can be loaded from any origin. | 362 // By default these types of resources can be loaded from any origin. |
| 352 // FIXME: Are we sure about CachedResource::FontResource? | 363 // FIXME: Are we sure about CachedResource::FontResource? |
| 353 if (options.requestOriginPolicy == RestrictToSameOrigin && !m_document->
securityOrigin()->canRequest(url)) { | 364 if (options.requestOriginPolicy == RestrictToSameOrigin && !m_document->
securityOrigin()->canRequest(url)) { |
| 354 printAccessDeniedMessage(url); | 365 printAccessDeniedMessage(url); |
| 355 return false; | 366 return false; |
| 356 } | 367 } |
| 357 break; | 368 break; |
| 358 case CachedResource::SVGDocumentResource: | 369 case CachedResource::SVGDocumentResource: |
| 359 case CachedResource::XSLStyleSheet: | 370 case CachedResource::XSLStyleSheet: |
| 360 if (!m_document->securityOrigin()->canRequest(url)) { | 371 if (!m_document->securityOrigin()->canRequest(url)) { |
| 361 printAccessDeniedMessage(url); | 372 printAccessDeniedMessage(url); |
| 362 return false; | 373 return false; |
| 363 } | 374 } |
| 364 break; | 375 break; |
| 365 } | 376 } |
| 366 | 377 |
| 367 switch (type) { | 378 switch (type) { |
| 368 case CachedResource::XSLStyleSheet: | 379 case CachedResource::XSLStyleSheet: |
| 369 if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentS
ecurityPolicy()->allowScriptFromSource(url)) | 380 if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentS
ecurityPolicy()->allowScriptFromSource(url)) |
| 370 return false; | 381 return false; |
| 371 break; | 382 break; |
| 372 case CachedResource::Script: | 383 case CachedResource::Script: |
| 384 case CachedResource::ImportResource: |
| 373 if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentS
ecurityPolicy()->allowScriptFromSource(url)) | 385 if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentS
ecurityPolicy()->allowScriptFromSource(url)) |
| 374 return false; | 386 return false; |
| 375 | 387 |
| 376 if (frame()) { | 388 if (frame()) { |
| 377 Settings* settings = frame()->settings(); | 389 Settings* settings = frame()->settings(); |
| 378 if (!frame()->loader()->client()->allowScriptFromSource(!settings ||
settings->isScriptEnabled(), url)) { | 390 if (!frame()->loader()->client()->allowScriptFromSource(!settings ||
settings->isScriptEnabled(), url)) { |
| 379 frame()->loader()->client()->didNotAllowScript(); | 391 frame()->loader()->client()->didNotAllowScript(); |
| 380 return false; | 392 return false; |
| 381 } | 393 } |
| 382 } | 394 } |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 423 | 435 |
| 424 bool CachedResourceLoader::canAccess(CachedResource* resource) | 436 bool CachedResourceLoader::canAccess(CachedResource* resource) |
| 425 { | 437 { |
| 426 // Redirects can change the response URL different from one of request. | 438 // Redirects can change the response URL different from one of request. |
| 427 if (!canRequest(resource->type(), resource->response().url(), resource->opti
ons(), false)) | 439 if (!canRequest(resource->type(), resource->response().url(), resource->opti
ons(), false)) |
| 428 return false; | 440 return false; |
| 429 | 441 |
| 430 String error; | 442 String error; |
| 431 switch (resource->type()) { | 443 switch (resource->type()) { |
| 432 case CachedResource::Script: | 444 case CachedResource::Script: |
| 433 case CachedResource::RawResource: | 445 case CachedResource::ImportResource: |
| 434 if (resource->options().requestOriginPolicy == PotentiallyCrossOriginEna
bled | 446 if (resource->options().requestOriginPolicy == PotentiallyCrossOriginEna
bled |
| 435 && !m_document->securityOrigin()->canRequest(resource->response().ur
l()) | 447 && !m_document->securityOrigin()->canRequest(resource->response().ur
l()) |
