Skeleton of the Safe Browsing Subresource Filter.

third_party/WebKit/Source/core/loader/FrameFetchContext.cpp

Index: third_party/WebKit/Source/core/loader/FrameFetchContext.cpp
diff --git a/third_party/WebKit/Source/core/loader/FrameFetchContext.cpp b/third_party/WebKit/Source/core/loader/FrameFetchContext.cpp
index 167da90332473df36b56720b9977236babb20d40..72a1431ae98df4c966ae20122dce8f992f595474 100644
--- a/third_party/WebKit/Source/core/loader/FrameFetchContext.cpp
+++ b/third_party/WebKit/Source/core/loader/FrameFetchContext.cpp
@@ -69,6 +69,7 @@
 #include "platform/weborigin/SchemeRegistry.h"
 #include "platform/weborigin/SecurityPolicy.h"
 #include "public/platform/WebCachePolicy.h"
+#include "public/platform/WebDocumentSubresourceFilter.h"
 #include "public/platform/WebFrameScheduler.h"
 
 #include <algorithm>
@@ -279,7 +280,7 @@ WebCachePolicy FrameFetchContext::resourceRequestCachePolicy(const ResourceReque
 // |loader| can be null if the resource is loaded from imported document.
 // This means inspector, which uses DocumentLoader as an grouping entity,
 // cannot see imported documents.
-inline DocumentLoader* FrameFetchContext::ensureLoaderForNotifications() const
+inline DocumentLoader* FrameFetchContext::effectiveDocumentLoader() const
 {
     return m_documentLoader ? m_documentLoader.get() : frame()->loader().documentLoader();
 }
@@ -296,7 +297,7 @@ void FrameFetchContext::dispatchWillSendRequest(unsigned long identifier, Resour
     frame()->loader().applyUserAgent(request);
     frame()->loader().client()->dispatchWillSendRequest(m_documentLoader, identifier, request, redirectResponse);
     TRACE_EVENT_INSTANT1("devtools.timeline", "ResourceSendRequest", TRACE_EVENT_SCOPE_THREAD, "data", InspectorSendRequestEvent::data(identifier, frame(), request));
-    InspectorInstrumentation::willSendRequest(frame(), identifier, ensureLoaderForNotifications(), request, redirectResponse, initiatorInfo);
+    InspectorInstrumentation::willSendRequest(frame(), identifier, effectiveDocumentLoader(), request, redirectResponse, initiatorInfo);
 }
 
 void FrameFetchContext::dispatchDidReceiveResponse(unsigned long identifier, const ResourceResponse& response, WebURLRequest::FrameType frameType, WebURLRequest::RequestContext requestContext, ResourceLoader* resourceLoader)
@@ -319,7 +320,7 @@ void FrameFetchContext::dispatchDidReceiveResponse(unsigned long identifier, con
     frame()->loader().progress().incrementProgress(identifier, response);
     frame()->loader().client()->dispatchDidReceiveResponse(m_documentLoader, identifier, response);
     TRACE_EVENT_INSTANT1("devtools.timeline", "ResourceReceiveResponse", TRACE_EVENT_SCOPE_THREAD, "data", InspectorReceiveResponseEvent::data(identifier, frame(), response));
-    DocumentLoader* documentLoader = ensureLoaderForNotifications();
+    DocumentLoader* documentLoader = effectiveDocumentLoader();
     InspectorInstrumentation::didReceiveResourceResponse(frame(), identifier, documentLoader, response, resourceLoader);
     // It is essential that inspector gets resource response BEFORE console.
     frame()->console().reportResourceResponseReceived(documentLoader, identifier, response);
@@ -452,7 +453,7 @@ bool FrameFetchContext::canRequest(Resource::Type type, const ResourceRequest& r
     ResourceRequestBlockedReason reason = canRequestInternal(type, resourceRequest, url, options, forPreload, originRestriction, redirectStatus);
     if (reason != ResourceRequestBlockedReasonNone) {
         if (!forPreload)
-            InspectorInstrumentation::didBlockRequest(frame(), resourceRequest, ensureLoaderForNotifications(), options.initiatorInfo, reason);
+            InspectorInstrumentation::didBlockRequest(frame(), resourceRequest, effectiveDocumentLoader(), options.initiatorInfo, reason);
         return false;
     }
     return true;
@@ -462,7 +463,7 @@ bool FrameFetchContext::allowResponse(Resource::Type type, const ResourceRequest
 {
     ResourceRequestBlockedReason reason = canRequestInternal(type, resourceRequest, url, options, false, FetchRequest::UseDefaultOriginRestrictionForType, ContentSecurityPolicy::DidRedirect);
     if (reason != ResourceRequestBlockedReasonNone) {
-        InspectorInstrumentation::didBlockRequest(frame(), resourceRequest, ensureLoaderForNotifications(), options.initiatorInfo, reason);
+        InspectorInstrumentation::didBlockRequest(frame(), resourceRequest, effectiveDocumentLoader(), options.initiatorInfo, reason);
         return false;
     }
     return true;
@@ -573,14 +574,19 @@ ResourceRequestBlockedReason FrameFetchContext::canRequestInternal(Resource::Typ
         UseCounter::count(frame()->document(), UseCounter::ResourceLoadedAfterRedirectWithCSP);
     }
 
-    // Last of all, check for mixed content. We do this last so that when
-    // folks block mixed content with a CSP policy, they don't get a warning.
-    // They'll still get a warning in the console about CSP blocking the load.
+    // Check for mixed content. We do this second-to-last so that when folks block
+    // mixed content with a CSP policy, they don't get a warning. They'll still
+    // get a warning in the console about CSP blocking the load.
     MixedContentChecker::ReportingStatus mixedContentReporting = forPreload ?
         MixedContentChecker::SuppressReport : MixedContentChecker::SendReport;
     if (MixedContentChecker::shouldBlockFetch(frame(), resourceRequest, url, mixedContentReporting))
         return ResourceRequestBlockedReasonMixedContent;
 
+    // Let the client have the final say into whether or not the load should proceed.
+    DocumentLoader* documentLoader = effectiveDocumentLoader();
+    if (documentLoader && documentLoader->subresourceFilter() && type != Resource::MainResource && type != Resource::ImportResource && !documentLoader->subresourceFilter()->allowLoad(url, resourceRequest.requestContext()))

[Mike West, 2016/06/01 13:43:18]

Why exclude `Resource::MainResource` and `Resource::ImportResource`? The former
is used for `<iframe>` and the latter is a totally reasonable (if seldom-used)
way of importing data/templates into a document context. Shouldn't the filter
apply to them as well?

[engedy, 2016/06/02 23:07:19]

We never want to filter the mainframe document load.

We want to filter <iframe>, but it is tricky: they need to be filtered in the
context of the owner document (i.e. by giving the frame source URL to the
SubresourceFilter injected into the DocumentLoader of the main frame), not in
their own context (i.e. the filter injected into the DocumentLoader of the
subframe).

So they will need to be special cased, but I was planning to add logic for this
in a subsequent CL to avoid inflating this one even more. WDYT?

Regarding import documents, the plan is to not treat them as subresources,
instead treat their subresources as if they were loaded from the master
document.  I think this makes sense because most types of resources referenced
in them will not be loaded anyway until they are cloned into the master
document.

+        return ResourceRequestBlockedReasonClient;
+
     return ResourceRequestBlockedReasonNone;
 }