| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 785 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 796 | 796 |
| 797 // TODO(mkwst): Drop the runtime-enabled check in M59: | 797 // TODO(mkwst): Drop the runtime-enabled check in M59: |
| 798 // https://www.chromestatus.com/feature/5709390967472128 | 798 // https://www.chromestatus.com/feature/5709390967472128 |
| 799 if (RuntimeEnabledFeatures::blockLegacySubresourcesEnabled()) | 799 if (RuntimeEnabledFeatures::blockLegacySubresourcesEnabled()) |
| 800 return ResourceRequestBlockedReason::Origin; | 800 return ResourceRequestBlockedReason::Origin; |
| 801 } | 801 } |
| 802 if (!url.user().isEmpty() || !url.pass().isEmpty()) { | 802 if (!url.user().isEmpty() || !url.pass().isEmpty()) { |
| 803 Deprecation::countDeprecation( | 803 Deprecation::countDeprecation( |
| 804 frame()->document(), | 804 frame()->document(), |
| 805 UseCounter::RequestedSubresourceWithEmbeddedCredentials); | 805 UseCounter::RequestedSubresourceWithEmbeddedCredentials); |
| 806 // TODO(mkwst): Remove the runtime-enabled check in M59: |
| 807 // https://www.chromestatus.com/feature/5669008342777856 |
| 808 if (RuntimeEnabledFeatures::blockCredentialedSubresourcesEnabled()) |
| 809 return ResourceRequestBlockedReason::Origin; |
| 806 } | 810 } |
| 807 } | 811 } |
| 808 | 812 |
| 809 // Check for mixed content. We do this second-to-last so that when folks block | 813 // Check for mixed content. We do this second-to-last so that when folks block |
| 810 // mixed content with a CSP policy, they don't get a warning. They'll still | 814 // mixed content with a CSP policy, they don't get a warning. They'll still |
| 811 // get a warning in the console about CSP blocking the load. | 815 // get a warning in the console about CSP blocking the load. |
| 812 if (MixedContentChecker::shouldBlockFetch(frame(), resourceRequest, url, | 816 if (MixedContentChecker::shouldBlockFetch(frame(), resourceRequest, url, |
| 813 reportingPolicy)) | 817 reportingPolicy)) |
| 814 return ResourceRequestBlockedReason::MixedContent; | 818 return ResourceRequestBlockedReason::MixedContent; |
| 815 | 819 |
| (...skipping 259 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1075 response); | 1079 response); |
| 1076 } | 1080 } |
| 1077 | 1081 |
| 1078 DEFINE_TRACE(FrameFetchContext) { | 1082 DEFINE_TRACE(FrameFetchContext) { |
| 1079 visitor->trace(m_document); | 1083 visitor->trace(m_document); |
| 1080 visitor->trace(m_documentLoader); | 1084 visitor->trace(m_documentLoader); |
| 1081 FetchContext::trace(visitor); | 1085 FetchContext::trace(visitor); |
| 1082 } | 1086 } |
| 1083 | 1087 |
| 1084 } // namespace blink | 1088 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2651943002:
Block subresource requests whose URLs include credentials. (Closed)
