Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(201)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/loader/FrameLoader.cpp

Issue 2727633005: PlzNavigate: Enforce frame-src CSP on the browser. (Closed)
Patch Set: Addressed Alex's comments + trying to fix subframe swap issue Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« content/common/content_security_policy/csp_context.h ('K') | « third_party/WebKit/Source/core/loader/EmptyClients.cpp ('k') | third_party/WebKit/Source/web/LocalFrameClientImpl.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights
3 * reserved. 3 * reserved.
4 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) 4 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
5 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. 5 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved.
6 * (http://www.torchmobile.com/) 6 * (http://www.torchmobile.com/)
7 * Copyright (C) 2008 Alp Toker <alp@atoker.com> 7 * Copyright (C) 2008 Alp Toker <alp@atoker.com>
8 * Copyright (C) Research In Motion Limited 2009. All rights reserved. 8 * Copyright (C) Research In Motion Limited 2009. All rights reserved.
9 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> 9 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com>
10 * Copyright (C) 2011 Google Inc. All rights reserved. 10 * Copyright (C) 2011 Google Inc. All rights reserved.
(...skipping 1620 matching lines...) Expand 10 before | Expand all | Expand 10 after
1631 ContentSecurityPolicyDisposition shouldCheckMainWorldContentSecurityPolicy, 1631 ContentSecurityPolicyDisposition shouldCheckMainWorldContentSecurityPolicy,
1632 NavigationType type, 1632 NavigationType type,
1633 NavigationPolicy policy, 1633 NavigationPolicy policy,
1634 FrameLoadType frameLoadType, 1634 FrameLoadType frameLoadType,
1635 bool isClientRedirect, 1635 bool isClientRedirect,
1636 HTMLFormElement* form) { 1636 HTMLFormElement* form) {
1637 // Don't ask if we are loading an empty URL. 1637 // Don't ask if we are loading an empty URL.
1638 if (request.url().isEmpty() || substituteData.isValid()) 1638 if (request.url().isEmpty() || substituteData.isValid())
1639 return true; 1639 return true;
1640 1640
1641 Settings* settings = m_frame->settings();
1642 bool browserSideNavigationEnabled =
1643 settings && settings->getBrowserSideNavigationEnabled();
1644
1641 // If we're loading content into |m_frame| (NavigationPolicyCurrentTab), check 1645 // If we're loading content into |m_frame| (NavigationPolicyCurrentTab), check
1642 // against the parent's Content Security Policy and kill the load if that 1646 // against the parent's Content Security Policy and kill the load if that
1643 // check fails, unless we should bypass the main world's CSP. 1647 // check fails, unless we should bypass the main world's CSP.
1644 if (policy == NavigationPolicyCurrentTab && 1648 if (policy == NavigationPolicyCurrentTab &&
1645 shouldCheckMainWorldContentSecurityPolicy == CheckContentSecurityPolicy) { 1649 shouldCheckMainWorldContentSecurityPolicy == CheckContentSecurityPolicy &&
1650 // TODO(arthursonzogni): 'frame-src' check is disabled on the
1651 // renderer side with browser-side-navigation, but is enforced on the
1652 // browser side. See http://crbug.com/692595 for understanding why it
1653 // can't be enforced on both sides instead.
1654 !browserSideNavigationEnabled) {
1646 Frame* parentFrame = m_frame->tree().parent(); 1655 Frame* parentFrame = m_frame->tree().parent();
1647 if (parentFrame) { 1656 if (parentFrame) {
1648 ContentSecurityPolicy* parentPolicy = 1657 ContentSecurityPolicy* parentPolicy =
1649 parentFrame->securityContext()->contentSecurityPolicy(); 1658 parentFrame->securityContext()->contentSecurityPolicy();
1650 if (!parentPolicy->allowFrameFromSource(request.url(), 1659 if (!parentPolicy->allowFrameFromSource(request.url(),
1651 request.redirectStatus())) { 1660 request.redirectStatus())) {
1652 // Fire a load event, as timing attacks would otherwise reveal that the 1661 // Fire a load event, as timing attacks would otherwise reveal that the
1653 // frame was blocked. This way, it looks like every other cross-origin 1662 // frame was blocked. This way, it looks like every other cross-origin
1654 // page load. 1663 // page load.
