Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(13)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/loader/FrameLoader.cpp

Issue 2655463006: PlzNavigate: Enforce 'frame-src' CSP on the browser. (Closed)
Patch Set: Addressed comments Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/loader/EmptyClients.cpp ('k') | third_party/WebKit/Source/web/LocalFrameClientImpl.h » ('j') | third_party/WebKit/public/web/WebFrameClient.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights
3 * reserved. 3 * reserved.
4 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) 4 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
5 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. 5 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved.
6 * (http://www.torchmobile.com/) 6 * (http://www.torchmobile.com/)
7 * Copyright (C) 2008 Alp Toker <alp@atoker.com> 7 * Copyright (C) 2008 Alp Toker <alp@atoker.com>
8 * Copyright (C) Research In Motion Limited 2009. All rights reserved. 8 * Copyright (C) Research In Motion Limited 2009. All rights reserved.
9 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> 9 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com>
10 * Copyright (C) 2011 Google Inc. All rights reserved. 10 * Copyright (C) 2011 Google Inc. All rights reserved.
(...skipping 1611 matching lines...) Expand 10 before | Expand all | Expand 10 after
1622 ContentSecurityPolicyDisposition shouldCheckMainWorldContentSecurityPolicy, 1622 ContentSecurityPolicyDisposition shouldCheckMainWorldContentSecurityPolicy,
1623 NavigationType type, 1623 NavigationType type,
1624 NavigationPolicy policy, 1624 NavigationPolicy policy,
1625 FrameLoadType frameLoadType, 1625 FrameLoadType frameLoadType,
1626 bool isClientRedirect, 1626 bool isClientRedirect,
1627 HTMLFormElement* form) { 1627 HTMLFormElement* form) {
1628 // Don't ask if we are loading an empty URL. 1628 // Don't ask if we are loading an empty URL.
1629 if (request.url().isEmpty() || substituteData.isValid()) 1629 if (request.url().isEmpty() || substituteData.isValid())
1630 return NavigationPolicyCurrentTab; 1630 return NavigationPolicyCurrentTab;
1631 1631
1632 Settings* settings = m_frame->settings();
1633 bool browserSideNavigationEnabled =
1634 settings && settings->getBrowserSideNavigationEnabled();
1635
1632 // If we're loading content into |m_frame| (NavigationPolicyCurrentTab), check 1636 // If we're loading content into |m_frame| (NavigationPolicyCurrentTab), check
1633 // against the parent's Content Security Policy and kill the load if that 1637 // against the parent's Content Security Policy and kill the load if that
1634 // check fails, unless we should bypass the main world's CSP. 1638 // check fails, unless we should bypass the main world's CSP.
1635 if (policy == NavigationPolicyCurrentTab && 1639 if (policy == NavigationPolicyCurrentTab &&
1636 shouldCheckMainWorldContentSecurityPolicy == CheckContentSecurityPolicy) { 1640 shouldCheckMainWorldContentSecurityPolicy == CheckContentSecurityPolicy &&
1641 // TODO(arthursonzogni): 'frame-src' check is disabled on the
1642 // renderer side with browser-side-navigation, but is enforced on the
1643 // browser side. See http://crbug.com/692595 for understanding why it
1644 // can't be enforced on both sides instead.
1645 !browserSideNavigationEnabled) {
1637 Frame* parentFrame = m_frame->tree().parent(); 1646 Frame* parentFrame = m_frame->tree().parent();
1638 if (parentFrame) { 1647 if (parentFrame) {
1639 ContentSecurityPolicy* parentPolicy = 1648 ContentSecurityPolicy* parentPolicy =
1640 parentFrame->securityContext()->contentSecurityPolicy(); 1649 parentFrame->securityContext()->contentSecurityPolicy();
1641 if (!parentPolicy->allowFrameFromSource(request.url(), 1650 if (!parentPolicy->allowFrameFromSource(request.url(),
1642 request.redirectStatus())) { 1651 request.redirectStatus())) {
1643 // Fire a load event, as timing attacks would otherwise reveal that the 1652 // Fire a load event, as timing attacks would otherwise reveal that the
1644 // frame was blocked. This way, it looks like every other cross-origin 1653 // frame was blocked. This way, it looks like every other cross-origin
1645 // page load. 1654 // page load.
