OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 778 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
789 // embedded-credential ('http://user:password@...') resources embedded as | 789 // embedded-credential ('http://user:password@...') resources embedded as |
790 // subresources. in the hopes that we can block them at some point in the | 790 // subresources. in the hopes that we can block them at some point in the |
791 // future. | 791 // future. |
792 if (resourceRequest.frameType() != WebURLRequest::FrameTypeTopLevel) { | 792 if (resourceRequest.frameType() != WebURLRequest::FrameTypeTopLevel) { |
793 DCHECK(frame()->document()); | 793 DCHECK(frame()->document()); |
794 if (SchemeRegistry::shouldTreatURLSchemeAsLegacy(url.protocol()) && | 794 if (SchemeRegistry::shouldTreatURLSchemeAsLegacy(url.protocol()) && |
795 !SchemeRegistry::shouldTreatURLSchemeAsLegacy( | 795 !SchemeRegistry::shouldTreatURLSchemeAsLegacy( |
796 frame()->document()->getSecurityOrigin()->protocol())) { | 796 frame()->document()->getSecurityOrigin()->protocol())) { |
797 Deprecation::countDeprecation( | 797 Deprecation::countDeprecation( |
798 frame()->document(), UseCounter::LegacyProtocolEmbeddedAsSubresource); | 798 frame()->document(), UseCounter::LegacyProtocolEmbeddedAsSubresource); |
| 799 |
| 800 // TODO(mkwst): Drop the runtime-enabled check in M59: |
| 801 // https://www.chromestatus.com/feature/5709390967472128 |
| 802 if (RuntimeEnabledFeatures::blockLegacySubresourcesEnabled()) |
| 803 return ResourceRequestBlockedReason::Origin; |
799 } | 804 } |
800 if (!url.user().isEmpty() || !url.pass().isEmpty()) { | 805 if (!url.user().isEmpty() || !url.pass().isEmpty()) { |
801 Deprecation::countDeprecation( | 806 Deprecation::countDeprecation( |
802 frame()->document(), | 807 frame()->document(), |
803 UseCounter::RequestedSubresourceWithEmbeddedCredentials); | 808 UseCounter::RequestedSubresourceWithEmbeddedCredentials); |
804 } | 809 } |
805 } | 810 } |
806 | 811 |
807 // Check for mixed content. We do this second-to-last so that when folks block | 812 // Check for mixed content. We do this second-to-last so that when folks block |
808 // mixed content with a CSP policy, they don't get a warning. They'll still | 813 // mixed content with a CSP policy, they don't get a warning. They'll still |
(...skipping 296 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1105 response); | 1110 response); |
1106 } | 1111 } |
1107 | 1112 |
1108 DEFINE_TRACE(FrameFetchContext) { | 1113 DEFINE_TRACE(FrameFetchContext) { |
1109 visitor->trace(m_document); | 1114 visitor->trace(m_document); |
1110 visitor->trace(m_documentLoader); | 1115 visitor->trace(m_documentLoader); |
1111 FetchContext::trace(visitor); | 1116 FetchContext::trace(visitor); |
1112 } | 1117 } |
1113 | 1118 |
1114 } // namespace blink | 1119 } // namespace blink |
OLD | NEW |