| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/frame_host/navigation_handle_impl.h" | 5 #include "content/browser/frame_host/navigation_handle_impl.h" |
| 6 | 6 |
| 7 #include <iterator> | 7 #include <iterator> |
| 8 | 8 |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "content/browser/appcache/appcache_navigation_handle.h" | 10 #include "content/browser/appcache/appcache_navigation_handle.h" |
| 11 #include "content/browser/appcache/appcache_service_impl.h" | 11 #include "content/browser/appcache/appcache_service_impl.h" |
| 12 #include "content/browser/browsing_data/clear_site_data_throttle.h" | 12 #include "content/browser/browsing_data/clear_site_data_throttle.h" |
| 13 #include "content/browser/child_process_security_policy_impl.h" | 13 #include "content/browser/child_process_security_policy_impl.h" |
| 14 #include "content/browser/devtools/render_frame_devtools_agent_host.h" | 14 #include "content/browser/devtools/render_frame_devtools_agent_host.h" |
| 15 #include "content/browser/frame_host/ancestor_throttle.h" | 15 #include "content/browser/frame_host/ancestor_throttle.h" |
| 16 #include "content/browser/frame_host/debug_urls.h" | 16 #include "content/browser/frame_host/debug_urls.h" |
| 17 #include "content/browser/frame_host/form_submission_throttle.h" |
| 17 #include "content/browser/frame_host/frame_tree_node.h" | 18 #include "content/browser/frame_host/frame_tree_node.h" |
| 18 #include "content/browser/frame_host/mixed_content_navigation_throttle.h" | 19 #include "content/browser/frame_host/mixed_content_navigation_throttle.h" |
| 19 #include "content/browser/frame_host/navigation_controller_impl.h" | 20 #include "content/browser/frame_host/navigation_controller_impl.h" |
| 20 #include "content/browser/frame_host/navigation_entry_impl.h" | 21 #include "content/browser/frame_host/navigation_entry_impl.h" |
| 21 #include "content/browser/frame_host/navigator.h" | 22 #include "content/browser/frame_host/navigator.h" |
| 22 #include "content/browser/frame_host/navigator_delegate.h" | 23 #include "content/browser/frame_host/navigator_delegate.h" |
| 23 #include "content/browser/loader/resource_dispatcher_host_impl.h" | 24 #include "content/browser/loader/resource_dispatcher_host_impl.h" |
| 24 #include "content/browser/service_worker/service_worker_context_wrapper.h" | 25 #include "content/browser/service_worker/service_worker_context_wrapper.h" |
| 25 #include "content/browser/service_worker/service_worker_navigation_handle.h" | 26 #include "content/browser/service_worker/service_worker_navigation_handle.h" |
| 26 #include "content/common/frame_messages.h" | 27 #include "content/common/frame_messages.h" |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 58 // static | 59 // static |
| 59 std::unique_ptr<NavigationHandleImpl> NavigationHandleImpl::Create( | 60 std::unique_ptr<NavigationHandleImpl> NavigationHandleImpl::Create( |
| 60 const GURL& url, | 61 const GURL& url, |
| 61 const std::vector<GURL>& redirect_chain, | 62 const std::vector<GURL>& redirect_chain, |
| 62 FrameTreeNode* frame_tree_node, | 63 FrameTreeNode* frame_tree_node, |
| 63 bool is_renderer_initiated, | 64 bool is_renderer_initiated, |
| 64 bool is_same_page, | 65 bool is_same_page, |
| 65 const base::TimeTicks& navigation_start, | 66 const base::TimeTicks& navigation_start, |
| 66 int pending_nav_entry_id, | 67 int pending_nav_entry_id, |
| 67 bool started_from_context_menu, | 68 bool started_from_context_menu, |
| 68 CSPDisposition should_check_main_world_csp) { | 69 CSPDisposition should_check_main_world_csp, |
| 70 bool is_form_submission) { |
| 69 return std::unique_ptr<NavigationHandleImpl>(new NavigationHandleImpl( | 71 return std::unique_ptr<NavigationHandleImpl>(new NavigationHandleImpl( |
| 70 url, redirect_chain, frame_tree_node, is_renderer_initiated, is_same_page, | 72 url, redirect_chain, frame_tree_node, is_renderer_initiated, is_same_page, |
| 71 navigation_start, pending_nav_entry_id, started_from_context_menu, | 73 navigation_start, pending_nav_entry_id, started_from_context_menu, |
| 72 should_check_main_world_csp)); | 74 should_check_main_world_csp, is_form_submission)); |
| 73 } | 75 } |
| 74 | 76 |
| 75 NavigationHandleImpl::NavigationHandleImpl( | 77 NavigationHandleImpl::NavigationHandleImpl( |
