OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. |
3 * Copyright (C) 2011 Google Inc. All rights reserved. | 3 * Copyright (C) 2011 Google Inc. All rights reserved. |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
7 * are met: | 7 * are met: |
8 * | 8 * |
9 * 1. Redistributions of source code must retain the above copyright | 9 * 1. Redistributions of source code must retain the above copyright |
10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
(...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
102 m_originalRequest(req), | 102 m_originalRequest(req), |
103 m_substituteData(substituteData), | 103 m_substituteData(substituteData), |
104 m_request(req), | 104 m_request(req), |
105 m_isClientRedirect(false), | 105 m_isClientRedirect(false), |
106 m_replacesCurrentHistoryItem(false), | 106 m_replacesCurrentHistoryItem(false), |
107 m_dataReceived(false), | 107 m_dataReceived(false), |
108 m_navigationType(NavigationTypeOther), | 108 m_navigationType(NavigationTypeOther), |
109 m_documentLoadTiming(*this), | 109 m_documentLoadTiming(*this), |
110 m_timeOfLastDataReceived(0.0), | 110 m_timeOfLastDataReceived(0.0), |
111 m_applicationCacheHost(ApplicationCacheHost::create(this)), | 111 m_applicationCacheHost(ApplicationCacheHost::create(this)), |
112 m_wasBlockedAfterXFrameOptionsOrCSP(false), | 112 m_wasBlockedAfterCSP(false), |
113 m_state(NotStarted), | 113 m_state(NotStarted), |
114 m_inDataReceived(false), | 114 m_inDataReceived(false), |
115 m_dataBuffer(SharedBuffer::create()) {} | 115 m_dataBuffer(SharedBuffer::create()) {} |
116 | 116 |
117 FrameLoader* DocumentLoader::frameLoader() const { | 117 FrameLoader* DocumentLoader::frameLoader() const { |
118 if (!m_frame) | 118 if (!m_frame) |
119 return nullptr; | 119 return nullptr; |
120 return &m_frame->loader(); | 120 return &m_frame->loader(); |
121 } | 121 } |
122 | 122 |
(...skipping 144 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
267 DCHECK(m_mainResource); | 267 DCHECK(m_mainResource); |
268 | 268 |
269 if (!m_mainResource->errorOccurred() && !m_mainResource->wasCanceled()) { | 269 if (!m_mainResource->errorOccurred() && !m_mainResource->wasCanceled()) { |
270 finishedLoading(m_mainResource->loadFinishTime()); | 270 finishedLoading(m_mainResource->loadFinishTime()); |
271 return; | 271 return; |
272 } | 272 } |
273 | 273 |
274 if (m_applicationCacheHost) | 274 if (m_applicationCacheHost) |
275 m_applicationCacheHost->failedLoadingMainResource(); | 275 m_applicationCacheHost->failedLoadingMainResource(); |
276 m_state = MainResourceDone; | 276 m_state = MainResourceDone; |
| 277 |
| 278 if (m_mainResource->resourceError().wasBlockedByResponse()) { |
| 279 InspectorInstrumentation::canceledAfterReceivedResourceResponse( |
| 280 m_frame, this, mainResourceIdentifier(), resource->response(), |
| 281 m_mainResource.get()); |
| 282 } |
| 283 |
277 frameLoader()->loadFailed(this, m_mainResource->resourceError()); | 284 frameLoader()->loadFailed(this, m_mainResource->resourceError()); |
278 clearMainResourceHandle(); | 285 clearMainResourceHandle(); |
279 } | 286 } |
280 | 287 |
281 void DocumentLoader::finishedLoading(double finishTime) { | 288 void DocumentLoader::finishedLoading(double finishTime) { |
282 DCHECK(m_frame->loader().stateMachine()->creatingInitialEmptyDocument() || | 289 DCHECK(m_frame->loader().stateMachine()->creatingInitialEmptyDocument() || |
283 !m_frame->page()->defersLoading() || | 290 !m_frame->page()->defersLoading() || |
284 InspectorInstrumentation::isDebuggerPaused(m_frame)); | 291 InspectorInstrumentation::isDebuggerPaused(m_frame)); |
285 | 292 |
286 double responseEndTime = finishTime; | 293 double responseEndTime = finishTime; |
(...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
