| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 778 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 789 // embedded-credential ('http://user:password@...') resources embedded as | 789 // embedded-credential ('http://user:password@...') resources embedded as |
| 790 // subresources. in the hopes that we can block them at some point in the | 790 // subresources. in the hopes that we can block them at some point in the |
| 791 // future. | 791 // future. |
| 792 if (resourceRequest.frameType() != WebURLRequest::FrameTypeTopLevel) { | 792 if (resourceRequest.frameType() != WebURLRequest::FrameTypeTopLevel) { |
| 793 DCHECK(frame()->document()); | 793 DCHECK(frame()->document()); |
| 794 if (SchemeRegistry::shouldTreatURLSchemeAsLegacy(url.protocol()) && | 794 if (SchemeRegistry::shouldTreatURLSchemeAsLegacy(url.protocol()) && |
| 795 !SchemeRegistry::shouldTreatURLSchemeAsLegacy( | 795 !SchemeRegistry::shouldTreatURLSchemeAsLegacy( |
| 796 frame()->document()->getSecurityOrigin()->protocol())) { | 796 frame()->document()->getSecurityOrigin()->protocol())) { |
| 797 Deprecation::countDeprecation( | 797 Deprecation::countDeprecation( |
| 798 frame()->document(), UseCounter::LegacyProtocolEmbeddedAsSubresource); | 798 frame()->document(), UseCounter::LegacyProtocolEmbeddedAsSubresource); |
| 799 |
| 800 // TODO(mkwst): Drop the runtime-enabled check in M59: |
| 801 // https://www.chromestatus.com/feature/5709390967472128 |
| 802 if (RuntimeEnabledFeatures::blockLegacySubresourcesEnabled()) |
| 803 return ResourceRequestBlockedReason::Origin; |
| 799 } | 804 } |
| 800 if (!url.user().isEmpty() || !url.pass().isEmpty()) { | 805 if (!url.user().isEmpty() || !url.pass().isEmpty()) { |
| 801 Deprecation::countDeprecation( | 806 Deprecation::countDeprecation( |
| 802 frame()->document(), | 807 frame()->document(), |
| 803 UseCounter::RequestedSubresourceWithEmbeddedCredentials); | 808 UseCounter::RequestedSubresourceWithEmbeddedCredentials); |
| 804 } | 809 } |
| 805 } | 810 } |
| 806 | 811 |
| 807 // Check for mixed content. We do this second-to-last so that when folks block | 812 // Check for mixed content. We do this second-to-last so that when folks block |
| 808 // mixed content with a CSP policy, they don't get a warning. They'll still | 813 // mixed content with a CSP policy, they don't get a warning. They'll still |
| (...skipping 296 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1105 response); | 1110 response); |
| 1106 } | 1111 } |
| 1107 | 1112 |
| 1108 DEFINE_TRACE(FrameFetchContext) { | 1113 DEFINE_TRACE(FrameFetchContext) { |
| 1109 visitor->trace(m_document); | 1114 visitor->trace(m_document); |
| 1110 visitor->trace(m_documentLoader); | 1115 visitor->trace(m_documentLoader); |
| 1111 FetchContext::trace(visitor); | 1116 FetchContext::trace(visitor); |
| 1112 } | 1117 } |
| 1113 | 1118 |
| 1114 } // namespace blink | 1119 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2656443005:
Block 'ftp:' subresource requests from non-'ftp:' pages. (Closed)
