OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 17 matching lines...) Expand all Loading... |
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
29 */ | 29 */ |
30 | 30 |
31 #include "core/loader/FrameFetchContext.h" | 31 #include "core/loader/FrameFetchContext.h" |
32 | 32 |
33 #include <algorithm> | 33 #include <algorithm> |
34 #include <memory> | 34 #include <memory> |
35 #include "bindings/core/v8/ScriptController.h" | 35 #include "bindings/core/v8/ScriptController.h" |
36 #include "bindings/core/v8/V8DOMActivityLogger.h" | 36 #include "bindings/core/v8/V8DOMActivityLogger.h" |
37 #include "core/dom/Document.h" | 37 #include "core/dom/Document.h" |
| 38 #include "core/frame/ContentSettingsClient.h" |
38 #include "core/frame/Deprecation.h" | 39 #include "core/frame/Deprecation.h" |
39 #include "core/frame/FrameConsole.h" | 40 #include "core/frame/FrameConsole.h" |
40 #include "core/frame/FrameView.h" | 41 #include "core/frame/FrameView.h" |
41 #include "core/frame/LocalDOMWindow.h" | 42 #include "core/frame/LocalDOMWindow.h" |
42 #include "core/frame/LocalFrame.h" | 43 #include "core/frame/LocalFrame.h" |
43 #include "core/frame/LocalFrameClient.h" | 44 #include "core/frame/LocalFrameClient.h" |
44 #include "core/frame/Settings.h" | 45 #include "core/frame/Settings.h" |
45 #include "core/frame/UseCounter.h" | 46 #include "core/frame/UseCounter.h" |
46 #include "core/html/HTMLFrameOwnerElement.h" | 47 #include "core/html/HTMLFrameOwnerElement.h" |
47 #include "core/html/imports/HTMLImportsController.h" | 48 #include "core/html/imports/HTMLImportsController.h" |
(...skipping 288 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
336 | 337 |
337 LocalFrame* frame = m_documentLoader->frame(); | 338 LocalFrame* frame = m_documentLoader->frame(); |
338 DCHECK(frame); | 339 DCHECK(frame); |
339 return frame; | 340 return frame; |
340 } | 341 } |
341 | 342 |
342 LocalFrameClient* FrameFetchContext::localFrameClient() const { | 343 LocalFrameClient* FrameFetchContext::localFrameClient() const { |
343 return frame()->client(); | 344 return frame()->client(); |
344 } | 345 } |
345 | 346 |
| 347 ContentSettingsClient* FrameFetchContext::contentSettingsClient() const { |
| 348 return frame()->contentSettingsClient(); |
| 349 } |
| 350 |
346 void FrameFetchContext::addAdditionalRequestHeaders(ResourceRequest& request, | 351 void FrameFetchContext::addAdditionalRequestHeaders(ResourceRequest& request, |
347 FetchResourceType type) { | 352 FetchResourceType type) { |
348 bool isMainResource = type == FetchMainResource; | 353 bool isMainResource = type == FetchMainResource; |
349 if (!isMainResource) { | 354 if (!isMainResource) { |
350 if (!request.didSetHTTPReferrer()) { | 355 if (!request.didSetHTTPReferrer()) { |
351 DCHECK(m_document); | 356 DCHECK(m_document); |
352 request.setHTTPReferrer(SecurityPolicy::generateReferrer( | 357 request.setHTTPReferrer(SecurityPolicy::generateReferrer( |
353 m_document->getReferrerPolicy(), request.url(), | 358 m_document->getReferrerPolicy(), request.url(), |
354 m_document->outgoingReferrer())); | 359 m_document->outgoingReferrer())); |
355 request.addHTTPOriginIfNeeded(m_document->getSecurityOrigin()); | 360 request.addHTTPOriginIfNeeded(m_document->getSecurityOrigin()); |
(...skipping 265 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
621 Document* initiatorDocument = m_document && info.isMainResource() | 626 Document* initiatorDocument = m_document && info.isMainResource() |
622 ? m_document->parentDocument() | 627 ? m_document->parentDocument() |
623 : m_document.get(); | 628 : m_document.get(); |
624 if (!initiatorDocument || !initiatorDocument->domWindow()) | 629 if (!initiatorDocument || !initiatorDocument->domWindow()) |
625 return; | 630 return; |
626 DOMWindowPerformance::performance(*initiatorDocument->domWindow()) | 631 DOMWindowPerformance::performance(*initiatorDocument->domWindow()) |
