OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 17 matching lines...) Expand all Loading... |
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
29 */ | 29 */ |
30 | 30 |
31 #include "core/loader/FrameFetchContext.h" | 31 #include "core/loader/FrameFetchContext.h" |
32 | 32 |
33 #include <algorithm> | 33 #include <algorithm> |
34 #include <memory> | 34 #include <memory> |
35 #include "bindings/core/v8/ScriptController.h" | 35 #include "bindings/core/v8/ScriptController.h" |
36 #include "bindings/core/v8/V8DOMActivityLogger.h" | 36 #include "bindings/core/v8/V8DOMActivityLogger.h" |
37 #include "core/dom/Document.h" | 37 #include "core/dom/Document.h" |
| 38 #include "core/frame/ContentSettingsClient.h" |
38 #include "core/frame/Deprecation.h" | 39 #include "core/frame/Deprecation.h" |
39 #include "core/frame/FrameConsole.h" | 40 #include "core/frame/FrameConsole.h" |
40 #include "core/frame/FrameView.h" | 41 #include "core/frame/FrameView.h" |
41 #include "core/frame/LocalDOMWindow.h" | 42 #include "core/frame/LocalDOMWindow.h" |
42 #include "core/frame/LocalFrame.h" | 43 #include "core/frame/LocalFrame.h" |
43 #include "core/frame/LocalFrameClient.h" | 44 #include "core/frame/LocalFrameClient.h" |
44 #include "core/frame/Settings.h" | 45 #include "core/frame/Settings.h" |
45 #include "core/frame/UseCounter.h" | 46 #include "core/frame/UseCounter.h" |
46 #include "core/html/HTMLFrameOwnerElement.h" | 47 #include "core/html/HTMLFrameOwnerElement.h" |
47 #include "core/html/imports/HTMLImportsController.h" | 48 #include "core/html/imports/HTMLImportsController.h" |
(...skipping 287 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
335 | 336 |
336 LocalFrame* frame = m_documentLoader->frame(); | 337 LocalFrame* frame = m_documentLoader->frame(); |
337 DCHECK(frame); | 338 DCHECK(frame); |
338 return frame; | 339 return frame; |
339 } | 340 } |
340 | 341 |
341 LocalFrameClient* FrameFetchContext::localFrameClient() const { | 342 LocalFrameClient* FrameFetchContext::localFrameClient() const { |
342 return frame()->client(); | 343 return frame()->client(); |
343 } | 344 } |
344 | 345 |
| 346 ContentSettingsClient* FrameFetchContext::contentSettingsClient() const { |
| 347 return frame()->contentSettingsClient(); |
| 348 } |
| 349 |
345 void FrameFetchContext::addAdditionalRequestHeaders(ResourceRequest& request, | 350 void FrameFetchContext::addAdditionalRequestHeaders(ResourceRequest& request, |
346 FetchResourceType type) { | 351 FetchResourceType type) { |
347 bool isMainResource = type == FetchMainResource; | 352 bool isMainResource = type == FetchMainResource; |
348 if (!isMainResource) { | 353 if (!isMainResource) { |
349 if (!request.didSetHTTPReferrer()) { | 354 if (!request.didSetHTTPReferrer()) { |
350 DCHECK(m_document); | 355 DCHECK(m_document); |
351 request.setHTTPReferrer(SecurityPolicy::generateReferrer( | 356 request.setHTTPReferrer(SecurityPolicy::generateReferrer( |
352 m_document->getReferrerPolicy(), request.url(), | 357 m_document->getReferrerPolicy(), request.url(), |
353 m_document->outgoingReferrer())); | 358 m_document->outgoingReferrer())); |
354 request.addHTTPOriginIfNeeded(m_document->getSecurityOrigin()); | 359 request.addHTTPOriginIfNeeded(m_document->getSecurityOrigin()); |
(...skipping 290 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
645 Document* initiatorDocument = m_document && info.isMainResource() | 650 Document* initiatorDocument = m_document && info.isMainResource() |
646 ? m_document->parentDocument() | 651 ? m_document->parentDocument() |
647 : m_document.get(); | 652 : m_document.get(); |
648 if (!initiatorDocument || !initiatorDocument->domWindow()) | 653 if (!initiatorDocument || !initiatorDocument->domWindow()) |
649 return; | 654 return; |
650 DOMWindowPerformance::performance(*initiatorDocument->domWindow()) | 655 DOMWindowPerformance::performance(*initiatorDocument->domWindow()) |
651 ->addResourceTiming(info); | 656 ->addResourceTiming(info); |
