Chromium Code Reviews Chromium Code Reviews
Issue 2786673002:
Separate ContentSettingsClient out from LocalFrameClient (Closed)
| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 17 matching lines...) Expand all Loading... | |
| 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 29 */ | 29 */ |
| 30 | 30 |
| 31 #include "core/loader/FrameFetchContext.h" | 31 #include "core/loader/FrameFetchContext.h" |
| 32 | 32 |
| 33 #include <algorithm> | 33 #include <algorithm> |
| 34 #include <memory> | 34 #include <memory> |
| 35 #include "bindings/core/v8/ScriptController.h" | 35 #include "bindings/core/v8/ScriptController.h" |
| 36 #include "bindings/core/v8/V8DOMActivityLogger.h" | 36 #include "bindings/core/v8/V8DOMActivityLogger.h" |
| 37 #include "core/dom/Document.h" | 37 #include "core/dom/Document.h" |
| 38 #include "core/frame/ContentSettingsClient.h" | |
| 38 #include "core/frame/Deprecation.h" | 39 #include "core/frame/Deprecation.h" |
| 39 #include "core/frame/FrameConsole.h" | 40 #include "core/frame/FrameConsole.h" |
| 40 #include "core/frame/FrameView.h" | 41 #include "core/frame/FrameView.h" |
| 41 #include "core/frame/LocalDOMWindow.h" | 42 #include "core/frame/LocalDOMWindow.h" |
| 42 #include "core/frame/LocalFrame.h" | 43 #include "core/frame/LocalFrame.h" |
| 43 #include "core/frame/LocalFrameClient.h" | 44 #include "core/frame/LocalFrameClient.h" |
| 44 #include "core/frame/Settings.h" | 45 #include "core/frame/Settings.h" |
| 45 #include "core/frame/UseCounter.h" | 46 #include "core/frame/UseCounter.h" |
| 46 #include "core/html/HTMLFrameOwnerElement.h" | 47 #include "core/html/HTMLFrameOwnerElement.h" |
| 47 #include "core/html/imports/HTMLImportsController.h" | 48 #include "core/html/imports/HTMLImportsController.h" |
| (...skipping 279 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 327 | 328 |
| 328 LocalFrame* frame = m_documentLoader->frame(); | 329 LocalFrame* frame = m_documentLoader->frame(); |
| 329 DCHECK(frame); | 330 DCHECK(frame); |
| 330 return frame; | 331 return frame; |
| 331 } | 332 } |
| 332 | 333 |
| 333 LocalFrameClient* FrameFetchContext::localFrameClient() const { | 334 LocalFrameClient* FrameFetchContext::localFrameClient() const { |
| 334 return frame()->client(); | 335 return frame()->client(); |
| 335 } | 336 } |
| 336 | 337 |
| 338 ContentSettingsClient* FrameFetchContext::contentSettingsClient() const { | |
| 339 return frame() ? frame()->contentSettingsClient() : nullptr; | |
|
haraken
2017/04/04 11:25:32
Can frame() be null? localFrameClient() assumes th
kinuko
2017/04/04 14:50:56
I removed the null check. I'd like to keep this m
| |
| 340 } | |
| 341 | |
| 337 void FrameFetchContext::addAdditionalRequestHeaders(ResourceRequest& request, | 342 void FrameFetchContext::addAdditionalRequestHeaders(ResourceRequest& request, |
| 338 FetchResourceType type) { | 343 FetchResourceType type) { |
| 339 bool isMainResource = type == FetchMainResource; | 344 bool isMainResource = type == FetchMainResource; |
| 340 if (!isMainResource) { | 345 if (!isMainResource) { |
| 341 if (!request.didSetHTTPReferrer()) { | 346 if (!request.didSetHTTPReferrer()) { |
| 342 DCHECK(m_document); | 347 DCHECK(m_document); |
| 343 request.setHTTPReferrer(SecurityPolicy::generateReferrer( | 348 request.setHTTPReferrer(SecurityPolicy::generateReferrer( |
| 344 m_document->getReferrerPolicy(), request.url(), | 349 m_document->getReferrerPolicy(), request.url(), |
| 345 m_document->outgoingReferrer())); | 350 m_document->outgoingReferrer())); |
| 346 request.addHTTPOriginIfNeeded(m_document->getSecurityOrigin()); | 351 request.addHTTPOriginIfNeeded(m_document->getSecurityOrigin()); |
| (...skipping 287 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 634 Document* initiatorDocument = m_document && info.isMainResource() | 639 Document* initiatorDocument = m_document && info.isMainResource() |
| 635 ? m_document->parentDocument() | 640 ? m_document->parentDocument() |
| 636 : m_document.get(); | 641 : m_document.get(); |
| 637 if (!initiatorDocument || !initiatorDocument->domWindow()) | 642 if (!initiatorDocument || !initiatorDocument->domWindow()) |
| 638 return; | 643 return; |
