OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 17 matching lines...) Expand all Loading... | |
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
29 */ | 29 */ |
30 | 30 |
31 #include "core/loader/FrameFetchContext.h" | 31 #include "core/loader/FrameFetchContext.h" |
32 | 32 |
33 #include <algorithm> | 33 #include <algorithm> |
34 #include <memory> | 34 #include <memory> |
35 #include "bindings/core/v8/ScriptController.h" | 35 #include "bindings/core/v8/ScriptController.h" |
36 #include "bindings/core/v8/V8DOMActivityLogger.h" | 36 #include "bindings/core/v8/V8DOMActivityLogger.h" |
37 #include "core/dom/Document.h" | 37 #include "core/dom/Document.h" |
38 #include "core/frame/ContentSettingsClient.h" | |
38 #include "core/frame/Deprecation.h" | 39 #include "core/frame/Deprecation.h" |
39 #include "core/frame/FrameConsole.h" | 40 #include "core/frame/FrameConsole.h" |
40 #include "core/frame/FrameView.h" | 41 #include "core/frame/FrameView.h" |
41 #include "core/frame/LocalDOMWindow.h" | 42 #include "core/frame/LocalDOMWindow.h" |
42 #include "core/frame/LocalFrame.h" | 43 #include "core/frame/LocalFrame.h" |
43 #include "core/frame/LocalFrameClient.h" | 44 #include "core/frame/LocalFrameClient.h" |
44 #include "core/frame/Settings.h" | 45 #include "core/frame/Settings.h" |
45 #include "core/frame/UseCounter.h" | 46 #include "core/frame/UseCounter.h" |
46 #include "core/html/HTMLFrameOwnerElement.h" | 47 #include "core/html/HTMLFrameOwnerElement.h" |
47 #include "core/html/imports/HTMLImportsController.h" | 48 #include "core/html/imports/HTMLImportsController.h" |
(...skipping 279 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
327 | 328 |
328 LocalFrame* frame = m_documentLoader->frame(); | 329 LocalFrame* frame = m_documentLoader->frame(); |
329 DCHECK(frame); | 330 DCHECK(frame); |
330 return frame; | 331 return frame; |
331 } | 332 } |
332 | 333 |
333 LocalFrameClient* FrameFetchContext::localFrameClient() const { | 334 LocalFrameClient* FrameFetchContext::localFrameClient() const { |
334 return frame()->client(); | 335 return frame()->client(); |
335 } | 336 } |
336 | 337 |
338 ContentSettingsClient* FrameFetchContext::contentSettingsClient() const { | |
339 return frame() ? frame()->contentSettingsClient() : nullptr; | |
haraken
2017/04/04 11:25:32
Can frame() be null? localFrameClient() assumes th
kinuko
2017/04/04 14:50:56
I removed the null check. I'd like to keep this m
| |
340 } | |
341 | |
337 void FrameFetchContext::addAdditionalRequestHeaders(ResourceRequest& request, | 342 void FrameFetchContext::addAdditionalRequestHeaders(ResourceRequest& request, |
338 FetchResourceType type) { | 343 FetchResourceType type) { |
339 bool isMainResource = type == FetchMainResource; | 344 bool isMainResource = type == FetchMainResource; |
340 if (!isMainResource) { | 345 if (!isMainResource) { |
341 if (!request.didSetHTTPReferrer()) { | 346 if (!request.didSetHTTPReferrer()) { |
342 DCHECK(m_document); | 347 DCHECK(m_document); |
343 request.setHTTPReferrer(SecurityPolicy::generateReferrer( | 348 request.setHTTPReferrer(SecurityPolicy::generateReferrer( |
344 m_document->getReferrerPolicy(), request.url(), | 349 m_document->getReferrerPolicy(), request.url(), |
345 m_document->outgoingReferrer())); | 350 m_document->outgoingReferrer())); |
346 request.addHTTPOriginIfNeeded(m_document->getSecurityOrigin()); | 351 request.addHTTPOriginIfNeeded(m_document->getSecurityOrigin()); |
(...skipping 287 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
634 Document* initiatorDocument = m_document && info.isMainResource() | 639 Document* initiatorDocument = m_document && info.isMainResource() |
635 ? m_document->parentDocument() | 640 ? m_document->parentDocument() |
636 : m_document.get(); | 641 : m_document.get(); |
637 if (!initiatorDocument || !initiatorDocument->domWindow()) | 642 if (!initiatorDocument || !initiatorDocument->domWindow()) |
638 return; | 643 return; |
639 DOMWindowPerformance::performance(*initiatorDocument->domWindow()) | 644 DOMWindowPerformance::performance(*initiatorDocument->domWindow()) |
