Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(202)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/loader/FrameLoader.cpp

Issue 2655463006: PlzNavigate: Enforce 'frame-src' CSP on the browser. (Closed)
Patch Set: Addressed comments @alexmos. Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« content/browser/frame_host/navigator_impl.cc ('K') | « third_party/WebKit/Source/core/loader/EmptyClients.cpp ('k') | third_party/WebKit/Source/web/LocalFrameClientImpl.h » ('j') | third_party/WebKit/Source/web/WebLocalFrameImpl.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights
3 * reserved. 3 * reserved.
4 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) 4 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
5 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. 5 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved.
6 * (http://www.torchmobile.com/) 6 * (http://www.torchmobile.com/)
7 * Copyright (C) 2008 Alp Toker <alp@atoker.com> 7 * Copyright (C) 2008 Alp Toker <alp@atoker.com>
8 * Copyright (C) Research In Motion Limited 2009. All rights reserved. 8 * Copyright (C) Research In Motion Limited 2009. All rights reserved.
9 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> 9 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com>
10 * Copyright (C) 2011 Google Inc. All rights reserved. 10 * Copyright (C) 2011 Google Inc. All rights reserved.
(...skipping 1618 matching lines...) Expand 10 before | Expand all | Expand 10 after
1629 ContentSecurityPolicyDisposition shouldCheckMainWorldContentSecurityPolicy, 1629 ContentSecurityPolicyDisposition shouldCheckMainWorldContentSecurityPolicy,
1630 NavigationType type, 1630 NavigationType type,
1631 NavigationPolicy policy, 1631 NavigationPolicy policy,
1632 FrameLoadType frameLoadType, 1632 FrameLoadType frameLoadType,
1633 bool isClientRedirect, 1633 bool isClientRedirect,
1634 HTMLFormElement* form) { 1634 HTMLFormElement* form) {
1635 // Don't ask if we are loading an empty URL. 1635 // Don't ask if we are loading an empty URL.
1636 if (request.url().isEmpty() || substituteData.isValid()) 1636 if (request.url().isEmpty() || substituteData.isValid())
1637 return true; 1637 return true;
1638 1638
1639 Settings* settings = m_frame->settings();
1640 bool browserSideNavigationEnabled =
1641 settings && settings->getBrowserSideNavigationEnabled();
1642
1639 // If we're loading content into |m_frame| (NavigationPolicyCurrentTab), check 1643 // If we're loading content into |m_frame| (NavigationPolicyCurrentTab), check
1640 // against the parent's Content Security Policy and kill the load if that 1644 // against the parent's Content Security Policy and kill the load if that
1641 // check fails, unless we should bypass the main world's CSP. 1645 // check fails, unless we should bypass the main world's CSP.
1642 if (policy == NavigationPolicyCurrentTab && 1646 if (policy == NavigationPolicyCurrentTab &&
1643 shouldCheckMainWorldContentSecurityPolicy == CheckContentSecurityPolicy) { 1647 shouldCheckMainWorldContentSecurityPolicy == CheckContentSecurityPolicy &&
1648 // TODO(arthursonzogni): 'frame-src' check is disabled on the
1649 // renderer side with browser-side-navigation, but is enforced on the
1650 // browser side. See http://crbug.com/692595 for understanding why it
1651 // can't be enforced on both sides instead.
1652 !browserSideNavigationEnabled) {
1644 Frame* parentFrame = m_frame->tree().parent(); 1653 Frame* parentFrame = m_frame->tree().parent();
1645 if (parentFrame) { 1654 if (parentFrame) {
1646 ContentSecurityPolicy* parentPolicy = 1655 ContentSecurityPolicy* parentPolicy =
1647 parentFrame->securityContext()->contentSecurityPolicy(); 1656 parentFrame->securityContext()->contentSecurityPolicy();
1648 if (!parentPolicy->allowFrameFromSource(request.url(), 1657 if (!parentPolicy->allowFrameFromSource(request.url(),
1649 request.redirectStatus())) { 1658 request.redirectStatus())) {
1650 // Fire a load event, as timing attacks would otherwise reveal that the 1659 // Fire a load event, as timing attacks would otherwise reveal that the
1651 // frame was blocked. This way, it looks like every other cross-origin 1660 // frame was blocked. This way, it looks like every other cross-origin
1652 // page load. 1661 // page load.
