OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights | 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights |
3 * reserved. | 3 * reserved. |
4 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) | 4 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) |
5 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. | 5 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. |
6 * (http://www.torchmobile.com/) | 6 * (http://www.torchmobile.com/) |
7 * Copyright (C) 2008 Alp Toker <alp@atoker.com> | 7 * Copyright (C) 2008 Alp Toker <alp@atoker.com> |
8 * Copyright (C) Research In Motion Limited 2009. All rights reserved. | 8 * Copyright (C) Research In Motion Limited 2009. All rights reserved. |
9 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> | 9 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> |
10 * Copyright (C) 2011 Google Inc. All rights reserved. | 10 * Copyright (C) 2011 Google Inc. All rights reserved. |
(...skipping 1685 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1696 | 1696 |
1697 takeObjectSnapshot(); | 1697 takeObjectSnapshot(); |
1698 } | 1698 } |
1699 | 1699 |
1700 void FrameLoader::applyUserAgent(ResourceRequest& request) { | 1700 void FrameLoader::applyUserAgent(ResourceRequest& request) { |
1701 String userAgent = this->userAgent(); | 1701 String userAgent = this->userAgent(); |
1702 DCHECK(!userAgent.isNull()); | 1702 DCHECK(!userAgent.isNull()); |
1703 request.setHTTPUserAgent(AtomicString(userAgent)); | 1703 request.setHTTPUserAgent(AtomicString(userAgent)); |
1704 } | 1704 } |
1705 | 1705 |
1706 bool FrameLoader::shouldInterruptLoadForXFrameOptions( | |
1707 const String& content, | |
1708 const KURL& url, | |
1709 unsigned long requestIdentifier) { | |
1710 UseCounter::count(m_frame->domWindow()->document(), | |
1711 UseCounter::XFrameOptions); | |
1712 | |
1713 Frame* topFrame = m_frame->tree().top(); | |
1714 if (m_frame == topFrame) | |
1715 return false; | |
1716 | |
1717 XFrameOptionsDisposition disposition = parseXFrameOptionsHeader(content); | |
1718 | |
1719 switch (disposition) { | |
1720 case XFrameOptionsSameOrigin: { | |
1721 UseCounter::count(m_frame->domWindow()->document(), | |
1722 UseCounter::XFrameOptionsSameOrigin); | |
1723 RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url); | |
1724 // Out-of-process ancestors are always a different origin. | |
1725 if (!topFrame->isLocalFrame() || | |
1726 !origin->isSameSchemeHostPort( | |
1727 toLocalFrame(topFrame)->document()->getSecurityOrigin())) | |
1728 return true; | |
1729 for (Frame* frame = m_frame->tree().parent(); frame; | |
1730 frame = frame->tree().parent()) { | |
1731 if (!frame->isLocalFrame() || | |
1732 !origin->isSameSchemeHostPort( | |
1733 toLocalFrame(frame)->document()->getSecurityOrigin())) { | |
1734 UseCounter::count( | |
1735 m_frame->domWindow()->document(), | |
1736 UseCounter::XFrameOptionsSameOriginWithBadAncestorChain); | |
1737 break; | |
1738 } | |
1739 } | |
1740 return false; | |
1741 } | |
1742 case XFrameOptionsDeny: | |
1743 return true; | |
1744 case XFrameOptionsAllowAll: | |
1745 return false; | |
1746 case XFrameOptionsConflict: { | |
1747 ConsoleMessage* consoleMessage = ConsoleMessage::createForRequest( | |
1748 JSMessageSource, ErrorMessageLevel, | |
1749 "Multiple 'X-Frame-Options' headers with conflicting values ('" + | |
1750 content + "') encountered when loading '" + url.elidedString() + | |
1751 "'. Falling back to 'DENY'.", | |
1752 url, requestIdentifier); | |
1753 m_frame->document()->addConsoleMessage(consoleMessage); | |
1754 return true; | |
1755 } | |
1756 case XFrameOptionsInvalid: { | |
1757 ConsoleMessage* consoleMessage = ConsoleMessage::createForRequest( | |
1758 JSMessageSource, ErrorMessageLevel, | |
1759 "Invalid 'X-Frame-Options' header encountered when loading '" + | |
1760 url.elidedString() + "': '" + content + | |
1761 "' is not a recognized directive. The header will be ignored.", | |
1762 url, requestIdentifier); | |
1763 m_frame->document()->addConsoleMessage(consoleMessage); | |
1764 return false; | |
1765 } | |
1766 default: | |
1767 NOTREACHED(); | |
1768 return false; | |
1769 } | |
1770 } | |
1771 | |
1772 bool FrameLoader::shouldTreatURLAsSameAsCurrent(const KURL& url) const { | 1706 bool FrameLoader::shouldTreatURLAsSameAsCurrent(const KURL& url) const { |
1773 return m_currentItem && url == m_currentItem->url(); | 1707 return m_currentItem && url == m_currentItem->url(); |
1774 } | 1708 } |
1775 | 1709 |
1776 bool FrameLoader::shouldTreatURLAsSrcdocDocument(const KURL& url) const { | 1710 bool FrameLoader::shouldTreatURLAsSrcdocDocument(const KURL& url) const { |
1777 if (!url.isAboutSrcdocURL()) | 1711 if (!url.isAboutSrcdocURL()) |
1778 return false; | 1712 return false; |
1779 HTMLFrameOwnerElement* ownerElement = m_frame->deprecatedLocalOwner(); | 1713 HTMLFrameOwnerElement* ownerElement = m_frame->deprecatedLocalOwner(); |
1780 if (!isHTMLIFrameElement(ownerElement)) | 1714 if (!isHTMLIFrameElement(ownerElement)) |
1781 return false; | 1715 return false; |
(...skipping 154 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1936 m_documentLoader ? m_documentLoader->url() : String()); | 1870 m_documentLoader ? m_documentLoader->url() : String()); |
1937 return tracedValue; | 1871 return tracedValue; |
1938 } | 1872 } |
1939 | 1873 |
1940 inline void FrameLoader::takeObjectSnapshot() const { | 1874 inline void FrameLoader::takeObjectSnapshot() const { |
1941 TRACE_EVENT_OBJECT_SNAPSHOT_WITH_ID("loading", "FrameLoader", this, | 1875 TRACE_EVENT_OBJECT_SNAPSHOT_WITH_ID("loading", "FrameLoader", this, |
1942 toTracedValue()); | 1876 toTracedValue()); |
1943 } | 1877 } |
1944 | 1878 |
1945 } // namespace blink | 1879 } // namespace blink |
OLD | NEW |