| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights | 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights |
| 3 * reserved. | 3 * reserved. |
| 4 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) | 4 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) |
| 5 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. | 5 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. |
| 6 * (http://www.torchmobile.com/) | 6 * (http://www.torchmobile.com/) |
| 7 * Copyright (C) 2008 Alp Toker <alp@atoker.com> | 7 * Copyright (C) 2008 Alp Toker <alp@atoker.com> |
| 8 * Copyright (C) Research In Motion Limited 2009. All rights reserved. | 8 * Copyright (C) Research In Motion Limited 2009. All rights reserved. |
| 9 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> | 9 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> |
| 10 * Copyright (C) 2011 Google Inc. All rights reserved. | 10 * Copyright (C) 2011 Google Inc. All rights reserved. |
| (...skipping 1706 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1717 | 1717 |
| 1718 takeObjectSnapshot(); | 1718 takeObjectSnapshot(); |
| 1719 } | 1719 } |
| 1720 | 1720 |
| 1721 void FrameLoader::applyUserAgent(ResourceRequest& request) { | 1721 void FrameLoader::applyUserAgent(ResourceRequest& request) { |
| 1722 String userAgent = this->userAgent(); | 1722 String userAgent = this->userAgent(); |
| 1723 DCHECK(!userAgent.isNull()); | 1723 DCHECK(!userAgent.isNull()); |
| 1724 request.setHTTPUserAgent(AtomicString(userAgent)); | 1724 request.setHTTPUserAgent(AtomicString(userAgent)); |
| 1725 } | 1725 } |
| 1726 | 1726 |
| 1727 bool FrameLoader::shouldInterruptLoadForXFrameOptions( | |
| 1728 const String& content, | |
| 1729 const KURL& url, | |
| 1730 unsigned long requestIdentifier) { | |
| 1731 UseCounter::count(m_frame->domWindow()->document(), | |
| 1732 UseCounter::XFrameOptions); | |
| 1733 | |
| 1734 Frame* topFrame = m_frame->tree().top(); | |
| 1735 if (m_frame == topFrame) | |
| 1736 return false; | |
| 1737 | |
| 1738 XFrameOptionsDisposition disposition = parseXFrameOptionsHeader(content); | |
| 1739 | |
| 1740 switch (disposition) { | |
| 1741 case XFrameOptionsSameOrigin: { | |
| 1742 UseCounter::count(m_frame->domWindow()->document(), | |
| 1743 UseCounter::XFrameOptionsSameOrigin); | |
| 1744 RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url); | |
| 1745 // Out-of-process ancestors are always a different origin. | |
| 1746 if (!topFrame->isLocalFrame() || | |
| 1747 !origin->isSameSchemeHostPort( | |
| 1748 toLocalFrame(topFrame)->document()->getSecurityOrigin())) | |
| 1749 return true; | |
| 1750 for (Frame* frame = m_frame->tree().parent(); frame; | |
| 1751 frame = frame->tree().parent()) { | |
| 1752 if (!frame->isLocalFrame() || | |
| 1753 !origin->isSameSchemeHostPort( | |
| 1754 toLocalFrame(frame)->document()->getSecurityOrigin())) { | |
| 1755 UseCounter::count( | |
| 1756 m_frame->domWindow()->document(), | |
| 1757 UseCounter::XFrameOptionsSameOriginWithBadAncestorChain); | |
| 1758 break; | |
| 1759 } | |
| 1760 } | |
| 1761 return false; | |
| 1762 } | |
| 1763 case XFrameOptionsDeny: | |
| 1764 return true; | |
| 1765 case XFrameOptionsAllowAll: | |
| 1766 return false; | |
| 1767 case XFrameOptionsConflict: { | |
| 1768 ConsoleMessage* consoleMessage = ConsoleMessage::createForRequest( | |
| 1769 JSMessageSource, ErrorMessageLevel, | |
| 1770 "Multiple 'X-Frame-Options' headers with conflicting values ('" + | |
| 1771 content + "') encountered when loading '" + url.elidedString() + | |
| 1772 "'. Falling back to 'DENY'.", | |
| 1773 url, requestIdentifier); | |
| 1774 m_frame->document()->addConsoleMessage(consoleMessage); | |
| 1775 return true; | |
| 1776 } | |
| 1777 case XFrameOptionsInvalid: { | |
| 1778 ConsoleMessage* consoleMessage = ConsoleMessage::createForRequest( | |
| 1779 JSMessageSource, ErrorMessageLevel, | |
| 1780 "Invalid 'X-Frame-Options' header encountered when loading '" + | |
| 1781 url.elidedString() + "': '" + content + | |
| 1782 "' is not a recognized directive. The header will be ignored.", | |
| 1783 url, requestIdentifier); | |
| 1784 m_frame->document()->addConsoleMessage(consoleMessage); | |
| 1785 return false; | |
| 1786 } | |
| 1787 default: | |
| 1788 NOTREACHED(); | |
| 1789 return false; | |
| 1790 } | |
| 1791 } | |
| 1792 | |
| 1793 bool FrameLoader::shouldTreatURLAsSameAsCurrent(const KURL& url) const { | 1727 bool FrameLoader::shouldTreatURLAsSameAsCurrent(const KURL& url) const { |
| 1794 return m_currentItem && url == m_currentItem->url(); | 1728 return m_currentItem && url == m_currentItem->url(); |
| 1795 } | 1729 } |
| 1796 | 1730 |
| 1797 bool FrameLoader::shouldTreatURLAsSrcdocDocument(const KURL& url) const { | 1731 bool FrameLoader::shouldTreatURLAsSrcdocDocument(const KURL& url) const { |
| 1798 if (!url.isAboutSrcdocURL()) | 1732 if (!url.isAboutSrcdocURL()) |
| 1799 return false; | 1733 return false; |
| 1800 HTMLFrameOwnerElement* ownerElement = m_frame->deprecatedLocalOwner(); | 1734 HTMLFrameOwnerElement* ownerElement = m_frame->deprecatedLocalOwner(); |
| 1801 if (!isHTMLIFrameElement(ownerElement)) | 1735 if (!isHTMLIFrameElement(ownerElement)) |
| 1802 return false; | 1736 return false; |
| (...skipping 156 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1959 m_documentLoader ? m_documentLoader->url() : String()); | 1893 m_documentLoader ? m_documentLoader->url() : String()); |
| 1960 return tracedValue; | 1894 return tracedValue; |
| 1961 } | 1895 } |
| 1962 | 1896 |
| 1963 inline void FrameLoader::takeObjectSnapshot() const { | 1897 inline void FrameLoader::takeObjectSnapshot() const { |
| 1964 TRACE_EVENT_OBJECT_SNAPSHOT_WITH_ID("loading", "FrameLoader", this, | 1898 TRACE_EVENT_OBJECT_SNAPSHOT_WITH_ID("loading", "FrameLoader", this, |
| 1965 toTracedValue()); | 1899 toTracedValue()); |
| 1966 } | 1900 } |
| 1967 | 1901 |
| 1968 } // namespace blink | 1902 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2488743003:
(Re-)introduce AncestorThrottle to handle 'X-Frame-Options'. (Closed)
