Revert of Move 'frame-src' CSP checks into FrameFetchContext.

third_party/WebKit/Source/core/loader/FrameFetchContext.cpp

 /*
  * Copyright (C) 2013 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 508 matching lines @@
     case Resource::XSLStyleSheet:
         ASSERT(RuntimeEnabledFeatures::xsltEnabled());
     case Resource::SVGDocument:
         if (!securityOrigin->canRequest(url)) {
             printAccessDeniedMessage(url);
             return ResourceRequestBlockedReasonOrigin;
         }
         break;
     }
 
-    if (contentSecurityPolicyBlocksRequest(type, resourceRequest, url, options, forPreload, redirectStatus))
-        return ResourceRequestBlockedReasonCSP;
+    // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved.
+    bool shouldBypassMainWorldCSP = frame()->script().shouldBypassMainWorldCSP() || options.contentSecurityPolicyOption == DoNotCheckContentSecurityPolicy;
+
+    // Don't send CSP messages for preloads, we might never actually display those items.
+    ContentSecurityPolicy::ReportingStatus cspReporting = forPreload ?
+        ContentSecurityPolicy::SuppressReport : ContentSecurityPolicy::SendReport;
+
+    if (m_document) {
+        DCHECK(m_document->contentSecurityPolicy());
+        if (!shouldBypassMainWorldCSP && !m_document->contentSecurityPolicy()->allowRequest(resourceRequest.requestContext(), url, options.contentSecurityPolicyNonce, redirectStatus, cspReporting))
+            return ResourceRequestBlockedReasonCSP;
+    }
 
     if (type == Resource::Script || type == Resource::ImportResource) {
         ASSERT(frame());
         if (!frame()->loader().client()->allowScriptFromSource(!frame()->settings() || frame()->settings()->scriptEnabled(), url)) {
             frame()->loader().client()->didNotAllowScript();
             // TODO(estark): Use a different ResourceRequestBlockedReason
             // here, since this check has nothing to do with
             // CSP. https://crbug.com/600795
             return ResourceRequestBlockedReasonCSP;
         }
@@ skipping 28 matching lines @@
         return ResourceRequestBlockedReasonMixedContent;
 
     // Let the client have the final say into whether or not the load should proceed.
     DocumentLoader* documentLoader = masterDocumentLoader();
     if (documentLoader && documentLoader->subresourceFilter() && type != Resource::MainResource && type != Resource::ImportResource && !documentLoader->subresourceFilter()->allowLoad(url, resourceRequest.requestContext()))
         return ResourceRequestBlockedReasonSubresourceFilter;
 
     return ResourceRequestBlockedReasonNone;
 }
 
-bool FrameFetchContext::contentSecurityPolicyBlocksRequest(Resource::Type type, const ResourceRequest& resourceRequest, const KURL& url, const ResourceLoaderOptions& options, bool forPreload, ResourceRequest::RedirectStatus redirectStatus) const
-{
-    // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved.
-    if (!frame()->script().shouldBypassMainWorldCSP() && options.contentSecurityPolicyOption == CheckContentSecurityPolicy) {
-        // Don't send CSP messages for preloads, we might never actually display those items.
-        ContentSecurityPolicy::ReportingStatus cspReporting = forPreload ? ContentSecurityPolicy::SuppressReport : ContentSecurityPolicy::SendReport;
-        if (m_document) {
-            DCHECK(m_document->contentSecurityPolicy());
-            if (!m_document->contentSecurityPolicy()->allowRequest(resourceRequest.requestContext(), url, options.contentSecurityPolicyNonce, redirectStatus, cspReporting))
-                return true;
-        } else if (type == Resource::MainResource) {
-            // When loading the main document of an iframe, we won't have a document
-            // yet. We instead need to grab the frame's parent's policy in order to
-            // perform 'frame-src' checks:
-            if (Frame* parentFrame = frame()->tree().parent()) {
-                if (!parentFrame->securityContext()->contentSecurityPolicy()->allowChildFrameFromSource(url, redirectStatus, cspReporting)) {
-                    // TODO(mkwst): If we cancel the request after a redirect, we never instantiate
-                    // a document, and therefore don't inherit the loader's sandbox flags, or trigger
-                    // a load event. This is strange.
-                    if (redirectStatus == ResourceRequest::RedirectStatus::FollowedRedirect) {
-                        frame()->document()->enforceSandboxFlags(SandboxOrigin);
-                        frame()->owner()->dispatchLoad();
-                    }
-                    return true;
-                }
-            }
-        }
-    }
-    return false;
-}
-
 bool FrameFetchContext::isControlledByServiceWorker() const
 {
     ASSERT(m_documentLoader || frame()->loader().documentLoader());
     if (m_documentLoader)
         return frame()->loader().client()->isControlledByServiceWorker(*m_documentLoader);
     // m_documentLoader is null while loading resources from an HTML import.
     // In such cases whether the request is controlled by ServiceWorker or not
     // is determined by the document loader of the frame.
     return frame()->loader().client()->isControlledByServiceWorker(*frame()->loader().documentLoader());
 }
@@ skipping 174 matching lines @@
 }
 
 DEFINE_TRACE(FrameFetchContext)
 {
     visitor->trace(m_document);
     visitor->trace(m_documentLoader);
     FetchContext::trace(visitor);
 }
 
 } // namespace blink