371 // Downloading is handled by the embedder, but we still get the initial | 378 // Downloading is handled by the embedder, but we still get the initial |
372 // response so that we can ignore it and clean up properly. | 379 // response so that we can ignore it and clean up properly. |
373 return false; | 380 return false; |
374 } | 381 } |
375 | 382 |
376 if (!canShowMIMEType(m_response.mimeType(), m_frame)) | 383 if (!canShowMIMEType(m_response.mimeType(), m_frame)) |
377 return false; | 384 return false; |
378 return true; | 385 return true; |
379 } | 386 } |
380 | 387 |
381 void DocumentLoader::cancelLoadAfterXFrameOptionsOrCSPDenied( | 388 void DocumentLoader::cancelLoadAfterCSPDenied( |
382 const ResourceResponse& response) { | 389 const ResourceResponse& response) { |
383 InspectorInstrumentation::continueAfterXFrameOptionsDenied( | 390 InspectorInstrumentation::canceledAfterReceivedResourceResponse( |
384 m_frame, this, mainResourceIdentifier(), response, m_mainResource.get()); | 391 m_frame, this, mainResourceIdentifier(), response, m_mainResource.get()); |
385 | 392 |
386 setWasBlockedAfterXFrameOptionsOrCSP(); | 393 setWasBlockedAfterCSP(); |
387 | 394 |
388 // Pretend that this was an empty HTTP 200 response. Don't reuse the original | 395 // Pretend that this was an empty HTTP 200 response. Don't reuse the original |
389 // URL for the empty page (https://crbug.com/622385). | 396 // URL for the empty page (https://crbug.com/622385). |
390 // | 397 // |
391 // TODO(mkwst): Remove this once XFO moves to the browser. | 398 // TODO(mkwst): Remove this once XFO moves to the browser. |
392 // https://crbug.com/555418. | 399 // https://crbug.com/555418. |
393 clearMainResourceHandle(); | 400 clearMainResourceHandle(); |
394 KURL blockedURL = SecurityOrigin::urlWithUniqueSecurityOrigin(); | 401 KURL blockedURL = SecurityOrigin::urlWithUniqueSecurityOrigin(); |
395 m_originalRequest.setURL(blockedURL); | 402 m_originalRequest.setURL(blockedURL); |
396 m_request.setURL(blockedURL); | 403 m_request.setURL(blockedURL); |
(...skipping 20 matching lines...) Expand all Loading... |
417 // we don't save the result for future use. All responses loaded from appcache | 424 // we don't save the result for future use. All responses loaded from appcache |
418 // will have a non-zero appCacheID(). | 425 // will have a non-zero appCacheID(). |
419 if (response.appCacheID()) | 426 if (response.appCacheID()) |
420 memoryCache()->remove(m_mainResource.get()); | 427 memoryCache()->remove(m_mainResource.get()); |
421 | 428 |
422 m_contentSecurityPolicy = ContentSecurityPolicy::create(); | 429 m_contentSecurityPolicy = ContentSecurityPolicy::create(); |
423 m_contentSecurityPolicy->setOverrideURLForSelf(response.url()); | 430 m_contentSecurityPolicy->setOverrideURLForSelf(response.url()); |
424 m_contentSecurityPolicy->didReceiveHeaders( | 431 m_contentSecurityPolicy->didReceiveHeaders( |
425 ContentSecurityPolicyResponseHeaders(response)); | 432 ContentSecurityPolicyResponseHeaders(response)); |
426 if (!m_contentSecurityPolicy->allowAncestors(m_frame, response.url())) { | 433 if (!m_contentSecurityPolicy->allowAncestors(m_frame, response.url())) { |
427 cancelLoadAfterXFrameOptionsOrCSPDenied(response); | 434 cancelLoadAfterCSPDenied(response); |
428 return; | 435 return; |
429 } | 436 } |
430 | 437 |
431 // 'frame-ancestors' obviates 'x-frame-options': | |
432 // https://w3c.github.io/webappsec/specs/content-security-policy/#frame-ancest
ors-and-frame-options | |
433 if (!m_contentSecurityPolicy->isFrameAncestorsEnforced()) { | |
434 HTTPHeaderMap::const_iterator it = | |
435 response.httpHeaderFields().find(HTTPNames::X_Frame_Options); | |
436 if (it != response.httpHeaderFields().end()) { | |
437 String content = it->value; | |
438 if (frameLoader()->shouldInterruptLoadForXFrameOptions( | |
