| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights | 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights |
| 3 * reserved. | 3 * reserved. |
| 4 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) | 4 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) |
| 5 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. | 5 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. |
| 6 * (http://www.torchmobile.com/) | 6 * (http://www.torchmobile.com/) |
| 7 * Copyright (C) 2008 Alp Toker <alp@atoker.com> | 7 * Copyright (C) 2008 Alp Toker <alp@atoker.com> |
| 8 * Copyright (C) Research In Motion Limited 2009. All rights reserved. | 8 * Copyright (C) Research In Motion Limited 2009. All rights reserved. |
| 9 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> | 9 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> |
| 10 * Copyright (C) 2011 Google Inc. All rights reserved. | 10 * Copyright (C) 2011 Google Inc. All rights reserved. |
| (...skipping 1700 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1711 | 1711 |
| 1712 takeObjectSnapshot(); | 1712 takeObjectSnapshot(); |
| 1713 } | 1713 } |
| 1714 | 1714 |
| 1715 void FrameLoader::applyUserAgent(ResourceRequest& request) { | 1715 void FrameLoader::applyUserAgent(ResourceRequest& request) { |
| 1716 String userAgent = this->userAgent(); | 1716 String userAgent = this->userAgent(); |
| 1717 DCHECK(!userAgent.isNull()); | 1717 DCHECK(!userAgent.isNull()); |
| 1718 request.setHTTPUserAgent(AtomicString(userAgent)); | 1718 request.setHTTPUserAgent(AtomicString(userAgent)); |
| 1719 } | 1719 } |
| 1720 | 1720 |
| 1721 bool FrameLoader::shouldInterruptLoadForXFrameOptions( | |
| 1722 const String& content, | |
| 1723 const KURL& url, | |
| 1724 unsigned long requestIdentifier) { | |
| 1725 UseCounter::count(m_frame->domWindow()->document(), | |
| 1726 UseCounter::XFrameOptions); | |
| 1727 | |
| 1728 Frame* topFrame = m_frame->tree().top(); | |
| 1729 if (m_frame == topFrame) | |
| 1730 return false; | |
| 1731 | |
| 1732 XFrameOptionsDisposition disposition = parseXFrameOptionsHeader(content); | |
| 1733 | |
| 1734 switch (disposition) { | |
| 1735 case XFrameOptionsSameOrigin: { | |
| 1736 UseCounter::count(m_frame->domWindow()->document(), | |
| 1737 UseCounter::XFrameOptionsSameOrigin); | |
| 1738 RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url); | |
| 1739 // Out-of-process ancestors are always a different origin. | |
| 1740 if (!topFrame->isLocalFrame() || | |
| 1741 !origin->isSameSchemeHostPort( | |
| 1742 toLocalFrame(topFrame)->document()->getSecurityOrigin())) | |
| 1743 return true; | |
| 1744 for (Frame* frame = m_frame->tree().parent(); frame; | |
| 1745 frame = frame->tree().parent()) { | |
| 1746 if (!frame->isLocalFrame() || | |
| 1747 !origin->isSameSchemeHostPort( | |
| 1748 toLocalFrame(frame)->document()->getSecurityOrigin())) { | |
| 1749 UseCounter::count( | |
| 1750 m_frame->domWindow()->document(), | |
| 1751 UseCounter::XFrameOptionsSameOriginWithBadAncestorChain); | |
| 1752 break; | |
| 1753 } | |
| 1754 } | |
| 1755 return false; | |
| 1756 } | |
| 1757 case XFrameOptionsDeny: | |
| 1758 return true; | |
| 1759 case XFrameOptionsAllowAll: | |
| 1760 return false; | |
| 1761 case XFrameOptionsConflict: { | |
| 1762 ConsoleMessage* consoleMessage = ConsoleMessage::createForRequest( | |
| 1763 JSMessageSource, ErrorMessageLevel, | |
| 1764 "Multiple 'X-Frame-Options' headers with conflicting values ('" + | |
| 1765 content + "') encountered when loading '" + url.elidedString() + | |
| 1766 "'. Falling back to 'DENY'.", | |
| 1767 url, requestIdentifier); | |
| 1768 m_frame->document()->addConsoleMessage(consoleMessage); | |
| 1769 return true; | |
| 1770 } | |
| 1771 case XFrameOptionsInvalid: { | |
| 1772 ConsoleMessage* consoleMessage = ConsoleMessage::createForRequest( | |
| 1773 JSMessageSource, ErrorMessageLevel, | |
| 1774 "Invalid 'X-Frame-Options' header encountered when loading '" + | |
| 1775 url.elidedString() + "': '" + content + | |
| 1776 "' is not a recognized directive. The header will be ignored.", | |
| 1777 url, requestIdentifier); | |
| 1778 m_frame->document()->addConsoleMessage(consoleMessage); | |
| 1779 return false; | |
| 1780 } | |
| 1781 default: | |
| 1782 NOTREACHED(); | |
| 1783 return false; | |
| 1784 } | |
| 1785 } | |
| 1786 | |
| 1787 bool FrameLoader::shouldTreatURLAsSameAsCurrent(const KURL& url) const { | 1721 bool FrameLoader::shouldTreatURLAsSameAsCurrent(const KURL& url) const { |
| 1788 return m_currentItem && url == m_currentItem->url(); | 1722 return m_currentItem && url == m_currentItem->url(); |
| 1789 } | 1723 } |
| 1790 | 1724 |
| 1791 bool FrameLoader::shouldTreatURLAsSrcdocDocument(const KURL& url) const { | 1725 bool FrameLoader::shouldTreatURLAsSrcdocDocument(const KURL& url) const { |
| 1792 if (!url.isAboutSrcdocURL()) | 1726 if (!url.isAboutSrcdocURL()) |
| 1793 return false; | 1727 return false; |
| 1794 HTMLFrameOwnerElement* ownerElement = m_frame->deprecatedLocalOwner(); | 1728 HTMLFrameOwnerElement* ownerElement = m_frame->deprecatedLocalOwner(); |
| 1795 if (!isHTMLIFrameElement(ownerElement)) | 1729 if (!isHTMLIFrameElement(ownerElement)) |
| 1796 return false; | 1730 return false; |
| (...skipping 156 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1953 m_documentLoader ? m_documentLoader->url() : String()); | 1887 m_documentLoader ? m_documentLoader->url() : String()); |
| 1954 return tracedValue; | 1888 return tracedValue; |
| 1955 } | 1889 } |
| 1956 | 1890 |
| 1957 inline void FrameLoader::takeObjectSnapshot() const { | 1891 inline void FrameLoader::takeObjectSnapshot() const { |
| 1958 TRACE_EVENT_OBJECT_SNAPSHOT_WITH_ID("loading", "FrameLoader", this, | 1892 TRACE_EVENT_OBJECT_SNAPSHOT_WITH_ID("loading", "FrameLoader", this, |
| 1959 toTracedValue()); | 1893 toTracedValue()); |
| 1960 } | 1894 } |
| 1961 | 1895 |
| 1962 } // namespace blink | 1896 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2488743003:
(Re-)introduce AncestorThrottle to handle 'X-Frame-Options'. (Closed)
