Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(565)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/core/loader/cache/CachedResourceLoader.cpp

Issue 19940002: [HTML Import] Respect Content Security Policy Model (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Fix Mac build Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« Source/core/dom/DocumentInit.h ('K') | « Source/core/loader/cache/CachedResourceLoader.h ('k') | Source/core/page/ContentSecurityPolicy.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/loader/cache/CachedResourceLoader.cpp
diff --git a/Source/core/loader/cache/CachedResourceLoader.cpp b/Source/core/loader/cache/CachedResourceLoader.cpp
index d06f008c4085c53f49718bea157d282278a22822..7c70fc4c1b1c9f9e27e5f1593e4cad3ddce9c902 100644
--- a/Source/core/loader/cache/CachedResourceLoader.cpp
+++ b/Source/core/loader/cache/CachedResourceLoader.cpp
@@ -93,7 +93,10 @@ static CachedResource* createResource(CachedResource::Type type, const ResourceR
return new CachedTextTrack(request);
case CachedResource::ShaderResource:
return new CachedShader(request);
+ case CachedResource::ImportResource:
+ return new CachedRawResource(request, type);
}
+
ASSERT_NOT_REACHED();
return 0;
}
@@ -111,6 +114,7 @@ static ResourceLoadPriority loadPriority(CachedResource::Type type, const Cached
case CachedResource::Script:
case CachedResource::FontResource:
case CachedResource::RawResource:
+ case CachedResource::ImportResource:
return ResourceLoadPriorityMedium;
case CachedResource::ImageResource:
return request.forPreload() ? ResourceLoadPriorityVeryLow : ResourceLoadPriorityLow;
@@ -236,6 +240,11 @@ CachedResourceHandle<CachedShader> CachedResourceLoader::requestShader(CachedRes
return static_cast<CachedShader*>(requestResource(CachedResource::ShaderResource, request).get());
}
+CachedResourceHandle<CachedRawResource> CachedResourceLoader::requestImport(CachedResourceRequest& request)
+{
+ return static_cast<CachedRawResource*>(requestResource(CachedResource::ImportResource, request).get());
+}
+
CachedResourceHandle<CachedCSSStyleSheet> CachedResourceLoader::requestCSSStyleSheet(CachedResourceRequest& request)
{
return static_cast<CachedCSSStyleSheet*>(requestResource(CachedResource::CSSStyleSheet, request).get());
@@ -294,6 +303,7 @@ bool CachedResourceLoader::checkInsecureContent(CachedResource::Type type, const
case CachedResource::XSLStyleSheet:
case CachedResource::SVGDocumentResource:
case CachedResource::CSSStyleSheet:
+ case CachedResource::ImportResource:
// These resource can inject script into the current document (Script,
// XSL) or exfiltrate the content of the current document (CSS).
if (Frame* f = frame())
@@ -348,6 +358,7 @@ bool CachedResourceLoader::canRequest(CachedResource::Type type, const KURL& url
case CachedResource::LinkSubresource:
case CachedResource::TextTrackResource:
case CachedResource::ShaderResource:
+ case CachedResource::ImportResource:
// By default these types of resources can be loaded from any origin.
// FIXME: Are we sure about CachedResource::FontResource?
if (options.requestOriginPolicy == RestrictToSameOrigin && !m_document->securityOrigin()->canRequest(url)) {
@@ -370,6 +381,7 @@ bool CachedResourceLoader::canRequest(CachedResource::Type type, const KURL& url
return false;
break;
case CachedResource::Script:
+ case CachedResource::ImportResource:
if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowScriptFromSource(url))
return false;
@@ -430,7 +442,7 @@ bool CachedResourceLoader::canAccess(CachedResource* resource)
String error;
switch (resource->type()) {
case CachedResource::Script:
- case CachedResource::RawResource:
+ case CachedResource::ImportResource:
if (resource->options().requestOriginPolicy == PotentiallyCrossOriginEnabled
&& !m_document->securityOrigin()->canRequest(resource->response().url())
&& !resource->passesAccessControlCheck(m_document->securityOrigin(), error)) {
@@ -567,6 +579,7 @@ void CachedResourceLoader::determineTargetType(ResourceRequest& request, CachedR
break;
case CachedResource::ShaderResource:
case CachedResource::RawResource:
+ case CachedResource::ImportResource:
targetType = ResourceRequest::TargetIsSubresource;
break;
case CachedResource::LinkPrefetch:
« Source/core/dom/DocumentInit.h ('K') | « Source/core/loader/cache/CachedResourceLoader.h ('k') | Source/core/page/ContentSecurityPolicy.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698