| 436 && !resource->passesAccessControlCheck(m_document->securityOrigin(),
error)) { | 448 && !resource->passesAccessControlCheck(m_document->securityOrigin(),
error)) { |
| 437 m_document->addConsoleMessage(JSMessageSource, ErrorMessageLevel, "S
cript from origin '" + SecurityOrigin::create(resource->response().url())->toStr
ing() + "' has been blocked from loading by Cross-Origin Resource Sharing policy
: " + error); | 449 m_document->addConsoleMessage(JSMessageSource, ErrorMessageLevel, "S
cript from origin '" + SecurityOrigin::create(resource->response().url())->toStr
ing() + "' has been blocked from loading by Cross-Origin Resource Sharing policy
: " + error); |
| 438 return false; | 450 return false; |
| 439 } | 451 } |
| 440 | 452 |
| 441 break; | 453 break; |
| 442 default: | 454 default: |
| 443 ASSERT_NOT_REACHED(); // FIXME: generalize to non-script resources | 455 ASSERT_NOT_REACHED(); // FIXME: generalize to non-script resources |
| (...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 560 targetType = ResourceRequest::TargetIsScript; | 572 targetType = ResourceRequest::TargetIsScript; |
| 561 break; | 573 break; |
| 562 case CachedResource::FontResource: | 574 case CachedResource::FontResource: |
| 563 targetType = ResourceRequest::TargetIsFontResource; | 575 targetType = ResourceRequest::TargetIsFontResource; |
| 564 break; | 576 break; |
| 565 case CachedResource::ImageResource: | 577 case CachedResource::ImageResource: |
| 566 targetType = ResourceRequest::TargetIsImage; | 578 targetType = ResourceRequest::TargetIsImage; |
| 567 break; | 579 break; |
| 568 case CachedResource::ShaderResource: | 580 case CachedResource::ShaderResource: |
| 569 case CachedResource::RawResource: | 581 case CachedResource::RawResource: |
| 582 case CachedResource::ImportResource: |
| 570 targetType = ResourceRequest::TargetIsSubresource; | 583 targetType = ResourceRequest::TargetIsSubresource; |
| 571 break; | 584 break; |
| 572 case CachedResource::LinkPrefetch: | 585 case CachedResource::LinkPrefetch: |
| 573 targetType = ResourceRequest::TargetIsPrefetch; | 586 targetType = ResourceRequest::TargetIsPrefetch; |
| 574 break; | 587 break; |
| 575 case CachedResource::LinkSubresource: | 588 case CachedResource::LinkSubresource: |
| 576 targetType = ResourceRequest::TargetIsSubresource; | 589 targetType = ResourceRequest::TargetIsSubresource; |
| 577 break; | 590 break; |
| 578 case CachedResource::TextTrackResource: | 591 case CachedResource::TextTrackResource: |
| 579 targetType = ResourceRequest::TargetIsTextTrack; | 592 targetType = ResourceRequest::TargetIsTextTrack; |
| (...skipping 672 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1252 } | 1265 } |
| 1253 #endif | 1266 #endif |
| 1254 | 1267 |
| 1255 const ResourceLoaderOptions& CachedResourceLoader::defaultCachedResourceOptions(
) | 1268 const ResourceLoaderOptions& CachedResourceLoader::defaultCachedResourceOptions(
) |
| 1256 { | 1269 { |
| 1257 DEFINE_STATIC_LOCAL(ResourceLoaderOptions, options, (SendCallbacks, SniffCon
tent, BufferData, AllowStoredCredentials, ClientRequestedCredentials, AskClientF
orCrossOriginCredentials, DoSecurityCheck, CheckContentSecurityPolicy, UseDefaul
tOriginRestrictionsForType, DocumentContext)); | 1270 DEFINE_STATIC_LOCAL(ResourceLoaderOptions, options, (SendCallbacks, SniffCon
tent, BufferData, AllowStoredCredentials, ClientRequestedCredentials, AskClientF
orCrossOriginCredentials, DoSecurityCheck, CheckContentSecurityPolicy, UseDefaul
tOriginRestrictionsForType, DocumentContext)); |
| 1258 return options; | 1271 return options; |
| 1259 } | 1272 } |
| 1260 | 1273 |
| 1261 } | 1274 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 19940002:
[HTML Import] Respect Content Security Policy Model (Closed)
Base URL: svn://svn.chromium.org/blink/trunk