652 } | 657 } |
653 | 658 |
654 bool FrameFetchContext::allowImage(bool imagesEnabled, const KURL& url) const { | 659 bool FrameFetchContext::allowImage(bool imagesEnabled, const KURL& url) const { |
655 return localFrameClient()->allowImage(imagesEnabled, url); | 660 return contentSettingsClient()->allowImage(imagesEnabled, url); |
656 } | 661 } |
657 | 662 |
658 void FrameFetchContext::printAccessDeniedMessage(const KURL& url) const { | 663 void FrameFetchContext::printAccessDeniedMessage(const KURL& url) const { |
659 if (url.isNull()) | 664 if (url.isNull()) |
660 return; | 665 return; |
661 | 666 |
662 String message; | 667 String message; |
663 if (!m_document || m_document->url().isNull()) { | 668 if (!m_document || m_document->url().isNull()) { |
664 message = "Unsafe attempt to load URL " + url.elidedString() + '.'; | 669 message = "Unsafe attempt to load URL " + url.elidedString() + '.'; |
665 } else if (url.isLocalFile() || m_document->url().isLocalFile()) { | 670 } else if (url.isLocalFile() || m_document->url().isLocalFile()) { |
(...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
780 if (!shouldBypassMainWorldCSP && | 785 if (!shouldBypassMainWorldCSP && |
781 !m_document->contentSecurityPolicy()->allowRequest( | 786 !m_document->contentSecurityPolicy()->allowRequest( |
782 resourceRequest.requestContext(), url, | 787 resourceRequest.requestContext(), url, |
783 options.contentSecurityPolicyNonce, options.integrityMetadata, | 788 options.contentSecurityPolicyNonce, options.integrityMetadata, |
784 options.parserDisposition, redirectStatus, reportingPolicy)) | 789 options.parserDisposition, redirectStatus, reportingPolicy)) |
785 return ResourceRequestBlockedReason::CSP; | 790 return ResourceRequestBlockedReason::CSP; |
786 } | 791 } |
787 | 792 |
788 if (type == Resource::Script || type == Resource::ImportResource) { | 793 if (type == Resource::Script || type == Resource::ImportResource) { |
789 DCHECK(frame()); | 794 DCHECK(frame()); |
790 if (!localFrameClient()->allowScriptFromSource( | 795 if (!contentSettingsClient()->allowScriptFromSource( |
791 !frame()->settings() || frame()->settings()->getScriptEnabled(), | 796 !frame()->settings() || frame()->settings()->getScriptEnabled(), |
792 url)) { | 797 url)) { |
793 localFrameClient()->didNotAllowScript(); | 798 contentSettingsClient()->didNotAllowScript(); |
794 // TODO(estark): Use a different ResourceRequestBlockedReason here, since | 799 // TODO(estark): Use a different ResourceRequestBlockedReason here, since |
795 // this check has nothing to do with CSP. https://crbug.com/600795 | 800 // this check has nothing to do with CSP. https://crbug.com/600795 |
796 return ResourceRequestBlockedReason::CSP; | 801 return ResourceRequestBlockedReason::CSP; |
797 } | 802 } |
798 } | 803 } |
799 | 804 |
800 // SVG Images have unique security rules that prevent all subresource requests | 805 // SVG Images have unique security rules that prevent all subresource requests |
801 // except for data urls. | 806 // except for data urls. |
802 if (type != Resource::MainResource && | 807 if (type != Resource::MainResource && |
803 frame()->chromeClient().isSVGImageChromeClient() && !url.protocolIsData()) | 808 frame()->chromeClient().isSVGImageChromeClient() && !url.protocolIsData()) |
(...skipping 255 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1059 return frame()->frameScheduler()->loadingTaskRunner(); | 1064 return frame()->frameScheduler()->loadingTaskRunner(); |
1060 } | 1065 } |
1061 | 1066 |
1062 DEFINE_TRACE(FrameFetchContext) { | 1067 DEFINE_TRACE(FrameFetchContext) { |
1063 visitor->trace(m_document); | 1068 visitor->trace(m_document); |
1064 visitor->trace(m_documentLoader); | 1069 visitor->trace(m_documentLoader); |
1065 FetchContext::trace(visitor); | 1070 FetchContext::trace(visitor); |
1066 } | 1071 } |
1067 | 1072 |
1068 } // namespace blink | 1073 } // namespace blink |
OLD | NEW |