Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(38)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/loader/FrameLoader.cpp

Issue 19940002: [HTML Import] Respect Content Security Policy Model (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Fix Mac build failure Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « Source/core/html/HTMLImportsController.cpp ('k') | Source/core/loader/cache/CachedResource.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv ed. 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv ed.
3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) 3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/) 4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/)
5 * Copyright (C) 2008 Alp Toker <alp@atoker.com> 5 * Copyright (C) 2008 Alp Toker <alp@atoker.com>
6 * Copyright (C) Research In Motion Limited 2009. All rights reserved. 6 * Copyright (C) Research In Motion Limited 2009. All rights reserved.
7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> 7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com>
8 * Copyright (C) 2011 Google Inc. All rights reserved. 8 * Copyright (C) 2011 Google Inc. All rights reserved.
9 * 9 *
10 * Redistribution and use in source and binary forms, with or without 10 * Redistribution and use in source and binary forms, with or without
(...skipping 518 matching lines...) Expand 10 before | Expand all | Expand 10 after
529 m_isComplete = false; 529 m_isComplete = false;
530 m_didCallImplicitClose = false; 530 m_didCallImplicitClose = false;
531 m_frame->document()->setReadyState(Document::Loading); 531 m_frame->document()->setReadyState(Document::Loading);
532 532
533 if (history()->currentItem() && m_loadType == FrameLoadTypeBackForward) 533 if (history()->currentItem() && m_loadType == FrameLoadTypeBackForward)
534 m_frame->document()->statePopped(history()->currentItem()->stateObject() ); 534 m_frame->document()->statePopped(history()->currentItem()->stateObject() );
535 535
536 if (dispatch) 536 if (dispatch)
537 dispatchDidClearWindowObjectsInAllWorlds(); 537 dispatchDidClearWindowObjectsInAllWorlds();
538 538
539 m_frame->document()->initContentSecurityPolicy(); 539 m_frame->document()->initContentSecurityPolicy(m_documentLoader ? ContentSec urityPolicyResponseHeaders(m_documentLoader->response()) : ContentSecurityPolicy ResponseHeaders());
540 540
541 Settings* settings = m_frame->document()->settings(); 541 Settings* settings = m_frame->document()->settings();
542 if (settings) { 542 if (settings) {
543 m_frame->document()->fetcher()->setImagesEnabled(settings->areImagesEnab led()); 543 m_frame->document()->fetcher()->setImagesEnabled(settings->areImagesEnab led());
544 m_frame->document()->fetcher()->setAutoLoadImages(settings->loadsImagesA utomatically()); 544 m_frame->document()->fetcher()->setAutoLoadImages(settings->loadsImagesA utomatically());
545 } 545 }
546 546
547 if (m_documentLoader) { 547 if (m_documentLoader) {
548 String dnsPrefetchControl = m_documentLoader->response().httpHeaderField ("X-DNS-Prefetch-Control"); 548 String dnsPrefetchControl = m_documentLoader->response().httpHeaderField ("X-DNS-Prefetch-Control");
549 if (!dnsPrefetchControl.isEmpty()) 549 if (!dnsPrefetchControl.isEmpty())
550 m_frame->document()->parseDNSPrefetchControlHeader(dnsPrefetchContro l); 550 m_frame->document()->parseDNSPrefetchControlHeader(dnsPrefetchContro l);
551 551
552 String policyValue = m_documentLoader->response().httpHeaderField("Conte nt-Security-Policy");
553 if (!policyValue.isEmpty())
554 m_frame->document()->contentSecurityPolicy()->didReceiveHeader(polic yValue, ContentSecurityPolicy::Enforce);
555
556 policyValue = m_documentLoader->response().httpHeaderField("Content-Secu rity-Policy-Report-Only");
557 if (!policyValue.isEmpty())
558 m_frame->document()->contentSecurityPolicy()->didReceiveHeader(polic yValue, ContentSecurityPolicy::Report);
559
560 policyValue = m_documentLoader->response().httpHeaderField("X-WebKit-CSP ");
561 if (!policyValue.isEmpty())
562 m_frame->document()->contentSecurityPolicy()->didReceiveHeader(polic yValue, ContentSecurityPolicy::PrefixedEnforce);
563
564 policyValue = m_documentLoader->response().httpHeaderField("X-WebKit-CSP -Report-Only");
565 if (!policyValue.isEmpty())
566 m_frame->document()->contentSecurityPolicy()->didReceiveHeader(polic yValue, ContentSecurityPolicy::PrefixedReport);
567
568 String headerContentLanguage = m_documentLoader->response().httpHeaderFi eld("Content-Language"); 552 String headerContentLanguage = m_documentLoader->response().httpHeaderFi eld("Content-Language");
569 if (!headerContentLanguage.isEmpty()) { 553 if (!headerContentLanguage.isEmpty()) {
570 size_t commaIndex = headerContentLanguage.find(','); 554 size_t commaIndex = headerContentLanguage.find(',');
571 headerContentLanguage.truncate(commaIndex); // notFound == -1 == don 't truncate 555 headerContentLanguage.truncate(commaIndex); // notFound == -1 == don 't truncate
572 headerContentLanguage = headerContentLanguage.stripWhiteSpace(isHTML Space); 556 headerContentLanguage = headerContentLanguage.stripWhiteSpace(isHTML Space);
573 if (!headerContentLanguage.isEmpty()) 557 if (!headerContentLanguage.isEmpty())
574 m_frame->document()->setContentLanguage(headerContentLanguage); 558 m_frame->document()->setContentLanguage(headerContentLanguage);
575 } 559 }
576 } 560 }
577 561
(...skipping 1698 matching lines...) Expand 10 before | Expand all | Expand 10 after
2276 InspectorInstrumentation::didCommitLoad(m_frame, m_documentLoader.get()); 2260 InspectorInstrumentation::didCommitLoad(m_frame, m_documentLoader.get());
2277 2261
2278 m_frame->page()->didCommitLoad(m_frame); 2262 m_frame->page()->didCommitLoad(m_frame);
2279 2263
2280 if (m_frame->page()->mainFrame() == m_frame) 2264 if (m_frame->page()->mainFrame() == m_frame)
2281 m_frame->page()->useCounter()->didCommitLoad(); 2265 m_frame->page()->useCounter()->didCommitLoad();
2282 2266
2283 } 2267 }
2284 2268
2285 } // namespace WebCore 2269 } // namespace WebCore
OLDNEW
« no previous file with comments | « Source/core/html/HTMLImportsController.cpp ('k') | Source/core/loader/cache/CachedResource.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698