Index: third_party/WebKit/Source/core/loader/FrameLoader.cpp |
diff --git a/third_party/WebKit/Source/core/loader/FrameLoader.cpp b/third_party/WebKit/Source/core/loader/FrameLoader.cpp |
index 4ecd86acfe5d193b17657f2d080407ce30c033ae..ab44b05716ef00335c641230536be0b24dc05cf5 100644 |
--- a/third_party/WebKit/Source/core/loader/FrameLoader.cpp |
+++ b/third_party/WebKit/Source/core/loader/FrameLoader.cpp |
@@ -1724,72 +1724,6 @@ void FrameLoader::applyUserAgent(ResourceRequest& request) { |
request.setHTTPUserAgent(AtomicString(userAgent)); |
} |
-bool FrameLoader::shouldInterruptLoadForXFrameOptions( |
- const String& content, |
- const KURL& url, |
- unsigned long requestIdentifier) { |
- UseCounter::count(m_frame->domWindow()->document(), |
- UseCounter::XFrameOptions); |
- |
- Frame* topFrame = m_frame->tree().top(); |
- if (m_frame == topFrame) |
- return false; |
- |
- XFrameOptionsDisposition disposition = parseXFrameOptionsHeader(content); |
- |
- switch (disposition) { |
- case XFrameOptionsSameOrigin: { |
- UseCounter::count(m_frame->domWindow()->document(), |
- UseCounter::XFrameOptionsSameOrigin); |
- RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url); |
- // Out-of-process ancestors are always a different origin. |
- if (!topFrame->isLocalFrame() || |
- !origin->isSameSchemeHostPort( |
- toLocalFrame(topFrame)->document()->getSecurityOrigin())) |
- return true; |
- for (Frame* frame = m_frame->tree().parent(); frame; |
- frame = frame->tree().parent()) { |
- if (!frame->isLocalFrame() || |
- !origin->isSameSchemeHostPort( |
- toLocalFrame(frame)->document()->getSecurityOrigin())) { |
- UseCounter::count( |
- m_frame->domWindow()->document(), |
- UseCounter::XFrameOptionsSameOriginWithBadAncestorChain); |
- break; |
- } |
- } |
- return false; |
- } |
- case XFrameOptionsDeny: |
- return true; |
- case XFrameOptionsAllowAll: |
- return false; |
- case XFrameOptionsConflict: { |
- ConsoleMessage* consoleMessage = ConsoleMessage::createForRequest( |
- JSMessageSource, ErrorMessageLevel, |
- "Multiple 'X-Frame-Options' headers with conflicting values ('" + |
- content + "') encountered when loading '" + url.elidedString() + |
- "'. Falling back to 'DENY'.", |
- url, requestIdentifier); |
- m_frame->document()->addConsoleMessage(consoleMessage); |
- return true; |
- } |
- case XFrameOptionsInvalid: { |
- ConsoleMessage* consoleMessage = ConsoleMessage::createForRequest( |
- JSMessageSource, ErrorMessageLevel, |
- "Invalid 'X-Frame-Options' header encountered when loading '" + |
- url.elidedString() + "': '" + content + |
- "' is not a recognized directive. The header will be ignored.", |
- url, requestIdentifier); |
- m_frame->document()->addConsoleMessage(consoleMessage); |
- return false; |
- } |
- default: |
- NOTREACHED(); |
- return false; |
- } |
-} |
- |
bool FrameLoader::shouldTreatURLAsSameAsCurrent(const KURL& url) const { |
return m_currentItem && url == m_currentItem->url(); |
} |