1646 m_frame->document()->enforceSandboxFlags(SandboxOrigin); 1655 m_frame->document()->enforceSandboxFlags(SandboxOrigin);
1647 m_frame->owner()->dispatchLoad(); 1656 m_frame->owner()->dispatchLoad();
1648 return NavigationPolicyIgnore; 1657 return NavigationPolicyIgnore;
1649 } 1658 }
1650 } 1659 }
1651 } 1660 }
1652 1661
1653 bool isFormSubmission = type == NavigationTypeFormSubmitted || 1662 bool isFormSubmission = type == NavigationTypeFormSubmitted ||
1654 type == NavigationTypeFormResubmitted; 1663 type == NavigationTypeFormResubmitted;
1655 if (isFormSubmission && 1664 if (isFormSubmission &&
1656 !m_frame->document()->contentSecurityPolicy()->allowFormAction( 1665 !m_frame->document()->contentSecurityPolicy()->allowFormAction(
1657 request.url())) 1666 request.url()))
1658 return NavigationPolicyIgnore; 1667 return NavigationPolicyIgnore;
1659 1668
1660 bool replacesCurrentHistoryItem = 1669 bool replacesCurrentHistoryItem =
1661 frameLoadType == FrameLoadTypeReplaceCurrentItem; 1670 frameLoadType == FrameLoadTypeReplaceCurrentItem;
1662 policy = client()->decidePolicyForNavigation(request, loader, type, policy, 1671 policy = client()->decidePolicyForNavigation(
1663 replacesCurrentHistoryItem, 1672 request, loader, type, policy, replacesCurrentHistoryItem,
1664 isClientRedirect, form); 1673 isClientRedirect, form, shouldCheckMainWorldContentSecurityPolicy);
1665 if (policy == NavigationPolicyCurrentTab || 1674 if (policy == NavigationPolicyCurrentTab ||
1666 policy == NavigationPolicyIgnore || 1675 policy == NavigationPolicyIgnore ||
1667 policy == NavigationPolicyHandledByClient || 1676 policy == NavigationPolicyHandledByClient ||
1668 policy == NavigationPolicyHandledByClientForInitialHistory) { 1677 policy == NavigationPolicyHandledByClientForInitialHistory) {
1669 return policy; 1678 return policy;
1670 } 1679 }
1671 1680
1672 if (!LocalDOMWindow::allowPopUp(*m_frame) && 1681 if (!LocalDOMWindow::allowPopUp(*m_frame) &&
1673 !UserGestureIndicator::utilizeUserGesture()) 1682 !UserGestureIndicator::utilizeUserGesture())
1674 return NavigationPolicyIgnore; 1683 return NavigationPolicyIgnore;
(...skipping 306 matching lines...) Expand 10 before | Expand all | Expand 10 after
1981 frameLoadRequest.clientRedirect()); 1990 frameLoadRequest.clientRedirect());
1982 1991
1983 loader->setLoadType(loadType); 1992 loader->setLoadType(loadType);
1984 loader->setNavigationType(navigationType); 1993 loader->setNavigationType(navigationType);
1985 loader->setReplacesCurrentHistoryItem(loadType == 1994 loader->setReplacesCurrentHistoryItem(loadType ==
1986 FrameLoadTypeReplaceCurrentItem); 1995 FrameLoadTypeReplaceCurrentItem);
1987 return loader; 1996 return loader;
1988 } 1997 }
1989 1998
1990 } // namespace blink 1999 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/loader/EmptyClients.cpp ('k') | third_party/WebKit/Source/web/LocalFrameClientImpl.h » ('j') | third_party/WebKit/public/web/WebFrameClient.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698