| 639 DOMWindowPerformance::performance(*initiatorDocument->domWindow()) | 644 DOMWindowPerformance::performance(*initiatorDocument->domWindow()) |
| 640 ->addResourceTiming(info); | 645 ->addResourceTiming(info); |
| 641 } | 646 } |
| 642 | 647 |
| 643 bool FrameFetchContext::allowImage(bool imagesEnabled, const KURL& url) const { | 648 bool FrameFetchContext::allowImage(bool imagesEnabled, const KURL& url) const { |
| 644 return localFrameClient()->allowImage(imagesEnabled, url); | 649 return contentSettingsClient()->allowImage(imagesEnabled, url); |
| 645 } | 650 } |
| 646 | 651 |
| 647 void FrameFetchContext::printAccessDeniedMessage(const KURL& url) const { | 652 void FrameFetchContext::printAccessDeniedMessage(const KURL& url) const { |
| 648 if (url.isNull()) | 653 if (url.isNull()) |
| 649 return; | 654 return; |
| 650 | 655 |
| 651 String message; | 656 String message; |
| 652 if (!m_document || m_document->url().isNull()) { | 657 if (!m_document || m_document->url().isNull()) { |
| 653 message = "Unsafe attempt to load URL " + url.elidedString() + '.'; | 658 message = "Unsafe attempt to load URL " + url.elidedString() + '.'; |
| 654 } else if (url.isLocalFile() || m_document->url().isLocalFile()) { | 659 } else if (url.isLocalFile() || m_document->url().isLocalFile()) { |
| (...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 769 if (!shouldBypassMainWorldCSP && | 774 if (!shouldBypassMainWorldCSP && |
| 770 !m_document->contentSecurityPolicy()->allowRequest( | 775 !m_document->contentSecurityPolicy()->allowRequest( |
| 771 resourceRequest.requestContext(), url, | 776 resourceRequest.requestContext(), url, |
| 772 options.contentSecurityPolicyNonce, options.integrityMetadata, | 777 options.contentSecurityPolicyNonce, options.integrityMetadata, |
| 773 options.parserDisposition, redirectStatus, reportingPolicy)) | 778 options.parserDisposition, redirectStatus, reportingPolicy)) |
| 774 return ResourceRequestBlockedReason::CSP; | 779 return ResourceRequestBlockedReason::CSP; |
| 775 } | 780 } |
| 776 | 781 |
| 777 if (type == Resource::Script || type == Resource::ImportResource) { | 782 if (type == Resource::Script || type == Resource::ImportResource) { |
| 778 DCHECK(frame()); | 783 DCHECK(frame()); |
| 779 if (!localFrameClient()->allowScriptFromSource( | 784 if (!contentSettingsClient()->allowScriptFromSource( |
| 780 !frame()->settings() || frame()->settings()->getScriptEnabled(), | 785 !frame()->settings() || frame()->settings()->getScriptEnabled(), |
| 781 url)) { | 786 url)) { |
| 782 localFrameClient()->didNotAllowScript(); | 787 contentSettingsClient()->didNotAllowScript(); |
| 783 // TODO(estark): Use a different ResourceRequestBlockedReason here, since | 788 // TODO(estark): Use a different ResourceRequestBlockedReason here, since |
| 784 // this check has nothing to do with CSP. https://crbug.com/600795 | 789 // this check has nothing to do with CSP. https://crbug.com/600795 |
| 785 return ResourceRequestBlockedReason::CSP; | 790 return ResourceRequestBlockedReason::CSP; |
| 786 } | 791 } |
| 787 } | 792 } |
| 788 | 793 |
| 789 // SVG Images have unique security rules that prevent all subresource requests | 794 // SVG Images have unique security rules that prevent all subresource requests |
| 790 // except for data urls. | 795 // except for data urls. |
| 791 if (type != Resource::MainResource && | 796 if (type != Resource::MainResource && |
| 792 frame()->chromeClient().isSVGImageChromeClient() && !url.protocolIsData()) | 797 frame()->chromeClient().isSVGImageChromeClient() && !url.protocolIsData()) |
| (...skipping 255 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1048 return frame()->frameScheduler()->loadingTaskRunner(); | 1053 return frame()->frameScheduler()->loadingTaskRunner(); |
| 1049 } | 1054 } |
| 1050 | 1055 |
| 1051 DEFINE_TRACE(FrameFetchContext) { | 1056 DEFINE_TRACE(FrameFetchContext) { |
| 1052 visitor->trace(m_document); | 1057 visitor->trace(m_document); |
| 1053 visitor->trace(m_documentLoader); | 1058 visitor->trace(m_documentLoader); |
| 1054 FetchContext::trace(visitor); | 1059 FetchContext::trace(visitor); |
| 1055 } | 1060 } |
| 1056 | 1061 |
| 1057 } // namespace blink | 1062 } // namespace blink |
| OLD | NEW |
