Index: third_party/WebKit/Source/core/loader/DocumentLoader.cpp |
diff --git a/third_party/WebKit/Source/core/loader/DocumentLoader.cpp b/third_party/WebKit/Source/core/loader/DocumentLoader.cpp |
index 7f689758f73ce58cb90169608e096f5f9c89130e..565ff8dc71a03b1b7fe28e4f901b018251ff20c2 100644 |
--- a/third_party/WebKit/Source/core/loader/DocumentLoader.cpp |
+++ b/third_party/WebKit/Source/core/loader/DocumentLoader.cpp |
@@ -448,6 +448,21 @@ void DocumentLoader::responseReceived( |
} |
} |
+ if (RuntimeEnabledFeatures::embedderCSPEnforcementEnabled() && |
+ !frameLoader()->requiredCSP().isEmpty()) { |
+ SecurityOrigin* parentSecurityOrigin = |
+ frame()->tree().parent()->securityContext()->getSecurityOrigin(); |
+ if (ContentSecurityPolicy::shouldEnforceEmbeddersPolicy( |
+ response, parentSecurityOrigin)) { |
+ m_contentSecurityPolicy->addPolicyFromHeaderValue( |
+ frameLoader()->requiredCSP(), ContentSecurityPolicyHeaderTypeEnforce, |
+ ContentSecurityPolicyHeaderSourceHTTP); |
+ } else { |
+ cancelLoadAfterXFrameOptionsOrCSPDenied(response); |
+ return; |
+ } |
+ } |
+ |
DCHECK(!m_frame->page()->defersLoading()); |
m_response = response; |