OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights | 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights |
3 * reserved. | 3 * reserved. |
4 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) | 4 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) |
5 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. | 5 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. |
6 * (http://www.torchmobile.com/) | 6 * (http://www.torchmobile.com/) |
7 * Copyright (C) 2008 Alp Toker <alp@atoker.com> | 7 * Copyright (C) 2008 Alp Toker <alp@atoker.com> |
8 * Copyright (C) Research In Motion Limited 2009. All rights reserved. | 8 * Copyright (C) Research In Motion Limited 2009. All rights reserved. |
9 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> | 9 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> |
10 * Copyright (C) 2011 Google Inc. All rights reserved. | 10 * Copyright (C) 2011 Google Inc. All rights reserved. |
(...skipping 1706 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1717 | 1717 |
1718 takeObjectSnapshot(); | 1718 takeObjectSnapshot(); |
1719 } | 1719 } |
1720 | 1720 |
1721 void FrameLoader::applyUserAgent(ResourceRequest& request) { | 1721 void FrameLoader::applyUserAgent(ResourceRequest& request) { |
1722 String userAgent = this->userAgent(); | 1722 String userAgent = this->userAgent(); |
1723 DCHECK(!userAgent.isNull()); | 1723 DCHECK(!userAgent.isNull()); |
1724 request.setHTTPUserAgent(AtomicString(userAgent)); | 1724 request.setHTTPUserAgent(AtomicString(userAgent)); |
1725 } | 1725 } |
1726 | 1726 |
1727 bool FrameLoader::shouldInterruptLoadForXFrameOptions( | |
1728 const String& content, | |
1729 const KURL& url, | |
1730 unsigned long requestIdentifier) { | |
1731 UseCounter::count(m_frame->domWindow()->document(), | |
1732 UseCounter::XFrameOptions); | |
1733 | |
1734 Frame* topFrame = m_frame->tree().top(); | |
1735 if (m_frame == topFrame) | |
1736 return false; | |
1737 | |
1738 XFrameOptionsDisposition disposition = parseXFrameOptionsHeader(content); | |
1739 | |
1740 switch (disposition) { | |
1741 case XFrameOptionsSameOrigin: { | |
1742 UseCounter::count(m_frame->domWindow()->document(), | |
1743 UseCounter::XFrameOptionsSameOrigin); | |
1744 RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url); | |
1745 // Out-of-process ancestors are always a different origin. | |
1746 if (!topFrame->isLocalFrame() || | |
1747 !origin->isSameSchemeHostPort( | |
1748 toLocalFrame(topFrame)->document()->getSecurityOrigin())) | |
1749 return true; | |
1750 for (Frame* frame = m_frame->tree().parent(); frame; | |
1751 frame = frame->tree().parent()) { | |
1752 if (!frame->isLocalFrame() || | |
1753 !origin->isSameSchemeHostPort( | |
1754 toLocalFrame(frame)->document()->getSecurityOrigin())) { | |
1755 UseCounter::count( | |
1756 m_frame->domWindow()->document(), | |
1757 UseCounter::XFrameOptionsSameOriginWithBadAncestorChain); | |
1758 break; | |
1759 } | |
1760 } | |
1761 return false; | |
1762 } | |
1763 case XFrameOptionsDeny: | |
1764 return true; | |
1765 case XFrameOptionsAllowAll: | |
1766 return false; | |
1767 case XFrameOptionsConflict: { | |
1768 ConsoleMessage* consoleMessage = ConsoleMessage::createForRequest( | |
1769 JSMessageSource, ErrorMessageLevel, | |
1770 "Multiple 'X-Frame-Options' headers with conflicting values ('" + | |
1771 content + "') encountered when loading '" + url.elidedString() + | |
1772 "'. Falling back to 'DENY'.", | |
1773 url, requestIdentifier); | |
1774 m_frame->document()->addConsoleMessage(consoleMessage); | |
1775 return true; | |
1776 } | |
1777 case XFrameOptionsInvalid: { | |
1778 ConsoleMessage* consoleMessage = ConsoleMessage::createForRequest( | |
1779 JSMessageSource, ErrorMessageLevel, | |
1780 "Invalid 'X-Frame-Options' header encountered when loading '" + | |
1781 url.elidedString() + "': '" + content + | |
1782 "' is not a recognized directive. The header will be ignored.", | |
1783 url, requestIdentifier); | |
1784 m_frame->document()->addConsoleMessage(consoleMessage); | |
1785 return false; | |
1786 } | |
1787 default: | |
1788 NOTREACHED(); | |
1789 return false; | |
1790 } | |
1791 } | |
1792 | |
1793 bool FrameLoader::shouldTreatURLAsSameAsCurrent(const KURL& url) const { | 1727 bool FrameLoader::shouldTreatURLAsSameAsCurrent(const KURL& url) const { |
1794 return m_currentItem && url == m_currentItem->url(); | 1728 return m_currentItem && url == m_currentItem->url(); |
1795 } | 1729 } |
1796 | 1730 |
1797 bool FrameLoader::shouldTreatURLAsSrcdocDocument(const KURL& url) const { | 1731 bool FrameLoader::shouldTreatURLAsSrcdocDocument(const KURL& url) const { |
1798 if (!url.isAboutSrcdocURL()) | 1732 if (!url.isAboutSrcdocURL()) |
1799 return false; | 1733 return false; |
1800 HTMLFrameOwnerElement* ownerElement = m_frame->deprecatedLocalOwner(); | 1734 HTMLFrameOwnerElement* ownerElement = m_frame->deprecatedLocalOwner(); |
1801 if (!isHTMLIFrameElement(ownerElement)) | 1735 if (!isHTMLIFrameElement(ownerElement)) |
1802 return false; | 1736 return false; |
(...skipping 156 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1959 m_documentLoader ? m_documentLoader->url() : String()); | 1893 m_documentLoader ? m_documentLoader->url() : String()); |
1960 return tracedValue; | 1894 return tracedValue; |
1961 } | 1895 } |
1962 | 1896 |
1963 inline void FrameLoader::takeObjectSnapshot() const { | 1897 inline void FrameLoader::takeObjectSnapshot() const { |
1964 TRACE_EVENT_OBJECT_SNAPSHOT_WITH_ID("loading", "FrameLoader", this, | 1898 TRACE_EVENT_OBJECT_SNAPSHOT_WITH_ID("loading", "FrameLoader", this, |
1965 toTracedValue()); | 1899 toTracedValue()); |
1966 } | 1900 } |
1967 | 1901 |
1968 } // namespace blink | 1902 } // namespace blink |
OLD | NEW |