Move 'frame-src' CSP checks into FrameFetchContext.

third_party/WebKit/Source/core/loader/FrameLoader.cpp

 /*
  * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved.
  * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
  * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.torchmobile.com/)
  * Copyright (C) 2008 Alp Toker <alp@atoker.com>
  * Copyright (C) Research In Motion Limited 2009. All rights reserved.
  * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com>
  * Copyright (C) 2011 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ skipping 1348 matching lines @@
 }
 
 bool FrameLoader::shouldContinueForNavigationPolicy(const ResourceRequest& request, const SubstituteData& substituteData,
     DocumentLoader* loader, ContentSecurityPolicyDisposition shouldCheckMainWorldContentSecurityPolicy,
     NavigationType type, NavigationPolicy policy, bool replacesCurrentHistoryItem, bool isClientRedirect)
 {
     // Don't ask if we are loading an empty URL.
     if (request.url().isEmpty() || substituteData.isValid())
         return true;
 
-    // If we're loading content into a subframe, check against the parent's Content Security Policy
-    // and kill the load if that check fails, unless we should bypass the main world's CSP.
-    if (shouldCheckMainWorldContentSecurityPolicy == CheckContentSecurityPolicy) {
-        Frame* parentFrame = m_frame->tree().parent();
-        if (parentFrame) {
-            ContentSecurityPolicy* parentPolicy = parentFrame->securityContext()->contentSecurityPolicy();
-            if (!parentPolicy->allowChildFrameFromSource(request.url(), request.redirectStatus())) {
-                // Fire a load event, as timing attacks would otherwise reveal that the
-                // frame was blocked. This way, it looks like every other cross-origin
-                // page load.
-                m_frame->document()->enforceSandboxFlags(SandboxOrigin);
-                m_frame->owner()->dispatchLoad();
-                return false;
-            }
-        }
-    }
-
+    // TODO(mkwst): Look into moving this to 'FrameFetchContext::canRequestInternal' alongside the
+    // 'frame-src' checks.
     bool isFormSubmission = type == NavigationTypeFormSubmitted || type == NavigationTypeFormResubmitted;
     if (isFormSubmission && !m_frame->document()->contentSecurityPolicy()->allowFormAction(request.url()))
         return false;
 
     policy = client()->decidePolicyForNavigation(request, loader, type, policy, replacesCurrentHistoryItem, isClientRedirect);
     if (policy == NavigationPolicyCurrentTab)
         return true;
     if (policy == NavigationPolicyIgnore)
         return false;
     if (policy == NavigationPolicyHandledByClient) {
@@ skipping 228 matching lines @@
     tracedValue->setString("documentLoaderURL", m_documentLoader ? m_documentLoader->url() : String());
     return tracedValue;
 }
 
 inline void FrameLoader::takeObjectSnapshot() const
 {
     TRACE_EVENT_OBJECT_SNAPSHOT_WITH_ID("loading", "FrameLoader", this, toTracedValue());
 }
 
 } // namespace blink