| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. |
| 3 * Copyright (C) 2011 Google Inc. All rights reserved. | 3 * Copyright (C) 2011 Google Inc. All rights reserved. |
| 4 * | 4 * |
| 5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
| 6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
| 7 * are met: | 7 * are met: |
| 8 * | 8 * |
| 9 * 1. Redistributions of source code must retain the above copyright | 9 * 1. Redistributions of source code must retain the above copyright |
| 10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
| (...skipping 430 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 441 SecurityMessageSource, ErrorMessageLevel, message, response.url(), | 441 SecurityMessageSource, ErrorMessageLevel, message, response.url(), |
| 442 mainResourceIdentifier()); | 442 mainResourceIdentifier()); |
| 443 frame()->document()->addConsoleMessage(consoleMessage); | 443 frame()->document()->addConsoleMessage(consoleMessage); |
| 444 | 444 |
| 445 cancelLoadAfterXFrameOptionsOrCSPDenied(response); | 445 cancelLoadAfterXFrameOptionsOrCSPDenied(response); |
| 446 return; | 446 return; |
| 447 } | 447 } |
| 448 } | 448 } |
| 449 } | 449 } |
| 450 | 450 |
| 451 if (RuntimeEnabledFeatures::embedderCSPEnforcementEnabled() && |
| 452 !frameLoader()->requiredCSP().isEmpty()) { |
| 453 SecurityOrigin* parentSecurityOrigin = |
| 454 frame()->tree().parent()->securityContext()->getSecurityOrigin(); |
| 455 if (ContentSecurityPolicy::shouldEnforceEmbeddersPolicy( |
| 456 response, parentSecurityOrigin)) { |
| 457 m_contentSecurityPolicy->addPolicyFromHeaderValue( |
| 458 frameLoader()->requiredCSP(), ContentSecurityPolicyHeaderTypeEnforce, |
| 459 ContentSecurityPolicyHeaderSourceHTTP); |
| 460 } else { |
| 461 cancelLoadAfterXFrameOptionsOrCSPDenied(response); |
| 462 return; |
| 463 } |
| 464 } |
| 465 |
| 451 DCHECK(!m_frame->page()->defersLoading()); | 466 DCHECK(!m_frame->page()->defersLoading()); |
| 452 | 467 |
| 453 m_response = response; | 468 m_response = response; |
| 454 | 469 |
| 455 if (isArchiveMIMEType(m_response.mimeType()) && | 470 if (isArchiveMIMEType(m_response.mimeType()) && |
| 456 m_mainResource->getDataBufferingPolicy() != BufferData) | 471 m_mainResource->getDataBufferingPolicy() != BufferData) |
| 457 m_mainResource->setDataBufferingPolicy(BufferData); | 472 m_mainResource->setDataBufferingPolicy(BufferData); |
| 458 | 473 |
| 459 if (!shouldContinueForResponse()) { | 474 if (!shouldContinueForResponse()) { |
| 460 InspectorInstrumentation::continueWithPolicyIgnore( | 475 InspectorInstrumentation::continueWithPolicyIgnore( |
| (...skipping 300 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 761 m_writer ? m_writer->encoding() : emptyAtom, true, | 776 m_writer ? m_writer->encoding() : emptyAtom, true, |
| 762 ForceSynchronousParsing); | 777 ForceSynchronousParsing); |
| 763 if (!source.isNull()) | 778 if (!source.isNull()) |
| 764 m_writer->appendReplacingData(source); | 779 m_writer->appendReplacingData(source); |
| 765 endWriting(m_writer.get()); | 780 endWriting(m_writer.get()); |
| 766 } | 781 } |
| 767 | 782 |
| 768 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); | 783 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); |
| 769 | 784 |
| 770 } // namespace blink | 785 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2404373003:
Experimental Feature: Allow-CSP-From header (Closed)
