Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(458)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/loader/FrameLoader.cpp

Issue 2321503002: (Re-)introduce AncestorThrottle to handle 'X-Frame-Options'. (Closed)
Patch Set: Ugh. Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/browser/frame_host/navigation_handle_impl.h ('K') | « third_party/WebKit/Source/core/loader/FrameLoader.h ('k') | third_party/WebKit/Source/core/loader/HttpEquiv.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/core/loader/FrameLoader.cpp
diff --git a/third_party/WebKit/Source/core/loader/FrameLoader.cpp b/third_party/WebKit/Source/core/loader/FrameLoader.cpp
index 960bd1483826cb4ab9eb6983fa2f08140d4a4510..e80957e1ba1fbc140f6d75898007d09407fd251b 100644
--- a/third_party/WebKit/Source/core/loader/FrameLoader.cpp
+++ b/third_party/WebKit/Source/core/loader/FrameLoader.cpp
@@ -1463,51 +1463,6 @@ void FrameLoader::applyUserAgent(ResourceRequest& request)
request.setHTTPUserAgent(AtomicString(userAgent));
}
-bool FrameLoader::shouldInterruptLoadForXFrameOptions(const String& content, const KURL& url, unsigned long requestIdentifier)
-{
- UseCounter::count(m_frame->domWindow()->document(), UseCounter::XFrameOptions);
-
- Frame* topFrame = m_frame->tree().top();
- if (m_frame == topFrame)
- return false;
-
- XFrameOptionsDisposition disposition = parseXFrameOptionsHeader(content);
-
- switch (disposition) {
- case XFrameOptionsSameOrigin: {
- UseCounter::count(m_frame->domWindow()->document(), UseCounter::XFrameOptionsSameOrigin);
- RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url);
- // Out-of-process ancestors are always a different origin.
- if (!topFrame->isLocalFrame() || !origin->isSameSchemeHostPort(toLocalFrame(topFrame)->document()->getSecurityOrigin()))
- return true;
- for (Frame* frame = m_frame->tree().parent(); frame; frame = frame->tree().parent()) {
- if (!frame->isLocalFrame() || !origin->isSameSchemeHostPort(toLocalFrame(frame)->document()->getSecurityOrigin())) {
- UseCounter::count(m_frame->domWindow()->document(), UseCounter::XFrameOptionsSameOriginWithBadAncestorChain);
- break;
- }
- }
- return false;
- }
- case XFrameOptionsDeny:
- return true;
- case XFrameOptionsAllowAll:
- return false;
- case XFrameOptionsConflict: {
- ConsoleMessage* consoleMessage = ConsoleMessage::createForRequest(JSMessageSource, ErrorMessageLevel, "Multiple 'X-Frame-Options' headers with conflicting values ('" + content + "') encountered when loading '" + url.elidedString() + "'. Falling back to 'DENY'.", url, requestIdentifier);
- m_frame->document()->addConsoleMessage(consoleMessage);
- return true;
- }
- case XFrameOptionsInvalid: {
- ConsoleMessage* consoleMessage = ConsoleMessage::createForRequest(JSMessageSource, ErrorMessageLevel, "Invalid 'X-Frame-Options' header encountered when loading '" + url.elidedString() + "': '" + content + "' is not a recognized directive. The header will be ignored.", url, requestIdentifier);
- m_frame->document()->addConsoleMessage(consoleMessage);
- return false;
- }
- default:
- NOTREACHED();
- return false;
- }
-}
-
bool FrameLoader::shouldTreatURLAsSameAsCurrent(const KURL& url) const
{
return m_currentItem && url == m_currentItem->url();
« content/browser/frame_host/navigation_handle_impl.h ('K') | « third_party/WebKit/Source/core/loader/FrameLoader.h ('k') | third_party/WebKit/Source/core/loader/HttpEquiv.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698