1653 m_frame->document()->enforceSandboxFlags(SandboxOrigin); 1662 m_frame->document()->enforceSandboxFlags(SandboxOrigin);
1654 m_frame->owner()->dispatchLoad(); 1663 m_frame->owner()->dispatchLoad();
1655 return false; 1664 return false;
1656 } 1665 }
1657 } 1666 }
1658 } 1667 }
1659 1668
1660 bool isFormSubmission = type == NavigationTypeFormSubmitted || 1669 bool isFormSubmission = type == NavigationTypeFormSubmitted ||
1661 type == NavigationTypeFormResubmitted; 1670 type == NavigationTypeFormResubmitted;
1662 if (isFormSubmission && 1671 if (isFormSubmission &&
1663 !m_frame->document()->contentSecurityPolicy()->allowFormAction( 1672 !m_frame->document()->contentSecurityPolicy()->allowFormAction(
1664 request.url())) 1673 request.url()))
1665 return false; 1674 return false;
1666 1675
1667 bool replacesCurrentHistoryItem = 1676 bool replacesCurrentHistoryItem =
1668 frameLoadType == FrameLoadTypeReplaceCurrentItem; 1677 frameLoadType == FrameLoadTypeReplaceCurrentItem;
1669 policy = client()->decidePolicyForNavigation(request, loader, type, policy, 1678 policy = client()->decidePolicyForNavigation(
1670 replacesCurrentHistoryItem, 1679 request, loader, type, policy, replacesCurrentHistoryItem,
1671 isClientRedirect, form); 1680 isClientRedirect, form, shouldCheckMainWorldContentSecurityPolicy);
1672 if (policy == NavigationPolicyCurrentTab) 1681 if (policy == NavigationPolicyCurrentTab)
1673 return true; 1682 return true;
1674 if (policy == NavigationPolicyIgnore) 1683 if (policy == NavigationPolicyIgnore)
1675 return false; 1684 return false;
1676 if (policy == NavigationPolicyHandledByClient) { 1685 if (policy == NavigationPolicyHandledByClient) {
1677 setNavigationHandledByClient(); 1686 setNavigationHandledByClient();
1678 // Mark the frame as loading since the embedder is handling the navigation. 1687 // Mark the frame as loading since the embedder is handling the navigation.
1679 m_progressTracker->progressStarted(frameLoadType); 1688 m_progressTracker->progressStarted(frameLoadType);
1680 1689
1681 m_frame->navigationScheduler().cancel(); 1690 m_frame->navigationScheduler().cancel();
(...skipping 350 matching lines...) Expand 10 before | Expand all | Expand 10 after
2032 m_isNavigationHandledByClient = true; 2041 m_isNavigationHandledByClient = true;
2033 InspectorInstrumentation::frameScheduledClientNavigation(m_frame); 2042 InspectorInstrumentation::frameScheduledClientNavigation(m_frame);
2034 } 2043 }
2035 2044
2036 void FrameLoader::clearNavigationHandledByClient() { 2045 void FrameLoader::clearNavigationHandledByClient() {
2037 m_isNavigationHandledByClient = false; 2046 m_isNavigationHandledByClient = false;
2038 InspectorInstrumentation::frameClearedScheduledClientNavigation(m_frame); 2047 InspectorInstrumentation::frameClearedScheduledClientNavigation(m_frame);
2039 } 2048 }
2040 2049
2041 } // namespace blink 2050 } // namespace blink
OLDNEW
« content/browser/frame_host/navigator_impl.cc ('K') | « third_party/WebKit/Source/core/loader/EmptyClients.cpp ('k') | third_party/WebKit/Source/web/LocalFrameClientImpl.h » ('j') | third_party/WebKit/Source/web/WebLocalFrameImpl.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698