439 content, response.url(), mainResourceIdentifier())) { | |
440 String message = "Refused to display '" + | |
441 response.url().elidedString() + | |
442 "' in a frame because it set 'X-Frame-Options' to '" + | |
443 content + "'."; | |
444 ConsoleMessage* consoleMessage = ConsoleMessage::createForRequest( | |
445 SecurityMessageSource, ErrorMessageLevel, message, response.url(), | |
446 mainResourceIdentifier()); | |
447 frame()->document()->addConsoleMessage(consoleMessage); | |
448 | |
449 cancelLoadAfterXFrameOptionsOrCSPDenied(response); | |
450 return; | |
451 } | |
452 } | |
453 } | |
454 | |
455 if (RuntimeEnabledFeatures::embedderCSPEnforcementEnabled() && | 438 if (RuntimeEnabledFeatures::embedderCSPEnforcementEnabled() && |
456 !frameLoader()->requiredCSP().isEmpty()) { | 439 !frameLoader()->requiredCSP().isEmpty()) { |
457 SecurityOrigin* parentSecurityOrigin = | 440 SecurityOrigin* parentSecurityOrigin = |
458 frame()->tree().parent()->securityContext()->getSecurityOrigin(); | 441 frame()->tree().parent()->securityContext()->getSecurityOrigin(); |
459 if (ContentSecurityPolicy::shouldEnforceEmbeddersPolicy( | 442 if (ContentSecurityPolicy::shouldEnforceEmbeddersPolicy( |
460 response, parentSecurityOrigin)) { | 443 response, parentSecurityOrigin)) { |
461 m_contentSecurityPolicy->addPolicyFromHeaderValue( | 444 m_contentSecurityPolicy->addPolicyFromHeaderValue( |
462 frameLoader()->requiredCSP(), ContentSecurityPolicyHeaderTypeEnforce, | 445 frameLoader()->requiredCSP(), ContentSecurityPolicyHeaderTypeEnforce, |
463 ContentSecurityPolicyHeaderSourceHTTP); | 446 ContentSecurityPolicyHeaderSourceHTTP); |
464 } else { | 447 } else { |
465 String message = "Refused to display '" + response.url().elidedString() + | 448 String message = "Refused to display '" + response.url().elidedString() + |
466 "' because it has not opted-into the following policy " | 449 "' because it has not opted-into the following policy " |
467 "required by its embedder: '" + | 450 "required by its embedder: '" + |
468 frameLoader()->requiredCSP() + "'."; | 451 frameLoader()->requiredCSP() + "'."; |
469 ConsoleMessage* consoleMessage = ConsoleMessage::createForRequest( | 452 ConsoleMessage* consoleMessage = ConsoleMessage::createForRequest( |
470 SecurityMessageSource, ErrorMessageLevel, message, response.url(), | 453 SecurityMessageSource, ErrorMessageLevel, message, response.url(), |
471 mainResourceIdentifier()); | 454 mainResourceIdentifier()); |
472 frame()->document()->addConsoleMessage(consoleMessage); | 455 frame()->document()->addConsoleMessage(consoleMessage); |
473 cancelLoadAfterXFrameOptionsOrCSPDenied(response); | 456 cancelLoadAfterCSPDenied(response); |
474 return; | 457 return; |
475 } | 458 } |
476 } | 459 } |
477 | 460 |
478 DCHECK(!m_frame->page()->defersLoading()); | 461 DCHECK(!m_frame->page()->defersLoading()); |
479 | 462 |
480 m_response = response; | 463 m_response = response; |
481 | 464 |
482 if (isArchiveMIMEType(m_response.mimeType()) && | 465 if (isArchiveMIMEType(m_response.mimeType()) && |
483 m_mainResource->getDataBufferingPolicy() != BufferData) | 466 m_mainResource->getDataBufferingPolicy() != BufferData) |
(...skipping 303 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
787 m_writer ? m_writer->encoding() : emptyAtom, true, | 770 m_writer ? m_writer->encoding() : emptyAtom, true, |
788 ForceSynchronousParsing); | 771 ForceSynchronousParsing); |
789 if (!source.isNull()) | 772 if (!source.isNull()) |
790 m_writer->appendReplacingData(source); | 773 m_writer->appendReplacingData(source); |
791 endWriting(); | 774 endWriting(); |
792 } | 775 } |
793 | 776 |
794 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); | 777 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); |
795 | 778 |
796 } // namespace blink | 779 } // namespace blink |
OLD | NEW |