OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. |
3 * Copyright (C) 2011 Google Inc. All rights reserved. | 3 * Copyright (C) 2011 Google Inc. All rights reserved. |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
7 * are met: | 7 * are met: |
8 * | 8 * |
9 * 1. Redistributions of source code must retain the above copyright | 9 * 1. Redistributions of source code must retain the above copyright |
10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
(...skipping 430 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
441 SecurityMessageSource, ErrorMessageLevel, message, response.url(), | 441 SecurityMessageSource, ErrorMessageLevel, message, response.url(), |
442 mainResourceIdentifier()); | 442 mainResourceIdentifier()); |
443 frame()->document()->addConsoleMessage(consoleMessage); | 443 frame()->document()->addConsoleMessage(consoleMessage); |
444 | 444 |
445 cancelLoadAfterXFrameOptionsOrCSPDenied(response); | 445 cancelLoadAfterXFrameOptionsOrCSPDenied(response); |
446 return; | 446 return; |
447 } | 447 } |
448 } | 448 } |
449 } | 449 } |
450 | 450 |
451 if (RuntimeEnabledFeatures::embedderCSPEnforcementEnabled() && | |
452 !frameLoader()->requiredCSP().isEmpty()) { | |
453 // Check if the response allows blanket enforcment of policy from request | |
454 if (ContentSecurityPolicy::checkAllowBlanketEnforcement( | |
455 response, | |
456 toLocalFrame(frame()->tree().parent())->document()->url())) { | |
Mike West
2016/10/13 11:01:42
1. You can't know that the parent is a local frame
| |
457 m_contentSecurityPolicy->addPolicyFromHeaderValue( | |
458 frameLoader()->requiredCSP(), ContentSecurityPolicyHeaderTypeEnforce, | |
459 ContentSecurityPolicyHeaderSourceHTTP); | |
460 } else { | |
461 // TODO(amalika): Under this flag up to this pointS, we only support | |
462 // Allow-CSP-From header. | |
463 // Change this after adding Subsumption Algorithm | |
464 cancelLoadAfterXFrameOptionsOrCSPDenied(response); | |
465 return; | |
466 } | |
467 } | |
468 | |
451 DCHECK(!m_frame->page()->defersLoading()); | 469 DCHECK(!m_frame->page()->defersLoading()); |
452 | 470 |
453 m_response = response; | 471 m_response = response; |
454 | 472 |
455 if (isArchiveMIMEType(m_response.mimeType()) && | 473 if (isArchiveMIMEType(m_response.mimeType()) && |
456 m_mainResource->getDataBufferingPolicy() != BufferData) | 474 m_mainResource->getDataBufferingPolicy() != BufferData) |
457 m_mainResource->setDataBufferingPolicy(BufferData); | 475 m_mainResource->setDataBufferingPolicy(BufferData); |
458 | 476 |
459 if (!shouldContinueForResponse()) { | 477 if (!shouldContinueForResponse()) { |
460 InspectorInstrumentation::continueWithPolicyIgnore( | 478 InspectorInstrumentation::continueWithPolicyIgnore( |
(...skipping 300 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
761 m_writer ? m_writer->encoding() : emptyAtom, true, | 779 m_writer ? m_writer->encoding() : emptyAtom, true, |
762 ForceSynchronousParsing); | 780 ForceSynchronousParsing); |
763 if (!source.isNull()) | 781 if (!source.isNull()) |
764 m_writer->appendReplacingData(source); | 782 m_writer->appendReplacingData(source); |
765 endWriting(m_writer.get()); | 783 endWriting(m_writer.get()); |
766 } | 784 } |
767 | 785 |
768 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); | 786 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); |
769 | 787 |
770 } // namespace blink | 788 } // namespace blink |
OLD | NEW |