| 76 const GURL& url, | 78 const GURL& url, |
| 77 const std::vector<GURL>& redirect_chain, | 79 const std::vector<GURL>& redirect_chain, |
| 78 FrameTreeNode* frame_tree_node, | 80 FrameTreeNode* frame_tree_node, |
| 79 bool is_renderer_initiated, | 81 bool is_renderer_initiated, |
| 80 bool is_same_page, | 82 bool is_same_page, |
| 81 const base::TimeTicks& navigation_start, | 83 const base::TimeTicks& navigation_start, |
| 82 int pending_nav_entry_id, | 84 int pending_nav_entry_id, |
| 83 bool started_from_context_menu, | 85 bool started_from_context_menu, |
| 84 CSPDisposition should_check_main_world_csp) | 86 CSPDisposition should_check_main_world_csp, |
| 87 bool is_form_submission) |
| 85 : url_(url), | 88 : url_(url), |
| 86 has_user_gesture_(false), | 89 has_user_gesture_(false), |
| 87 transition_(ui::PAGE_TRANSITION_LINK), | 90 transition_(ui::PAGE_TRANSITION_LINK), |
| 88 is_external_protocol_(false), | 91 is_external_protocol_(false), |
| 89 net_error_code_(net::OK), | 92 net_error_code_(net::OK), |
| 90 render_frame_host_(nullptr), | 93 render_frame_host_(nullptr), |
| 91 is_renderer_initiated_(is_renderer_initiated), | 94 is_renderer_initiated_(is_renderer_initiated), |
| 92 is_same_page_(is_same_page), | 95 is_same_page_(is_same_page), |
| 93 was_redirected_(false), | 96 was_redirected_(false), |
| 94 did_replace_entry_(false), | 97 did_replace_entry_(false), |
| (...skipping 11 matching lines...) Expand all Loading... |
| 106 mixed_content_context_type_(blink::WebMixedContentContextType::Blockable), | 109 mixed_content_context_type_(blink::WebMixedContentContextType::Blockable), |
| 107 should_replace_current_entry_(false), | 110 should_replace_current_entry_(false), |
| 108 redirect_chain_(redirect_chain), | 111 redirect_chain_(redirect_chain), |
| 109 is_download_(false), | 112 is_download_(false), |
| 110 is_stream_(false), | 113 is_stream_(false), |
| 111 started_from_context_menu_(started_from_context_menu), | 114 started_from_context_menu_(started_from_context_menu), |
| 112 reload_type_(ReloadType::NONE), | 115 reload_type_(ReloadType::NONE), |
| 113 restore_type_(RestoreType::NONE), | 116 restore_type_(RestoreType::NONE), |
| 114 navigation_type_(NAVIGATION_TYPE_UNKNOWN), | 117 navigation_type_(NAVIGATION_TYPE_UNKNOWN), |
| 115 should_check_main_world_csp_(should_check_main_world_csp), | 118 should_check_main_world_csp_(should_check_main_world_csp), |
| 119 is_form_submission_(is_form_submission), |
| 116 weak_factory_(this) { | 120 weak_factory_(this) { |
| 117 DCHECK(!navigation_start.is_null()); | 121 DCHECK(!navigation_start.is_null()); |
| 118 if (redirect_chain_.empty()) | 122 if (redirect_chain_.empty()) |
| 119 redirect_chain_.push_back(url); | 123 redirect_chain_.push_back(url); |
| 120 | 124 |
| 121 starting_site_instance_ = | 125 starting_site_instance_ = |
| 122 frame_tree_node_->current_frame_host()->GetSiteInstance(); | 126 frame_tree_node_->current_frame_host()->GetSiteInstance(); |
| 123 | 127 |
| 124 if (pending_nav_entry_id_) { | 128 if (pending_nav_entry_id_) { |
| 125 NavigationControllerImpl* nav_controller = | 129 NavigationControllerImpl* nav_controller = |
| (...skipping 792 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 918 // Register the navigation throttles. The vector returned by | 922 // Register the navigation throttles. The vector returned by |
| 919 // CreateThrottlesForNavigation is not assigned to throttles_ directly because | 923 // CreateThrottlesForNavigation is not assigned to throttles_ directly because |
| 920 // it would overwrite any throttles previously added with | 924 // it would overwrite any throttles previously added with |
| 921 // RegisterThrottleForTesting. | 925 // RegisterThrottleForTesting. |
| 922 // TODO(carlosk, arthursonzogni): should simplify this to either use | 926 // TODO(carlosk, arthursonzogni): should simplify this to either use |
| 923 // |throttles_| directly (except for the case described above) or | 927 // |throttles_| directly (except for the case described above) or |
| 924 // |throttles_to_register| for registering all throttles. | 928 // |throttles_to_register| for registering all throttles. |
| 925 std::vector<std::unique_ptr<NavigationThrottle>> throttles_to_register = | 929 std::vector<std::unique_ptr<NavigationThrottle>> throttles_to_register = |
