| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 17 matching lines...) Expand all Loading... |
| 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 29 */ | 29 */ |
| 30 | 30 |
| 31 #include "core/loader/FrameFetchContext.h" | 31 #include "core/loader/FrameFetchContext.h" |
| 32 | 32 |
| 33 #include <algorithm> | 33 #include <algorithm> |
| 34 #include <memory> | 34 #include <memory> |
| 35 #include "bindings/core/v8/ScriptController.h" | 35 #include "bindings/core/v8/ScriptController.h" |
| 36 #include "bindings/core/v8/V8DOMActivityLogger.h" | 36 #include "bindings/core/v8/V8DOMActivityLogger.h" |
| 37 #include "core/dom/Document.h" | 37 #include "core/dom/Document.h" |
| 38 #include "core/frame/ContentSettingsClient.h" |
| 38 #include "core/frame/Deprecation.h" | 39 #include "core/frame/Deprecation.h" |
| 39 #include "core/frame/FrameConsole.h" | 40 #include "core/frame/FrameConsole.h" |
| 40 #include "core/frame/FrameView.h" | 41 #include "core/frame/FrameView.h" |
| 41 #include "core/frame/LocalDOMWindow.h" | 42 #include "core/frame/LocalDOMWindow.h" |
| 42 #include "core/frame/LocalFrame.h" | 43 #include "core/frame/LocalFrame.h" |
| 43 #include "core/frame/LocalFrameClient.h" | 44 #include "core/frame/LocalFrameClient.h" |
| 44 #include "core/frame/Settings.h" | 45 #include "core/frame/Settings.h" |
| 45 #include "core/frame/UseCounter.h" | 46 #include "core/frame/UseCounter.h" |
| 46 #include "core/html/HTMLFrameOwnerElement.h" | 47 #include "core/html/HTMLFrameOwnerElement.h" |
| 47 #include "core/html/imports/HTMLImportsController.h" | 48 #include "core/html/imports/HTMLImportsController.h" |
| (...skipping 288 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 336 | 337 |
| 337 LocalFrame* frame = m_documentLoader->frame(); | 338 LocalFrame* frame = m_documentLoader->frame(); |
| 338 DCHECK(frame); | 339 DCHECK(frame); |
| 339 return frame; | 340 return frame; |
| 340 } | 341 } |
| 341 | 342 |
| 342 LocalFrameClient* FrameFetchContext::localFrameClient() const { | 343 LocalFrameClient* FrameFetchContext::localFrameClient() const { |
| 343 return frame()->client(); | 344 return frame()->client(); |
| 344 } | 345 } |
| 345 | 346 |
| 347 ContentSettingsClient* FrameFetchContext::contentSettingsClient() const { |
| 348 return frame()->contentSettingsClient(); |
| 349 } |
| 350 |
| 346 void FrameFetchContext::addAdditionalRequestHeaders(ResourceRequest& request, | 351 void FrameFetchContext::addAdditionalRequestHeaders(ResourceRequest& request, |
| 347 FetchResourceType type) { | 352 FetchResourceType type) { |
| 348 bool isMainResource = type == FetchMainResource; | 353 bool isMainResource = type == FetchMainResource; |
| 349 if (!isMainResource) { | 354 if (!isMainResource) { |
| 350 if (!request.didSetHTTPReferrer()) { | 355 if (!request.didSetHTTPReferrer()) { |
| 351 DCHECK(m_document); | 356 DCHECK(m_document); |
| 352 request.setHTTPReferrer(SecurityPolicy::generateReferrer( | 357 request.setHTTPReferrer(SecurityPolicy::generateReferrer( |
| 353 m_document->getReferrerPolicy(), request.url(), | 358 m_document->getReferrerPolicy(), request.url(), |
| 354 m_document->outgoingReferrer())); | 359 m_document->outgoingReferrer())); |
| 355 request.addHTTPOriginIfNeeded(m_document->getSecurityOrigin()); | 360 request.addHTTPOriginIfNeeded(m_document->getSecurityOrigin()); |
| (...skipping 265 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 621 Document* initiatorDocument = m_document && info.isMainResource() | 626 Document* initiatorDocument = m_document && info.isMainResource() |
| 622 ? m_document->parentDocument() | 627 ? m_document->parentDocument() |
| 623 : m_document.get(); | 628 : m_document.get(); |
| 624 if (!initiatorDocument || !initiatorDocument->domWindow()) | 629 if (!initiatorDocument || !initiatorDocument->domWindow()) |
| 625 return; | 630 return; |
| 626 DOMWindowPerformance::performance(*initiatorDocument->domWindow()) | 631 DOMWindowPerformance::performance(*initiatorDocument->domWindow()) |
| 627 ->addResourceTiming(info); | 632 ->addResourceTiming(info); |
