| Index: third_party/WebKit/Source/core/loader/DocumentLoader.cpp
|
| diff --git a/third_party/WebKit/Source/core/loader/DocumentLoader.cpp b/third_party/WebKit/Source/core/loader/DocumentLoader.cpp
|
| index 930a2e37b32d975a148e541b2a8cee7fe0a3e3ab..3c4c0c6691f6dd461c9ad0b95dfc49db25b7bda3 100644
|
| --- a/third_party/WebKit/Source/core/loader/DocumentLoader.cpp
|
| +++ b/third_party/WebKit/Source/core/loader/DocumentLoader.cpp
|
| @@ -109,7 +109,7 @@ DocumentLoader::DocumentLoader(LocalFrame* frame, const ResourceRequest& req, co
|
| , m_documentLoadTiming(*this)
|
| , m_timeOfLastDataReceived(0.0)
|
| , m_applicationCacheHost(ApplicationCacheHost::create(this))
|
| - , m_wasBlockedAfterXFrameOptionsOrCSP(false)
|
| + , m_wasBlockedAfterCSP(false)
|
| , m_state(NotStarted)
|
| , m_inDataReceived(false)
|
| , m_dataBuffer(SharedBuffer::create())
|
| @@ -277,6 +277,10 @@ void DocumentLoader::notifyFinished(Resource* resource)
|
| if (m_applicationCacheHost)
|
| m_applicationCacheHost->failedLoadingMainResource();
|
| m_state = MainResourceDone;
|
| +
|
| + if (m_mainResource->resourceError().wasBlockedByResponse())
|
| + InspectorInstrumentation::canceledAfterReceivedResourceResponse(m_frame, this, mainResourceIdentifier(), resource->response(), m_mainResource.get());
|
| +
|
| frameLoader()->loadFailed(this, m_mainResource->resourceError());
|
| clearMainResourceHandle();
|
| }
|
| @@ -372,11 +376,11 @@ bool DocumentLoader::shouldContinueForResponse() const
|
| return true;
|
| }
|
|
|
| -void DocumentLoader::cancelLoadAfterXFrameOptionsOrCSPDenied(const ResourceResponse& response)
|
| +void DocumentLoader::cancelLoadAfterCSPDenied(const ResourceResponse& response)
|
| {
|
| - InspectorInstrumentation::continueAfterXFrameOptionsDenied(m_frame, this, mainResourceIdentifier(), response, m_mainResource.get());
|
| + InspectorInstrumentation::canceledAfterReceivedResourceResponse(m_frame, this, mainResourceIdentifier(), response, m_mainResource.get());
|
|
|
| - setWasBlockedAfterXFrameOptionsOrCSP();
|
| + setWasBlockedAfterCSP();
|
|
|
| // Pretend that this was an empty HTTP 200 response. Don't reuse the
|
| // original URL for the empty page (https://crbug.com/622385).
|
| @@ -413,26 +417,10 @@ void DocumentLoader::responseReceived(Resource* resource, const ResourceResponse
|
| m_contentSecurityPolicy->setOverrideURLForSelf(response.url());
|
| m_contentSecurityPolicy->didReceiveHeaders(ContentSecurityPolicyResponseHeaders(response));
|
| if (!m_contentSecurityPolicy->allowAncestors(m_frame, response.url())) {
|
| - cancelLoadAfterXFrameOptionsOrCSPDenied(response);
|
| + cancelLoadAfterCSPDenied(response);
|
| return;
|
| }
|
|
|
| - // 'frame-ancestors' obviates 'x-frame-options': https://w3c.github.io/webappsec/specs/content-security-policy/#frame-ancestors-and-frame-options
|
| - if (!m_contentSecurityPolicy->isFrameAncestorsEnforced()) {
|
| - HTTPHeaderMap::const_iterator it = response.httpHeaderFields().find(HTTPNames::X_Frame_Options);
|
| - if (it != response.httpHeaderFields().end()) {
|
| - String content = it->value;
|
| - if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, response.url(), mainResourceIdentifier())) {
|
| - String message = "Refused to display '" + response.url().elidedString() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'.";
|
| - ConsoleMessage* consoleMessage = ConsoleMessage::createForRequest(SecurityMessageSource, ErrorMessageLevel, message, response.url(), mainResourceIdentifier());
|
| - frame()->document()->addConsoleMessage(consoleMessage);
|
| -
|
| - cancelLoadAfterXFrameOptionsOrCSPDenied(response);
|
| - return;
|
| - }
|
| - }
|
| - }
|
| -
|
| ASSERT(!m_frame->page()->defersLoading());
|
|
|
| m_response = response;
|
|
|
Chromium Code Reviews
Issue 2321503002:
(Re-)introduce AncestorThrottle to handle 'X-Frame-Options'. (Closed)