1655 m_frame->document()->enforceSandboxFlags(SandboxOrigin); 1664 m_frame->document()->enforceSandboxFlags(SandboxOrigin);
1656 m_frame->owner()->dispatchLoad(); 1665 m_frame->owner()->dispatchLoad();
1657 return false; 1666 return false;
1658 } 1667 }
1659 } 1668 }
1660 } 1669 }
1661 1670
1662 bool isFormSubmission = type == NavigationTypeFormSubmitted || 1671 bool isFormSubmission = type == NavigationTypeFormSubmitted ||
1663 type == NavigationTypeFormResubmitted; 1672 type == NavigationTypeFormResubmitted;
1664 if (isFormSubmission && 1673 if (isFormSubmission &&
1665 !m_frame->document()->contentSecurityPolicy()->allowFormAction( 1674 !m_frame->document()->contentSecurityPolicy()->allowFormAction(
1666 request.url())) 1675 request.url()))
1667 return false; 1676 return false;
1668 1677
1669 bool replacesCurrentHistoryItem = 1678 bool replacesCurrentHistoryItem =
1670 frameLoadType == FrameLoadTypeReplaceCurrentItem; 1679 frameLoadType == FrameLoadTypeReplaceCurrentItem;
1671 policy = client()->decidePolicyForNavigation(request, loader, type, policy, 1680 policy = client()->decidePolicyForNavigation(
1672 replacesCurrentHistoryItem, 1681 request, loader, type, policy, replacesCurrentHistoryItem,
1673 isClientRedirect, form); 1682 isClientRedirect, form, shouldCheckMainWorldContentSecurityPolicy);
1674 if (policy == NavigationPolicyCurrentTab) 1683 if (policy == NavigationPolicyCurrentTab)
1675 return true; 1684 return true;
1676 if (policy == NavigationPolicyIgnore) 1685 if (policy == NavigationPolicyIgnore)
1677 return false; 1686 return false;
1678 if (policy == NavigationPolicyHandledByClient) { 1687 if (policy == NavigationPolicyHandledByClient) {
1679 setNavigationHandledByClient(); 1688 setNavigationHandledByClient();
1680 // Mark the frame as loading since the embedder is handling the navigation. 1689 // Mark the frame as loading since the embedder is handling the navigation.
1681 m_progressTracker->progressStarted(frameLoadType); 1690 m_progressTracker->progressStarted(frameLoadType);
1682 1691
1683 m_frame->navigationScheduler().cancel(); 1692 m_frame->navigationScheduler().cancel();
(...skipping 350 matching lines...) Expand 10 before | Expand all | Expand 10 after
2034 m_isNavigationHandledByClient = true; 2043 m_isNavigationHandledByClient = true;
2035 InspectorInstrumentation::frameScheduledClientNavigation(m_frame); 2044 InspectorInstrumentation::frameScheduledClientNavigation(m_frame);
2036 } 2045 }
2037 2046
2038 void FrameLoader::clearNavigationHandledByClient() { 2047 void FrameLoader::clearNavigationHandledByClient() {
2039 m_isNavigationHandledByClient = false; 2048 m_isNavigationHandledByClient = false;
2040 InspectorInstrumentation::frameClearedScheduledClientNavigation(m_frame); 2049 InspectorInstrumentation::frameClearedScheduledClientNavigation(m_frame);
2041 } 2050 }
2042 2051
2043 } // namespace blink 2052 } // namespace blink
OLDNEW
« content/common/content_security_policy/csp_context.h ('K') | « third_party/WebKit/Source/core/loader/EmptyClients.cpp ('k') | third_party/WebKit/Source/web/LocalFrameClientImpl.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698