OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights | 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights |
3 * reserved. | 3 * reserved. |
4 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) | 4 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) |
5 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. | 5 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. |
6 * (http://www.torchmobile.com/) | 6 * (http://www.torchmobile.com/) |
7 * Copyright (C) 2008 Alp Toker <alp@atoker.com> | 7 * Copyright (C) 2008 Alp Toker <alp@atoker.com> |
8 * Copyright (C) Research In Motion Limited 2009. All rights reserved. | 8 * Copyright (C) Research In Motion Limited 2009. All rights reserved. |
9 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> | 9 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> |
10 * Copyright (C) 2011 Google Inc. All rights reserved. | 10 * Copyright (C) 2011 Google Inc. All rights reserved. |
(...skipping 1614 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1625 bool FrameLoader::shouldContinueForNavigationPolicy( | 1625 bool FrameLoader::shouldContinueForNavigationPolicy( |
1626 const ResourceRequest& request, | 1626 const ResourceRequest& request, |
1627 const SubstituteData& substituteData, | 1627 const SubstituteData& substituteData, |
1628 DocumentLoader* loader, | 1628 DocumentLoader* loader, |
1629 ContentSecurityPolicyDisposition shouldCheckMainWorldContentSecurityPolicy, | 1629 ContentSecurityPolicyDisposition shouldCheckMainWorldContentSecurityPolicy, |
1630 NavigationType type, | 1630 NavigationType type, |
1631 NavigationPolicy policy, | 1631 NavigationPolicy policy, |
1632 FrameLoadType frameLoadType, | 1632 FrameLoadType frameLoadType, |
1633 bool isClientRedirect, | 1633 bool isClientRedirect, |
1634 HTMLFormElement* form) { | 1634 HTMLFormElement* form) { |
1635 Settings* settings = m_frame->settings(); | |
1636 bool browserSideNavigationEnabled = | |
1637 settings && settings->getBrowserSideNavigationEnabled(); | |
alexmos
2017/02/24 06:40:27
nit: could move this after the if statement below,
arthursonzogni
2017/02/24 16:13:29
Done.
| |
1638 | |
1635 // Don't ask if we are loading an empty URL. | 1639 // Don't ask if we are loading an empty URL. |
1636 if (request.url().isEmpty() || substituteData.isValid()) | 1640 if (request.url().isEmpty() || substituteData.isValid()) |
1637 return true; | 1641 return true; |
1638 | 1642 |
1639 // If we're loading content into |m_frame| (NavigationPolicyCurrentTab), check | 1643 // If we're loading content into |m_frame| (NavigationPolicyCurrentTab), check |
1640 // against the parent's Content Security Policy and kill the load if that | 1644 // against the parent's Content Security Policy and kill the load if that |
1641 // check fails, unless we should bypass the main world's CSP. | 1645 // check fails, unless we should bypass the main world's CSP. |
1642 if (policy == NavigationPolicyCurrentTab && | 1646 if (policy == NavigationPolicyCurrentTab && |
1643 shouldCheckMainWorldContentSecurityPolicy == CheckContentSecurityPolicy) { | 1647 shouldCheckMainWorldContentSecurityPolicy == CheckContentSecurityPolicy && |
1648 // TODO(arthursonzogni): 'frame-src' check is disabled on the | |
1649 // renderer-side with browser-side-navigation, but is enforced on the | |
1650 // browser-side. See http://crbug.com/692595 for understanding why it | |
1651 // can't be enforced on both side instead. | |
alexmos
2017/02/24 06:40:28
nit: s/side/sides/
arthursonzogni
2017/02/24 16:13:29
Done.
