Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(221)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/loader/FrameLoader.cpp

Issue 2756913002: Revert of PlzNavigate: Enforce 'frame-src' CSP on the browser. (Closed)
Patch Set: Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/loader/EmptyClients.cpp ('k') | third_party/WebKit/Source/web/LocalFrameClientImpl.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights
3 * reserved. 3 * reserved.
4 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) 4 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
5 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. 5 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved.
6 * (http://www.torchmobile.com/) 6 * (http://www.torchmobile.com/)
7 * Copyright (C) 2008 Alp Toker <alp@atoker.com> 7 * Copyright (C) 2008 Alp Toker <alp@atoker.com>
8 * Copyright (C) Research In Motion Limited 2009. All rights reserved. 8 * Copyright (C) Research In Motion Limited 2009. All rights reserved.
9 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> 9 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com>
10 * Copyright (C) 2011 Google Inc. All rights reserved. 10 * Copyright (C) 2011 Google Inc. All rights reserved.
(...skipping 1642 matching lines...) Expand 10 before | Expand all | Expand 10 after
1653 ContentSecurityPolicyDisposition shouldCheckMainWorldContentSecurityPolicy, 1653 ContentSecurityPolicyDisposition shouldCheckMainWorldContentSecurityPolicy,
1654 NavigationType type, 1654 NavigationType type,
1655 NavigationPolicy policy, 1655 NavigationPolicy policy,
1656 FrameLoadType frameLoadType, 1656 FrameLoadType frameLoadType,
1657 bool isClientRedirect, 1657 bool isClientRedirect,
1658 HTMLFormElement* form) { 1658 HTMLFormElement* form) {
1659 // Don't ask if we are loading an empty URL. 1659 // Don't ask if we are loading an empty URL.
1660 if (request.url().isEmpty() || substituteData.isValid()) 1660 if (request.url().isEmpty() || substituteData.isValid())
1661 return NavigationPolicyCurrentTab; 1661 return NavigationPolicyCurrentTab;
1662 1662
1663 Settings* settings = m_frame->settings();
1664 bool browserSideNavigationEnabled =
1665 settings && settings->getBrowserSideNavigationEnabled();
1666
1667 // If we're loading content into |m_frame| (NavigationPolicyCurrentTab), check 1663 // If we're loading content into |m_frame| (NavigationPolicyCurrentTab), check
1668 // against the parent's Content Security Policy and kill the load if that 1664 // against the parent's Content Security Policy and kill the load if that
1669 // check fails, unless we should bypass the main world's CSP. 1665 // check fails, unless we should bypass the main world's CSP.
1670 if (policy == NavigationPolicyCurrentTab && 1666 if (policy == NavigationPolicyCurrentTab &&
1671 shouldCheckMainWorldContentSecurityPolicy == CheckContentSecurityPolicy && 1667 shouldCheckMainWorldContentSecurityPolicy == CheckContentSecurityPolicy) {
1672 // TODO(arthursonzogni): 'frame-src' check is disabled on the
1673 // renderer side with browser-side-navigation, but is enforced on the
1674 // browser side. See http://crbug.com/692595 for understanding why it
1675 // can't be enforced on both sides instead.
1676 !browserSideNavigationEnabled) {
1677 Frame* parentFrame = m_frame->tree().parent(); 1668 Frame* parentFrame = m_frame->tree().parent();
1678 if (parentFrame) { 1669 if (parentFrame) {
1679 ContentSecurityPolicy* parentPolicy = 1670 ContentSecurityPolicy* parentPolicy =
1680 parentFrame->securityContext()->contentSecurityPolicy(); 1671 parentFrame->securityContext()->contentSecurityPolicy();
1681 if (!parentPolicy->allowFrameFromSource(request.url(), 1672 if (!parentPolicy->allowFrameFromSource(request.url(),
1682 request.redirectStatus())) { 1673 request.redirectStatus())) {
1683 // Fire a load event, as timing attacks would otherwise reveal that the 1674 // Fire a load event, as timing attacks would otherwise reveal that the
1684 // frame was blocked. This way, it looks like every other cross-origin 1675 // frame was blocked. This way, it looks like every other cross-origin
1685 // page load. 1676 // page load.
