| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
| 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
| 4 * (C) 2001 Dirk Mueller (mueller@kde.org) | 4 * (C) 2001 Dirk Mueller (mueller@kde.org) |
| 5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org) | 5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org) |
| 6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2012 Apple Inc. All | 6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2012 Apple Inc. All |
| 7 * rights reserved. | 7 * rights reserved. |
| 8 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. | 8 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. |
| 9 * (http://www.torchmobile.com/) | 9 * (http://www.torchmobile.com/) |
| 10 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies) | 10 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies) |
| (...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 89 if (m_importsController) | 89 if (m_importsController) |
| 90 return m_importsController->master()->frame(); | 90 return m_importsController->master()->frame(); |
| 91 return 0; | 91 return 0; |
| 92 } | 92 } |
| 93 | 93 |
| 94 SandboxFlags DocumentInit::getSandboxFlags() const { | 94 SandboxFlags DocumentInit::getSandboxFlags() const { |
| 95 DCHECK(frameForSecurityContext()); | 95 DCHECK(frameForSecurityContext()); |
| 96 FrameLoader* loader = &frameForSecurityContext()->loader(); | 96 FrameLoader* loader = &frameForSecurityContext()->loader(); |
| 97 SandboxFlags flags = loader->effectiveSandboxFlags(); | 97 SandboxFlags flags = loader->effectiveSandboxFlags(); |
| 98 | 98 |
| 99 // If the load was blocked by X-Frame-Options or CSP, force the Document's | 99 // If the load was blocked by CSP, force the Document's origin to be unique, |
| 100 // origin to be unique, so that the blocked document appears to be a normal | 100 // so that the blocked document appears to be a normal cross-origin document's |
| 101 // cross-origin document's load per CSP spec: | 101 // load per CSP spec: https://www.w3.org/TR/CSP3/#directive-frame-ancestors. |
| 102 // https://www.w3.org/TR/CSP2/#directive-frame-ancestors | |
| 103 if (loader->documentLoader() && | 102 if (loader->documentLoader() && |
| 104 loader->documentLoader()->wasBlockedAfterXFrameOptionsOrCSP()) | 103 loader->documentLoader()->wasBlockedAfterCSP()) { |
| 105 flags |= SandboxOrigin; | 104 flags |= SandboxOrigin; |
| 105 } |
| 106 | 106 |
| 107 return flags; | 107 return flags; |
| 108 } | 108 } |
| 109 | 109 |
| 110 WebInsecureRequestPolicy DocumentInit::getInsecureRequestPolicy() const { | 110 WebInsecureRequestPolicy DocumentInit::getInsecureRequestPolicy() const { |
| 111 DCHECK(frameForSecurityContext()); | 111 DCHECK(frameForSecurityContext()); |
| 112 return frameForSecurityContext()->loader().getInsecureRequestPolicy(); | 112 return frameForSecurityContext()->loader().getInsecureRequestPolicy(); |
| 113 } | 113 } |
| 114 | 114 |
| 115 SecurityContext::InsecureNavigationsSet* | 115 SecurityContext::InsecureNavigationsSet* |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 170 Document* DocumentInit::contextDocument() const { | 170 Document* DocumentInit::contextDocument() const { |
| 171 return m_contextDocument; | 171 return m_contextDocument; |
| 172 } | 172 } |
| 173 | 173 |
| 174 DocumentInit DocumentInit::fromContext(Document* contextDocument, | 174 DocumentInit DocumentInit::fromContext(Document* contextDocument, |
| 175 const KURL& url) { | 175 const KURL& url) { |
| 176 return DocumentInit(url, 0, contextDocument, 0); | 176 return DocumentInit(url, 0, contextDocument, 0); |
| 177 } | 177 } |
| 178 | 178 |
| 179 } // namespace blink | 179 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2321503002:
(Re-)introduce AncestorThrottle to handle 'X-Frame-Options'. (Closed)
