OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/frame_host/navigation_request.h" | 5 #include "content/browser/frame_host/navigation_request.h" |
6 | 6 |
7 #include <utility> | 7 #include <utility> |
8 | 8 |
9 #include "base/memory/ptr_util.h" | 9 #include "base/memory/ptr_util.h" |
10 #include "content/browser/appcache/appcache_navigation_handle.h" | 10 #include "content/browser/appcache/appcache_navigation_handle.h" |
(...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
160 | 160 |
161 // Tack an 'Upgrade-Insecure-Requests' header to outgoing navigational | 161 // Tack an 'Upgrade-Insecure-Requests' header to outgoing navigational |
162 // requests, as described in | 162 // requests, as described in |
163 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect | 163 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect |
164 headers->AddHeaderFromString("Upgrade-Insecure-Requests: 1"); | 164 headers->AddHeaderFromString("Upgrade-Insecure-Requests: 1"); |
165 | 165 |
166 // Next, set the HTTP Origin if needed. | 166 // Next, set the HTTP Origin if needed. |
167 if (!NeedsHTTPOrigin(headers, method)) | 167 if (!NeedsHTTPOrigin(headers, method)) |
168 return; | 168 return; |
169 | 169 |
170 // Create a unique origin. | 170 // Create a unique opaque origin. |
171 url::Origin origin; | 171 url::Origin origin; |
172 if (frame_tree_node->IsMainFrame()) { | 172 if (frame_tree_node->IsMainFrame()) { |
173 // For main frame, the origin is the url currently loading. | 173 // For main frame, the origin is the url currently loading. |
174 origin = url::Origin(url); | 174 origin = url::Origin(url); |
175 } else if ((frame_tree_node->effective_sandbox_flags() & | 175 } else if ((frame_tree_node->effective_sandbox_flags() & |
176 blink::WebSandboxFlags::kOrigin) == | 176 blink::WebSandboxFlags::kOrigin) == |
177 blink::WebSandboxFlags::kNone) { | 177 blink::WebSandboxFlags::kNone) { |
178 // The origin should be the origin of the root, except for sandboxed | 178 // The origin should be the origin of the root, except for sandboxed |
179 // frames which have a unique origin. | 179 // frames which have a unique opaque origin. |
180 origin = frame_tree_node->frame_tree()->root()->current_origin(); | 180 origin = frame_tree_node->frame_tree()->root()->current_origin(); |
181 } | 181 } |
182 | 182 |
183 headers->SetHeader(net::HttpRequestHeaders::kOrigin, origin.Serialize()); | 183 headers->SetHeader(net::HttpRequestHeaders::kOrigin, origin.Serialize()); |
184 } | 184 } |
185 | 185 |
186 } // namespace | 186 } // namespace |
187 | 187 |
188 // static | 188 // static |
189 std::unique_ptr<NavigationRequest> NavigationRequest::CreateBrowserInitiated( | 189 std::unique_ptr<NavigationRequest> NavigationRequest::CreateBrowserInitiated( |
(...skipping 824 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1014 CSPDirective::FrameSrc, common_params_.url, is_redirect, | 1014 CSPDirective::FrameSrc, common_params_.url, is_redirect, |
1015 common_params_.source_location.value_or(SourceLocation()), | 1015 common_params_.source_location.value_or(SourceLocation()), |
1016 CSPContext::CHECK_ENFORCED_CSP)) { | 1016 CSPContext::CHECK_ENFORCED_CSP)) { |
1017 return CONTENT_SECURITY_POLICY_CHECK_PASSED; | 1017 return CONTENT_SECURITY_POLICY_CHECK_PASSED; |
1018 } | 1018 } |
1019 | 1019 |
1020 return CONTENT_SECURITY_POLICY_CHECK_FAILED; | 1020 return CONTENT_SECURITY_POLICY_CHECK_FAILED; |
1021 } | 1021 } |
1022 | 1022 |
1023 } // namespace content | 1023 } // namespace content |
OLD | NEW |