OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. |
3 * Copyright (C) 2011 Google Inc. All rights reserved. | 3 * Copyright (C) 2011 Google Inc. All rights reserved. |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
7 * are met: | 7 * are met: |
8 * | 8 * |
9 * 1. Redistributions of source code must retain the above copyright | 9 * 1. Redistributions of source code must retain the above copyright |
10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
(...skipping 451 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
462 if (RuntimeEnabledFeatures::embedderCSPEnforcementEnabled() && | 462 if (RuntimeEnabledFeatures::embedderCSPEnforcementEnabled() && |
463 !frameLoader()->requiredCSP().isEmpty()) { | 463 !frameLoader()->requiredCSP().isEmpty()) { |
464 SecurityOrigin* parentSecurityOrigin = | 464 SecurityOrigin* parentSecurityOrigin = |
465 frame()->tree().parent()->securityContext()->getSecurityOrigin(); | 465 frame()->tree().parent()->securityContext()->getSecurityOrigin(); |
466 if (ContentSecurityPolicy::shouldEnforceEmbeddersPolicy( | 466 if (ContentSecurityPolicy::shouldEnforceEmbeddersPolicy( |
467 response, parentSecurityOrigin)) { | 467 response, parentSecurityOrigin)) { |
468 m_contentSecurityPolicy->addPolicyFromHeaderValue( | 468 m_contentSecurityPolicy->addPolicyFromHeaderValue( |
469 frameLoader()->requiredCSP(), ContentSecurityPolicyHeaderTypeEnforce, | 469 frameLoader()->requiredCSP(), ContentSecurityPolicyHeaderTypeEnforce, |
470 ContentSecurityPolicyHeaderSourceHTTP); | 470 ContentSecurityPolicyHeaderSourceHTTP); |
471 } else { | 471 } else { |
472 String message = "Refused to display '" + response.url().elidedString() + | 472 ContentSecurityPolicy* embeddingCSP = ContentSecurityPolicy::create(); |
473 "' because it has not opted-into the following policy " | 473 embeddingCSP->addPolicyFromHeaderValue( |
474 "required by its embedder: '" + | 474 frameLoader()->requiredCSP(), ContentSecurityPolicyHeaderTypeEnforce, |
475 frameLoader()->requiredCSP() + "'."; | 475 ContentSecurityPolicyHeaderSourceHTTP); |
476 ConsoleMessage* consoleMessage = ConsoleMessage::createForRequest( | 476 if (!embeddingCSP->subsumes(*m_contentSecurityPolicy)) { |
477 SecurityMessageSource, ErrorMessageLevel, message, response.url(), | 477 String message = "Refused to display '" + |
478 mainResourceIdentifier()); | 478 response.url().elidedString() + |
479 frame()->document()->addConsoleMessage(consoleMessage); | 479 "' because it has not opted-into the following policy " |
480 cancelLoadAfterXFrameOptionsOrCSPDenied(response); | 480 "required by its embedder: '" + |
481 return; | 481 frameLoader()->requiredCSP() + "'."; |
| 482 ConsoleMessage* consoleMessage = ConsoleMessage::createForRequest( |
| 483 SecurityMessageSource, ErrorMessageLevel, message, response.url(), |
| 484 mainResourceIdentifier()); |
| 485 frame()->document()->addConsoleMessage(consoleMessage); |
| 486 cancelLoadAfterXFrameOptionsOrCSPDenied(response); |
| 487 return; |
| 488 } |
482 } | 489 } |
483 } | 490 } |
484 | 491 |
485 DCHECK(!m_frame->page()->suspended()); | 492 DCHECK(!m_frame->page()->suspended()); |
486 | 493 |
487 m_response = response; | 494 m_response = response; |
488 | 495 |
489 if (isArchiveMIMEType(m_response.mimeType()) && | 496 if (isArchiveMIMEType(m_response.mimeType()) && |
490 m_mainResource->getDataBufferingPolicy() != BufferData) | 497 m_mainResource->getDataBufferingPolicy() != BufferData) |
491 m_mainResource->setDataBufferingPolicy(BufferData); | 498 m_mainResource->setDataBufferingPolicy(BufferData); |
(...skipping 302 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
794 m_writer ? m_writer->encoding() : emptyAtom, true, | 801 m_writer ? m_writer->encoding() : emptyAtom, true, |
795 ForceSynchronousParsing); | 802 ForceSynchronousParsing); |
796 if (!source.isNull()) | 803 if (!source.isNull()) |
797 m_writer->appendReplacingData(source); | 804 m_writer->appendReplacingData(source); |
798 endWriting(); | 805 endWriting(); |
799 } | 806 } |
800 | 807 |
801 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); | 808 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); |
802 | 809 |
803 } // namespace blink | 810 } // namespace blink |
OLD | NEW |