640 ->addResourceTiming(info); | 645 ->addResourceTiming(info); |
641 } | 646 } |
642 | 647 |
643 bool FrameFetchContext::allowImage(bool imagesEnabled, const KURL& url) const { | 648 bool FrameFetchContext::allowImage(bool imagesEnabled, const KURL& url) const { |
644 return localFrameClient()->allowImage(imagesEnabled, url); | 649 return contentSettingsClient()->allowImage(imagesEnabled, url); |
645 } | 650 } |
646 | 651 |
647 void FrameFetchContext::printAccessDeniedMessage(const KURL& url) const { | 652 void FrameFetchContext::printAccessDeniedMessage(const KURL& url) const { |
648 if (url.isNull()) | 653 if (url.isNull()) |
649 return; | 654 return; |
650 | 655 |
651 String message; | 656 String message; |
652 if (!m_document || m_document->url().isNull()) { | 657 if (!m_document || m_document->url().isNull()) { |
653 message = "Unsafe attempt to load URL " + url.elidedString() + '.'; | 658 message = "Unsafe attempt to load URL " + url.elidedString() + '.'; |
654 } else if (url.isLocalFile() || m_document->url().isLocalFile()) { | 659 } else if (url.isLocalFile() || m_document->url().isLocalFile()) { |
(...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
769 if (!shouldBypassMainWorldCSP && | 774 if (!shouldBypassMainWorldCSP && |
770 !m_document->contentSecurityPolicy()->allowRequest( | 775 !m_document->contentSecurityPolicy()->allowRequest( |
771 resourceRequest.requestContext(), url, | 776 resourceRequest.requestContext(), url, |
772 options.contentSecurityPolicyNonce, options.integrityMetadata, | 777 options.contentSecurityPolicyNonce, options.integrityMetadata, |
773 options.parserDisposition, redirectStatus, reportingPolicy)) | 778 options.parserDisposition, redirectStatus, reportingPolicy)) |
774 return ResourceRequestBlockedReason::CSP; | 779 return ResourceRequestBlockedReason::CSP; |
775 } | 780 } |
776 | 781 |
777 if (type == Resource::Script || type == Resource::ImportResource) { | 782 if (type == Resource::Script || type == Resource::ImportResource) { |
778 DCHECK(frame()); | 783 DCHECK(frame()); |
779 if (!localFrameClient()->allowScriptFromSource( | 784 if (!contentSettingsClient()->allowScriptFromSource( |
780 !frame()->settings() || frame()->settings()->getScriptEnabled(), | 785 !frame()->settings() || frame()->settings()->getScriptEnabled(), |
781 url)) { | 786 url)) { |
782 localFrameClient()->didNotAllowScript(); | 787 contentSettingsClient()->didNotAllowScript(); |
783 // TODO(estark): Use a different ResourceRequestBlockedReason here, since | 788 // TODO(estark): Use a different ResourceRequestBlockedReason here, since |
784 // this check has nothing to do with CSP. https://crbug.com/600795 | 789 // this check has nothing to do with CSP. https://crbug.com/600795 |
785 return ResourceRequestBlockedReason::CSP; | 790 return ResourceRequestBlockedReason::CSP; |
786 } | 791 } |
787 } | 792 } |
788 | 793 |
789 // SVG Images have unique security rules that prevent all subresource requests | 794 // SVG Images have unique security rules that prevent all subresource requests |
790 // except for data urls. | 795 // except for data urls. |
791 if (type != Resource::MainResource && | 796 if (type != Resource::MainResource && |
792 frame()->chromeClient().isSVGImageChromeClient() && !url.protocolIsData()) | 797 frame()->chromeClient().isSVGImageChromeClient() && !url.protocolIsData()) |
(...skipping 255 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1048 return frame()->frameScheduler()->loadingTaskRunner(); | 1053 return frame()->frameScheduler()->loadingTaskRunner(); |
1049 } | 1054 } |
1050 | 1055 |
1051 DEFINE_TRACE(FrameFetchContext) { | 1056 DEFINE_TRACE(FrameFetchContext) { |
1052 visitor->trace(m_document); | 1057 visitor->trace(m_document); |
1053 visitor->trace(m_documentLoader); | 1058 visitor->trace(m_documentLoader); |
1054 FetchContext::trace(visitor); | 1059 FetchContext::trace(visitor); |
1055 } | 1060 } |
1056 | 1061 |
1057 } // namespace blink | 1062 } // namespace blink |
OLD | NEW |