| |
1652 !browserSideNavigationEnabled) { | |
1644 Frame* parentFrame = m_frame->tree().parent(); | 1653 Frame* parentFrame = m_frame->tree().parent(); |
1645 if (parentFrame) { | 1654 if (parentFrame) { |
1646 ContentSecurityPolicy* parentPolicy = | 1655 ContentSecurityPolicy* parentPolicy = |
1647 parentFrame->securityContext()->contentSecurityPolicy(); | 1656 parentFrame->securityContext()->contentSecurityPolicy(); |
1648 if (!parentPolicy->allowFrameFromSource(request.url(), | 1657 if (!parentPolicy->allowFrameFromSource(request.url(), |
1649 request.redirectStatus())) { | 1658 request.redirectStatus())) { |
1650 // Fire a load event, as timing attacks would otherwise reveal that the | 1659 // Fire a load event, as timing attacks would otherwise reveal that the |
1651 // frame was blocked. This way, it looks like every other cross-origin | 1660 // frame was blocked. This way, it looks like every other cross-origin |
1652 // page load. | 1661 // page load. |
1653 m_frame->document()->enforceSandboxFlags(SandboxOrigin); | 1662 m_frame->document()->enforceSandboxFlags(SandboxOrigin); |
1654 m_frame->owner()->dispatchLoad(); | 1663 m_frame->owner()->dispatchLoad(); |
1655 return false; | 1664 return false; |
1656 } | 1665 } |
1657 } | 1666 } |
1658 } | 1667 } |
1659 | 1668 |
1660 bool isFormSubmission = type == NavigationTypeFormSubmitted || | 1669 bool isFormSubmission = type == NavigationTypeFormSubmitted || |
1661 type == NavigationTypeFormResubmitted; | 1670 type == NavigationTypeFormResubmitted; |
1662 if (isFormSubmission && | 1671 if (isFormSubmission && |
1663 !m_frame->document()->contentSecurityPolicy()->allowFormAction( | 1672 !m_frame->document()->contentSecurityPolicy()->allowFormAction( |
1664 request.url())) | 1673 request.url())) |
1665 return false; | 1674 return false; |
1666 | 1675 |
1667 bool replacesCurrentHistoryItem = | 1676 bool replacesCurrentHistoryItem = |
1668 frameLoadType == FrameLoadTypeReplaceCurrentItem; | 1677 frameLoadType == FrameLoadTypeReplaceCurrentItem; |
1669 policy = client()->decidePolicyForNavigation(request, loader, type, policy, | 1678 policy = client()->decidePolicyForNavigation( |
1670 replacesCurrentHistoryItem, | 1679 request, loader, type, policy, replacesCurrentHistoryItem, |
1671 isClientRedirect, form); | 1680 isClientRedirect, form, shouldCheckMainWorldContentSecurityPolicy); |
1672 if (policy == NavigationPolicyCurrentTab) | 1681 if (policy == NavigationPolicyCurrentTab) |
1673 return true; | 1682 return true; |
1674 if (policy == NavigationPolicyIgnore) | 1683 if (policy == NavigationPolicyIgnore) |
1675 return false; | 1684 return false; |
1676 if (policy == NavigationPolicyHandledByClient) { | 1685 if (policy == NavigationPolicyHandledByClient) { |
1677 setNavigationHandledByClient(); | 1686 setNavigationHandledByClient(); |
1678 // Mark the frame as loading since the embedder is handling the navigation. | 1687 // Mark the frame as loading since the embedder is handling the navigation. |
1679 m_progressTracker->progressStarted(frameLoadType); | 1688 m_progressTracker->progressStarted(frameLoadType); |
1680 | 1689 |
1681 m_frame->navigationScheduler().cancel(); | 1690 m_frame->navigationScheduler().cancel(); |
(...skipping 348 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2030 m_isNavigationHandledByClient = true; | 2039 m_isNavigationHandledByClient = true; |
2031 InspectorInstrumentation::frameScheduledClientNavigation(m_frame); | 2040 InspectorInstrumentation::frameScheduledClientNavigation(m_frame); |
2032 } | 2041 } |
2033 | 2042 |
2034 void FrameLoader::clearNavigationHandledByClient() { | 2043 void FrameLoader::clearNavigationHandledByClient() { |
2035 m_isNavigationHandledByClient = false; | 2044 m_isNavigationHandledByClient = false; |
2036 InspectorInstrumentation::frameClearedScheduledClientNavigation(m_frame); | 2045 InspectorInstrumentation::frameClearedScheduledClientNavigation(m_frame); |
2037 } | 2046 } |
2038 | 2047 |
2039 } // namespace blink | 2048 } // namespace blink |
OLD | NEW |