1686 m_frame->document()->enforceSandboxFlags(SandboxOrigin); 1677 m_frame->document()->enforceSandboxFlags(SandboxOrigin);
1687 m_frame->owner()->dispatchLoad(); 1678 m_frame->owner()->dispatchLoad();
1688 return NavigationPolicyIgnore; 1679 return NavigationPolicyIgnore;
1689 } 1680 }
1690 } 1681 }
1691 } 1682 }
1692 1683
1693 bool isFormSubmission = type == NavigationTypeFormSubmitted || 1684 bool isFormSubmission = type == NavigationTypeFormSubmitted ||
1694 type == NavigationTypeFormResubmitted; 1685 type == NavigationTypeFormResubmitted;
1695 if (isFormSubmission && 1686 if (isFormSubmission &&
1696 !m_frame->document()->contentSecurityPolicy()->allowFormAction( 1687 !m_frame->document()->contentSecurityPolicy()->allowFormAction(
1697 request.url(), request.redirectStatus())) { 1688 request.url(), request.redirectStatus())) {
1698 return NavigationPolicyIgnore; 1689 return NavigationPolicyIgnore;
1699 } 1690 }
1700 1691
1701 bool replacesCurrentHistoryItem = 1692 bool replacesCurrentHistoryItem =
1702 frameLoadType == FrameLoadTypeReplaceCurrentItem; 1693 frameLoadType == FrameLoadTypeReplaceCurrentItem;
1703 policy = client()->decidePolicyForNavigation( 1694 policy = client()->decidePolicyForNavigation(request, loader, type, policy,
1704 request, loader, type, policy, replacesCurrentHistoryItem, 1695 replacesCurrentHistoryItem,
1705 isClientRedirect, form, shouldCheckMainWorldContentSecurityPolicy); 1696 isClientRedirect, form);
1706 if (policy == NavigationPolicyCurrentTab || 1697 if (policy == NavigationPolicyCurrentTab ||
1707 policy == NavigationPolicyIgnore || 1698 policy == NavigationPolicyIgnore ||
1708 policy == NavigationPolicyHandledByClient || 1699 policy == NavigationPolicyHandledByClient ||
1709 policy == NavigationPolicyHandledByClientForInitialHistory) { 1700 policy == NavigationPolicyHandledByClientForInitialHistory) {
1710 return policy; 1701 return policy;
1711 } 1702 }
1712 1703
1713 if (!LocalDOMWindow::allowPopUp(*m_frame) && 1704 if (!LocalDOMWindow::allowPopUp(*m_frame) &&
1714 !UserGestureIndicator::utilizeUserGesture()) 1705 !UserGestureIndicator::utilizeUserGesture())
1715 return NavigationPolicyIgnore; 1706 return NavigationPolicyIgnore;
(...skipping 312 matching lines...) Expand 10 before | Expand all | Expand 10 after
2028 frameLoadRequest.clientRedirect()); 2019 frameLoadRequest.clientRedirect());
2029 2020
2030 loader->setLoadType(loadType); 2021 loader->setLoadType(loadType);
2031 loader->setNavigationType(navigationType); 2022 loader->setNavigationType(navigationType);
2032 loader->setReplacesCurrentHistoryItem(loadType == 2023 loader->setReplacesCurrentHistoryItem(loadType ==
2033 FrameLoadTypeReplaceCurrentItem); 2024 FrameLoadTypeReplaceCurrentItem);
2034 return loader; 2025 return loader;
2035 } 2026 }
2036 2027
2037 } // namespace blink 2028 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/loader/EmptyClients.cpp ('k') | third_party/WebKit/Source/web/LocalFrameClientImpl.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698