| 926 GetDelegate()->CreateThrottlesForNavigation(this); | 930 GetDelegate()->CreateThrottlesForNavigation(this); |
| 927 | 931 |
| 932 std::unique_ptr<content::NavigationThrottle> ancestor_throttle = |
| 933 content::AncestorThrottle::MaybeCreateThrottleFor(this); |
| 934 if (ancestor_throttle) |
| 935 throttles_.push_back(std::move(ancestor_throttle)); |
| 936 |
| 937 std::unique_ptr<content::NavigationThrottle> form_submission_throttle = |
| 938 content::FormSubmissionThrottle::MaybeCreateThrottleFor(this); |
| 939 if (form_submission_throttle) |
| 940 throttles_.push_back(std::move(form_submission_throttle)); |
| 941 |
| 942 // Check for mixed content. This is done after the AncestorThrottle and the |
| 943 // FormSubmissionThrottle so that when folks block mixed content with a CSP |
| 944 // policy, they don't get a warning. They'll still get a warning in the |
| 945 // console about CSP blocking the load. |
| 928 std::unique_ptr<NavigationThrottle> mixed_content_throttle = | 946 std::unique_ptr<NavigationThrottle> mixed_content_throttle = |
| 929 MixedContentNavigationThrottle::CreateThrottleForNavigation(this); | 947 MixedContentNavigationThrottle::CreateThrottleForNavigation(this); |
| 930 if (mixed_content_throttle) | 948 if (mixed_content_throttle) |
| 931 throttles_to_register.push_back(std::move(mixed_content_throttle)); | 949 throttles_to_register.push_back(std::move(mixed_content_throttle)); |
| 932 | 950 |
| 933 std::unique_ptr<NavigationThrottle> devtools_throttle = | 951 std::unique_ptr<NavigationThrottle> devtools_throttle = |
| 934 RenderFrameDevToolsAgentHost::CreateThrottleForNavigation(this); | 952 RenderFrameDevToolsAgentHost::CreateThrottleForNavigation(this); |
| 935 if (devtools_throttle) | 953 if (devtools_throttle) |
| 936 throttles_to_register.push_back(std::move(devtools_throttle)); | 954 throttles_to_register.push_back(std::move(devtools_throttle)); |
| 937 | 955 |
| 938 std::unique_ptr<NavigationThrottle> clear_site_data_throttle = | 956 std::unique_ptr<NavigationThrottle> clear_site_data_throttle = |
| 939 ClearSiteDataThrottle::CreateThrottleForNavigation(this); | 957 ClearSiteDataThrottle::CreateThrottleForNavigation(this); |
| 940 if (clear_site_data_throttle) | 958 if (clear_site_data_throttle) |
| 941 throttles_to_register.push_back(std::move(clear_site_data_throttle)); | 959 throttles_to_register.push_back(std::move(clear_site_data_throttle)); |
| 942 | 960 |
| 943 std::unique_ptr<content::NavigationThrottle> ancestor_throttle = | |
| 944 content::AncestorThrottle::MaybeCreateThrottleFor(this); | |
| 945 if (ancestor_throttle) | |
| 946 throttles_.push_back(std::move(ancestor_throttle)); | |
| 947 | |
| 948 throttles_.insert(throttles_.begin(), | 961 throttles_.insert(throttles_.begin(), |
| 949 std::make_move_iterator(throttles_to_register.begin()), | 962 std::make_move_iterator(throttles_to_register.begin()), |
| 950 std::make_move_iterator(throttles_to_register.end())); | 963 std::make_move_iterator(throttles_to_register.end())); |
| 951 } | 964 } |
| 952 | 965 |
| 953 bool NavigationHandleImpl::IsSelfReferentialURL() { | 966 bool NavigationHandleImpl::IsSelfReferentialURL() { |
| 954 // about: URLs should be exempted since they are reserved for other purposes | 967 // about: URLs should be exempted since they are reserved for other purposes |
| 955 // and cannot be the source of infinite recursion. See | 968 // and cannot be the source of infinite recursion. See |
| 956 // https://crbug.com/341858 . | 969 // https://crbug.com/341858 . |
| 957 if (url_.SchemeIs("about")) | 970 if (url_.SchemeIs("about")) |
| (...skipping 11 matching lines...) Expand all Loading... |
| 969 if (node->current_url().EqualsIgnoringRef(url_)) { | 982 if (node->current_url().EqualsIgnoringRef(url_)) { |
| 970 if (found_self_reference) | 983 if (found_self_reference) |
| 971 return true; | 984 return true; |
| 972 found_self_reference = true; | 985 found_self_reference = true; |
| 973 } | 986 } |
| 974 } | 987 } |
| 975 return false; | 988 return false; |
| 976 } | 989 } |
| 977 | 990 |
| 978 } // namespace content | 991 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2689653003:
PlzNavigate: Enforce 'form-action' CSP on the browser-side. (Closed)
