OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights | 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights |
3 * reserved. | 3 * reserved. |
4 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) | 4 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) |
5 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. | 5 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. |
6 * (http://www.torchmobile.com/) | 6 * (http://www.torchmobile.com/) |
7 * Copyright (C) 2008 Alp Toker <alp@atoker.com> | 7 * Copyright (C) 2008 Alp Toker <alp@atoker.com> |
8 * Copyright (C) Research In Motion Limited 2009. All rights reserved. | 8 * Copyright (C) Research In Motion Limited 2009. All rights reserved. |
9 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> | 9 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> |
10 * Copyright (C) 2011 Google Inc. All rights reserved. | 10 * Copyright (C) 2011 Google Inc. All rights reserved. |
(...skipping 1610 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1621 bool FrameLoader::shouldContinueForNavigationPolicy( | 1621 bool FrameLoader::shouldContinueForNavigationPolicy( |
1622 const ResourceRequest& request, | 1622 const ResourceRequest& request, |
1623 const SubstituteData& substituteData, | 1623 const SubstituteData& substituteData, |
1624 DocumentLoader* loader, | 1624 DocumentLoader* loader, |
1625 ContentSecurityPolicyDisposition shouldCheckMainWorldContentSecurityPolicy, | 1625 ContentSecurityPolicyDisposition shouldCheckMainWorldContentSecurityPolicy, |
1626 NavigationType type, | 1626 NavigationType type, |
1627 NavigationPolicy policy, | 1627 NavigationPolicy policy, |
1628 FrameLoadType frameLoadType, | 1628 FrameLoadType frameLoadType, |
1629 bool isClientRedirect, | 1629 bool isClientRedirect, |
1630 HTMLFormElement* form) { | 1630 HTMLFormElement* form) { |
1631 Settings* settings = m_frame->settings(); | |
1632 bool browserSideNavigationEnabled = | |
1633 settings && settings->getBrowserSideNavigationEnabled(); | |
1634 | |
1631 // Don't ask if we are loading an empty URL. | 1635 // Don't ask if we are loading an empty URL. |
1632 if (request.url().isEmpty() || substituteData.isValid()) | 1636 if (request.url().isEmpty() || substituteData.isValid()) |
1633 return true; | 1637 return true; |
1634 | 1638 |
1635 // If we're loading content into |m_frame| (NavigationPolicyCurrentTab), check | 1639 // If we're loading content into |m_frame| (NavigationPolicyCurrentTab), check |
1636 // against the parent's Content Security Policy and kill the load if that | 1640 // against the parent's Content Security Policy and kill the load if that |
1637 // check fails, unless we should bypass the main world's CSP. | 1641 // check fails, unless we should bypass the main world's CSP. |
1638 if (policy == NavigationPolicyCurrentTab && | 1642 if (policy == NavigationPolicyCurrentTab && |
1639 shouldCheckMainWorldContentSecurityPolicy == CheckContentSecurityPolicy) { | 1643 shouldCheckMainWorldContentSecurityPolicy == CheckContentSecurityPolicy && |
1644 !browserSideNavigationEnabled) { | |
arthursonzogni
2017/02/10 16:42:22
Note: It is possible to check the CSP with PlzNavi
alexmos
2017/02/10 22:59:53
I might be fuzzy on how this part works with PlzNa
arthursonzogni
2017/02/13 16:33:20
With PlzNavigate, we currently use a dirty hack to
alexmos
2017/02/14 06:57:20
Acknowledged, thanks for the explanation. Can you
arthursonzogni
2017/02/15 17:02:16
Done. See http://crbug.com/692595
| |
1640 Frame* parentFrame = m_frame->tree().parent(); | 1645 Frame* parentFrame = m_frame->tree().parent(); |
1641 if (parentFrame) { | 1646 if (parentFrame) { |