627 ->addResourceTiming(info); | 632 ->addResourceTiming(info); |
628 } | 633 } |
629 | 634 |
630 bool FrameFetchContext::allowImage(bool imagesEnabled, const KURL& url) const { | 635 bool FrameFetchContext::allowImage(bool imagesEnabled, const KURL& url) const { |
631 return localFrameClient()->allowImage(imagesEnabled, url); | 636 return contentSettingsClient()->allowImage(imagesEnabled, url); |
632 } | 637 } |
633 | 638 |
634 void FrameFetchContext::printAccessDeniedMessage(const KURL& url) const { | 639 void FrameFetchContext::printAccessDeniedMessage(const KURL& url) const { |
635 if (url.isNull()) | 640 if (url.isNull()) |
636 return; | 641 return; |
637 | 642 |
638 String message; | 643 String message; |
639 if (!m_document || m_document->url().isNull()) { | 644 if (!m_document || m_document->url().isNull()) { |
640 message = "Unsafe attempt to load URL " + url.elidedString() + '.'; | 645 message = "Unsafe attempt to load URL " + url.elidedString() + '.'; |
641 } else if (url.isLocalFile() || m_document->url().isLocalFile()) { | 646 } else if (url.isLocalFile() || m_document->url().isLocalFile()) { |
(...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
756 if (!shouldBypassMainWorldCSP && | 761 if (!shouldBypassMainWorldCSP && |
757 !m_document->contentSecurityPolicy()->allowRequest( | 762 !m_document->contentSecurityPolicy()->allowRequest( |
758 resourceRequest.requestContext(), url, | 763 resourceRequest.requestContext(), url, |
759 options.contentSecurityPolicyNonce, options.integrityMetadata, | 764 options.contentSecurityPolicyNonce, options.integrityMetadata, |
760 options.parserDisposition, redirectStatus, reportingPolicy)) | 765 options.parserDisposition, redirectStatus, reportingPolicy)) |
761 return ResourceRequestBlockedReason::CSP; | 766 return ResourceRequestBlockedReason::CSP; |
762 } | 767 } |
763 | 768 |
764 if (type == Resource::Script || type == Resource::ImportResource) { | 769 if (type == Resource::Script || type == Resource::ImportResource) { |
765 DCHECK(frame()); | 770 DCHECK(frame()); |
766 if (!localFrameClient()->allowScriptFromSource( | 771 if (!contentSettingsClient()->allowScriptFromSource( |
767 !frame()->settings() || frame()->settings()->getScriptEnabled(), | 772 !frame()->settings() || frame()->settings()->getScriptEnabled(), |
768 url)) { | 773 url)) { |
769 localFrameClient()->didNotAllowScript(); | 774 contentSettingsClient()->didNotAllowScript(); |
770 // TODO(estark): Use a different ResourceRequestBlockedReason here, since | 775 // TODO(estark): Use a different ResourceRequestBlockedReason here, since |
771 // this check has nothing to do with CSP. https://crbug.com/600795 | 776 // this check has nothing to do with CSP. https://crbug.com/600795 |
772 return ResourceRequestBlockedReason::CSP; | 777 return ResourceRequestBlockedReason::CSP; |
773 } | 778 } |
774 } | 779 } |
775 | 780 |
776 // SVG Images have unique security rules that prevent all subresource requests | 781 // SVG Images have unique security rules that prevent all subresource requests |
777 // except for data urls. | 782 // except for data urls. |
778 if (type != Resource::MainResource && | 783 if (type != Resource::MainResource && |
779 frame()->chromeClient().isSVGImageChromeClient() && !url.protocolIsData()) | 784 frame()->chromeClient().isSVGImageChromeClient() && !url.protocolIsData()) |
(...skipping 295 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1075 response); | 1080 response); |
1076 } | 1081 } |
1077 | 1082 |
1078 DEFINE_TRACE(FrameFetchContext) { | 1083 DEFINE_TRACE(FrameFetchContext) { |
1079 visitor->trace(m_document); | 1084 visitor->trace(m_document); |
1080 visitor->trace(m_documentLoader); | 1085 visitor->trace(m_documentLoader); |
1081 FetchContext::trace(visitor); | 1086 FetchContext::trace(visitor); |
1082 } | 1087 } |
1083 | 1088 |
1084 } // namespace blink | 1089 } // namespace blink |
OLD | NEW |