Index: Source/core/dom/Document.cpp |
diff --git a/Source/core/dom/Document.cpp b/Source/core/dom/Document.cpp |
index 74fa3dadd01b7fd17f02e74f46a33b2782805bb2..4ee7388862e414246d8c7df31be04048f14fad1e 100644 |
--- a/Source/core/dom/Document.cpp |
+++ b/Source/core/dom/Document.cpp |
@@ -2637,7 +2637,20 @@ void Document::processHttpEquiv(const String& equiv, const String& content) |
parseDNSPrefetchControlHeader(content); |
else if (equalIgnoringCase(equiv, "x-frame-options")) |
processHttpEquivXFrameOptions(content); |
- else if (equalIgnoringCase(equiv, "content-security-policy")) |
+ else if (equalIgnoringCase(equiv, "content-security-policy") |
+ || equalIgnoringCase(equiv, "content-security-policy-report-only") |
+ || equalIgnoringCase(equiv, "content-security-policy-report-only") |
+ || equalIgnoringCase(equiv, "x-webkit-csp") |
+ || equalIgnoringCase(equiv, "x-webkit-csp-report-only")) |
+ processHttpEquivContentSecurityPolicy(equiv, content); |
+} |
+ |
+void Document::processHttpEquivContentSecurityPolicy(const String& equiv, const String& content) |
Mike West
2013/07/22 14:39:42
I like this cleanup, but it's unrelated to the cor
|
+{ |
+ if (!this->frame()) |
+ return; |
+ |
+ if (equalIgnoringCase(equiv, "content-security-policy")) |
contentSecurityPolicy()->didReceiveHeader(content, ContentSecurityPolicy::Enforce); |
else if (equalIgnoringCase(equiv, "content-security-policy-report-only")) |
contentSecurityPolicy()->didReceiveHeader(content, ContentSecurityPolicy::Report); |
@@ -2645,6 +2658,8 @@ void Document::processHttpEquiv(const String& equiv, const String& content) |
contentSecurityPolicy()->didReceiveHeader(content, ContentSecurityPolicy::PrefixedEnforce); |
else if (equalIgnoringCase(equiv, "x-webkit-csp-report-only")) |
contentSecurityPolicy()->didReceiveHeader(content, ContentSecurityPolicy::PrefixedReport); |
+ else |
+ ASSERT_NOT_REACHED(); |
} |
void Document::processHttpEquivDefaultStyle(const String& content) |
@@ -4200,7 +4215,7 @@ void Document::initSecurityContext(const DocumentInit& initializer) |
return; |
} |
- if (!initializer.frame()) { |
+ if (!initializer.hasSecurityContext()) { |
// No source for a security context. |
// This can occur via document.implementation.createDocument(). |
m_cookieURL = KURL(ParsedURLString, emptyString()); |
@@ -4274,10 +4289,10 @@ void Document::initSecurityContext(const DocumentInit& initializer) |
void Document::initContentSecurityPolicy() |
{ |
- if (!m_frame->tree()->parent() || (!shouldInheritSecurityOriginFromOwner(m_url) && !isPluginDocument())) |
- return; |
- |
- contentSecurityPolicy()->copyStateFrom(m_frame->tree()->parent()->document()->contentSecurityPolicy()); |
+ if (m_frame && m_frame->tree()->parent() && (shouldInheritSecurityOriginFromOwner(m_url) || isPluginDocument())) |
+ contentSecurityPolicy()->copyStateFrom(m_frame->tree()->parent()->document()->contentSecurityPolicy()); |
+ if (HTMLImport* import = this->import()) |
+ contentSecurityPolicy()->copyStateFrom(import->master()->contentSecurityPolicy()); |
} |
void Document::didUpdateSecurityOrigin() |