1642 ContentSecurityPolicy* parentPolicy = | 1647 ContentSecurityPolicy* parentPolicy = |
1643 parentFrame->securityContext()->contentSecurityPolicy(); | 1648 parentFrame->securityContext()->contentSecurityPolicy(); |
1644 if (!parentPolicy->allowFrameFromSource(request.url(), | 1649 if (!parentPolicy->allowFrameFromSource(request.url(), |
1645 request.redirectStatus())) { | 1650 request.redirectStatus())) { |
1646 // Fire a load event, as timing attacks would otherwise reveal that the | 1651 // Fire a load event, as timing attacks would otherwise reveal that the |
1647 // frame was blocked. This way, it looks like every other cross-origin | 1652 // frame was blocked. This way, it looks like every other cross-origin |
1648 // page load. | 1653 // page load. |
1649 m_frame->document()->enforceSandboxFlags(SandboxOrigin); | 1654 m_frame->document()->enforceSandboxFlags(SandboxOrigin); |
1650 m_frame->owner()->dispatchLoad(); | 1655 m_frame->owner()->dispatchLoad(); |
1651 return false; | 1656 return false; |
1652 } | 1657 } |
1653 } | 1658 } |
1654 } | 1659 } |
1655 | 1660 |
1656 bool isFormSubmission = type == NavigationTypeFormSubmitted || | 1661 bool isFormSubmission = type == NavigationTypeFormSubmitted || |
1657 type == NavigationTypeFormResubmitted; | 1662 type == NavigationTypeFormResubmitted; |
1658 if (isFormSubmission && | 1663 if (isFormSubmission && |
1659 !m_frame->document()->contentSecurityPolicy()->allowFormAction( | 1664 !m_frame->document()->contentSecurityPolicy()->allowFormAction( |
1660 request.url())) | 1665 request.url())) |
1661 return false; | 1666 return false; |
1662 | 1667 |
1663 bool replacesCurrentHistoryItem = | 1668 bool replacesCurrentHistoryItem = |
1664 frameLoadType == FrameLoadTypeReplaceCurrentItem; | 1669 frameLoadType == FrameLoadTypeReplaceCurrentItem; |
1665 policy = client()->decidePolicyForNavigation(request, loader, type, policy, | 1670 policy = client()->decidePolicyForNavigation( |
1666 replacesCurrentHistoryItem, | 1671 request, loader, type, policy, replacesCurrentHistoryItem, |
1667 isClientRedirect, form); | 1672 isClientRedirect, form, shouldCheckMainWorldContentSecurityPolicy); |
1668 if (policy == NavigationPolicyCurrentTab) | 1673 if (policy == NavigationPolicyCurrentTab) |
1669 return true; | 1674 return true; |
1670 if (policy == NavigationPolicyIgnore) | 1675 if (policy == NavigationPolicyIgnore) |
1671 return false; | 1676 return false; |
1672 if (policy == NavigationPolicyHandledByClient) { | 1677 if (policy == NavigationPolicyHandledByClient) { |
1673 m_isNavigationHandledByClient = true; | 1678 m_isNavigationHandledByClient = true; |
1674 // Mark the frame as loading since the embedder is handling the navigation. | 1679 // Mark the frame as loading since the embedder is handling the navigation. |
1675 m_progressTracker->progressStarted(frameLoadType); | 1680 m_progressTracker->progressStarted(frameLoadType); |
1676 | 1681 |
1677 m_frame->navigationScheduler().cancel(); | 1682 m_frame->navigationScheduler().cancel(); |
(...skipping 332 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2010 frameLoadRequest.clientRedirect()); | 2015 frameLoadRequest.clientRedirect()); |
2011 | 2016 |
2012 loader->setLoadType(loadType); | 2017 loader->setLoadType(loadType); |
2013 loader->setNavigationType(navigationType); | 2018 loader->setNavigationType(navigationType); |
2014 loader->setReplacesCurrentHistoryItem(loadType == | 2019 loader->setReplacesCurrentHistoryItem(loadType == |
2015 FrameLoadTypeReplaceCurrentItem); | 2020 FrameLoadTypeReplaceCurrentItem); |
2016 return loader; | 2021 return loader; |
2017 } | 2022 } |
2018 | 2023 |
2019 } // namespace blink | 2024 } // namespace blink |
OLD | NEW |