| 628 } | 633 } |
| 629 | 634 |
| 630 bool FrameFetchContext::allowImage(bool imagesEnabled, const KURL& url) const { | 635 bool FrameFetchContext::allowImage(bool imagesEnabled, const KURL& url) const { |
| 631 return localFrameClient()->allowImage(imagesEnabled, url); | 636 return contentSettingsClient()->allowImage(imagesEnabled, url); |
| 632 } | 637 } |
| 633 | 638 |
| 634 void FrameFetchContext::printAccessDeniedMessage(const KURL& url) const { | 639 void FrameFetchContext::printAccessDeniedMessage(const KURL& url) const { |
| 635 if (url.isNull()) | 640 if (url.isNull()) |
| 636 return; | 641 return; |
| 637 | 642 |
| 638 String message; | 643 String message; |
| 639 if (!m_document || m_document->url().isNull()) { | 644 if (!m_document || m_document->url().isNull()) { |
| 640 message = "Unsafe attempt to load URL " + url.elidedString() + '.'; | 645 message = "Unsafe attempt to load URL " + url.elidedString() + '.'; |
| 641 } else if (url.isLocalFile() || m_document->url().isLocalFile()) { | 646 } else if (url.isLocalFile() || m_document->url().isLocalFile()) { |
| (...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 756 if (!shouldBypassMainWorldCSP && | 761 if (!shouldBypassMainWorldCSP && |
| 757 !m_document->contentSecurityPolicy()->allowRequest( | 762 !m_document->contentSecurityPolicy()->allowRequest( |
| 758 resourceRequest.requestContext(), url, | 763 resourceRequest.requestContext(), url, |
| 759 options.contentSecurityPolicyNonce, options.integrityMetadata, | 764 options.contentSecurityPolicyNonce, options.integrityMetadata, |
| 760 options.parserDisposition, redirectStatus, reportingPolicy)) | 765 options.parserDisposition, redirectStatus, reportingPolicy)) |
| 761 return ResourceRequestBlockedReason::CSP; | 766 return ResourceRequestBlockedReason::CSP; |
| 762 } | 767 } |
| 763 | 768 |
| 764 if (type == Resource::Script || type == Resource::ImportResource) { | 769 if (type == Resource::Script || type == Resource::ImportResource) { |
| 765 DCHECK(frame()); | 770 DCHECK(frame()); |
| 766 if (!localFrameClient()->allowScriptFromSource( | 771 if (!contentSettingsClient()->allowScriptFromSource( |
| 767 !frame()->settings() || frame()->settings()->getScriptEnabled(), | 772 !frame()->settings() || frame()->settings()->getScriptEnabled(), |
| 768 url)) { | 773 url)) { |
| 769 localFrameClient()->didNotAllowScript(); | 774 contentSettingsClient()->didNotAllowScript(); |
| 770 // TODO(estark): Use a different ResourceRequestBlockedReason here, since | 775 // TODO(estark): Use a different ResourceRequestBlockedReason here, since |
| 771 // this check has nothing to do with CSP. https://crbug.com/600795 | 776 // this check has nothing to do with CSP. https://crbug.com/600795 |
| 772 return ResourceRequestBlockedReason::CSP; | 777 return ResourceRequestBlockedReason::CSP; |
| 773 } | 778 } |
| 774 } | 779 } |
| 775 | 780 |
| 776 // SVG Images have unique security rules that prevent all subresource requests | 781 // SVG Images have unique security rules that prevent all subresource requests |
| 777 // except for data urls. | 782 // except for data urls. |
| 778 if (type != Resource::MainResource && | 783 if (type != Resource::MainResource && |
| 779 frame()->chromeClient().isSVGImageChromeClient() && !url.protocolIsData()) | 784 frame()->chromeClient().isSVGImageChromeClient() && !url.protocolIsData()) |
| (...skipping 295 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1075 response); | 1080 response); |
| 1076 } | 1081 } |
| 1077 | 1082 |
| 1078 DEFINE_TRACE(FrameFetchContext) { | 1083 DEFINE_TRACE(FrameFetchContext) { |
| 1079 visitor->trace(m_document); | 1084 visitor->trace(m_document); |
| 1080 visitor->trace(m_documentLoader); | 1085 visitor->trace(m_documentLoader); |
| 1081 FetchContext::trace(visitor); | 1086 FetchContext::trace(visitor); |
| 1082 } | 1087 } |
| 1083 | 1088 |
| 1084 } // namespace blink | 1089 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2786673002:
Separate ContentSettingsClient out from LocalFrameClient (Closed)
