Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(89)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/loader/FrameFetchContext.cpp

Issue 2794303002: Deprecate resource requests whose URLs contain raw newlines. (Closed)
Patch Set: Rebase. Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/frame/UseCounter.h ('k') | third_party/WebKit/Source/platform/RuntimeEnabledFeatures.json5 » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2013 Google Inc. All rights reserved. 2 * Copyright (C) 2013 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 825 matching lines...) Expand 10 before | Expand all | Expand 10 after
836 } 836 }
837 } 837 }
838 838
839 // Check for mixed content. We do this second-to-last so that when folks block 839 // Check for mixed content. We do this second-to-last so that when folks block
840 // mixed content with a CSP policy, they don't get a warning. They'll still 840 // mixed content with a CSP policy, they don't get a warning. They'll still
841 // get a warning in the console about CSP blocking the load. 841 // get a warning in the console about CSP blocking the load.
842 if (MixedContentChecker::shouldBlockFetch(frame(), resourceRequest, url, 842 if (MixedContentChecker::shouldBlockFetch(frame(), resourceRequest, url,
843 reportingPolicy)) 843 reportingPolicy))
844 return ResourceRequestBlockedReason::MixedContent; 844 return ResourceRequestBlockedReason::MixedContent;
845 845
846 if (url.whitespaceRemoved()) {
847 Deprecation::countDeprecation(
848 frame()->document(), UseCounter::CanRequestURLHTTPContainingNewline);
849 if (url.protocolIsInHTTPFamily()) {
850 if (RuntimeEnabledFeatures::restrictCanRequestURLCharacterSetEnabled())
851 return ResourceRequestBlockedReason::Other;
852 } else {
853 UseCounter::count(frame()->document(),
854 UseCounter::CanRequestURLNonHTTPContainingNewline);
855 }
856 }
857
846 // Let the client have the final say into whether or not the load should 858 // Let the client have the final say into whether or not the load should
847 // proceed. 859 // proceed.
848 DocumentLoader* documentLoader = masterDocumentLoader(); 860 DocumentLoader* documentLoader = masterDocumentLoader();
849 if (documentLoader && documentLoader->subresourceFilter() && 861 if (documentLoader && documentLoader->subresourceFilter() &&
850 type != Resource::MainResource && type != Resource::ImportResource) { 862 type != Resource::MainResource && type != Resource::ImportResource) {
851 if (!documentLoader->subresourceFilter()->allowLoad( 863 if (!documentLoader->subresourceFilter()->allowLoad(
852 url, resourceRequest.requestContext(), reportingPolicy)) { 864 url, resourceRequest.requestContext(), reportingPolicy)) {
853 return ResourceRequestBlockedReason::SubresourceFilter; 865 return ResourceRequestBlockedReason::SubresourceFilter;
854 } 866 }
855 } 867 }
(...skipping 209 matching lines...) Expand 10 before | Expand all | Expand 10 after
1065 return frame()->frameScheduler()->loadingTaskRunner(); 1077 return frame()->frameScheduler()->loadingTaskRunner();
1066 } 1078 }
1067 1079
1068 DEFINE_TRACE(FrameFetchContext) { 1080 DEFINE_TRACE(FrameFetchContext) {
1069 visitor->trace(m_document); 1081 visitor->trace(m_document);
1070 visitor->trace(m_documentLoader); 1082 visitor->trace(m_documentLoader);
1071 FetchContext::trace(visitor); 1083 FetchContext::trace(visitor);
1072 } 1084 }
1073 1085
1074 } // namespace blink 1086 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/frame/UseCounter.h ('k') | third_party/WebKit/Source/platform/RuntimeEnabledFeatures.json5 » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698