| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. |
| 3 * Copyright (C) 2011 Google Inc. All rights reserved. | 3 * Copyright (C) 2011 Google Inc. All rights reserved. |
| 4 * | 4 * |
| 5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
| 6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
| 7 * are met: | 7 * are met: |
| 8 * | 8 * |
| 9 * 1. Redistributions of source code must retain the above copyright | 9 * 1. Redistributions of source code must retain the above copyright |
| 10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
| (...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 82 #include "wtf/Assertions.h" | 82 #include "wtf/Assertions.h" |
| 83 #include "wtf/AutoReset.h" | 83 #include "wtf/AutoReset.h" |
| 84 #include "wtf/text/WTFString.h" | 84 #include "wtf/text/WTFString.h" |
| 85 | 85 |
| 86 namespace blink { | 86 namespace blink { |
| 87 | 87 |
| 88 static bool IsArchiveMIMEType(const String& mime_type) { | 88 static bool IsArchiveMIMEType(const String& mime_type) { |
| 89 return EqualIgnoringCase("multipart/related", mime_type); | 89 return EqualIgnoringCase("multipart/related", mime_type); |
| 90 } | 90 } |
| 91 | 91 |
| 92 static bool ShouldInheritSecurityOriginFromOwner(const KURL& url) { | |
| 93 // https://html.spec.whatwg.org/multipage/browsers.html#origin | |
| 94 // | |
| 95 // If a Document is the initial "about:blank" document The origin and | |
| 96 // effective script origin of the Document are those it was assigned when its | |
| 97 // browsing context was created. | |
| 98 // | |
| 99 // Note: We generalize this to all "blank" URLs and invalid URLs because we | |
| 100 // treat all of these URLs as about:blank. | |
| 101 return url.IsEmpty() || url.ProtocolIsAbout(); | |
| 102 } | |
| 103 | |
| 104 DocumentLoader::DocumentLoader(LocalFrame* frame, | 92 DocumentLoader::DocumentLoader(LocalFrame* frame, |
| 105 const ResourceRequest& req, | 93 const ResourceRequest& req, |
| 106 const SubstituteData& substitute_data, | 94 const SubstituteData& substitute_data, |
| 107 ClientRedirectPolicy client_redirect_policy) | 95 ClientRedirectPolicy client_redirect_policy) |
| 108 : frame_(frame), | 96 : frame_(frame), |
| 109 fetcher_(FrameFetchContext::CreateFetcherFromDocumentLoader(this)), | 97 fetcher_(FrameFetchContext::CreateFetcherFromDocumentLoader(this)), |
| 110 original_request_(req), | 98 original_request_(req), |
| 111 substitute_data_(substitute_data), | 99 substitute_data_(substitute_data), |
| 112 request_(req), | 100 request_(req), |
| 113 load_type_(kFrameLoadTypeStandard), | 101 load_type_(kFrameLoadTypeStandard), |
| (...skipping 555 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 669 if (!frame_) | 657 if (!frame_) |
| 670 return; | 658 return; |
| 671 | 659 |
| 672 const AtomicString& encoding = GetResponse().TextEncodingName(); | 660 const AtomicString& encoding = GetResponse().TextEncodingName(); |
| 673 | 661 |
| 674 // Prepare a DocumentInit before clearing the frame, because it may need to | 662 // Prepare a DocumentInit before clearing the frame, because it may need to |
| 675 // inherit an aliased security context. | 663 // inherit an aliased security context. |
| 676 Document* owner = nullptr; | 664 Document* owner = nullptr; |
| 677 // TODO(dcheng): This differs from the behavior of both IE and Firefox: the | 665 // TODO(dcheng): This differs from the behavior of both IE and Firefox: the |
| 678 // origin is inherited from the document that loaded the URL. | 666 // origin is inherited from the document that loaded the URL. |
| 679 if (ShouldInheritSecurityOriginFromOwner(Url())) { | 667 if (Document::ShouldInheritSecurityOriginFromOwner(Url())) { |
| 680 Frame* owner_frame = frame_->Tree().Parent(); | 668 Frame* owner_frame = frame_->Tree().Parent(); |
| 681 if (!owner_frame) | 669 if (!owner_frame) |
| 682 owner_frame = frame_->Loader().Opener(); | 670 owner_frame = frame_->Loader().Opener(); |
| 683 if (owner_frame && owner_frame->IsLocalFrame()) | 671 if (owner_frame && owner_frame->IsLocalFrame()) |
| 684 owner = ToLocalFrame(owner_frame)->GetDocument(); | 672 owner = ToLocalFrame(owner_frame)->GetDocument(); |
| 685 } | 673 } |
| 686 DocumentInit init(owner, Url(), frame_); | 674 DocumentInit init(owner, Url(), frame_); |
| 687 init.WithNewRegistrationContext(); | 675 init.WithNewRegistrationContext(); |
| 688 frame_->Loader().Clear(); | 676 frame_->Loader().Clear(); |
| 689 DCHECK(frame_->GetPage()); | 677 DCHECK(frame_->GetPage()); |
| (...skipping 317 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1007 LocalFrame* frame = document->GetFrame(); | 995 LocalFrame* frame = document->GetFrame(); |
| 1008 WebFeaturePolicy* parent_feature_policy = | 996 WebFeaturePolicy* parent_feature_policy = |
| 1009 frame->IsMainFrame() | 997 frame->IsMainFrame() |
| 1010 ? nullptr | 998 ? nullptr |
| 1011 : frame->Tree().Parent()->GetSecurityContext()->GetFeaturePolicy(); | 999 : frame->Tree().Parent()->GetSecurityContext()->GetFeaturePolicy(); |
| 1012 Vector<String> messages; | 1000 Vector<String> messages; |
| 1013 const WebParsedFeaturePolicy& parsed_header = ParseFeaturePolicy( | 1001 const WebParsedFeaturePolicy& parsed_header = ParseFeaturePolicy( |
| 1014 feature_policy_header, frame->GetSecurityContext()->GetSecurityOrigin(), | 1002 feature_policy_header, frame->GetSecurityContext()->GetSecurityOrigin(), |
| 1015 &messages); | 1003 &messages); |
| 1016 WebParsedFeaturePolicy container_policy; | 1004 WebParsedFeaturePolicy container_policy; |
| 1017 if (frame->Owner()) { | 1005 if (frame->Owner()) |
| 1018 container_policy = GetContainerPolicyFromAllowedFeatures( | 1006 container_policy = frame->Owner()->ContainerPolicy(); |
| 1019 frame->Owner()->AllowedFeatures(), | |
| 1020 frame->GetSecurityContext()->GetSecurityOrigin()); | |
| 1021 } | |
| 1022 frame->GetSecurityContext()->InitializeFeaturePolicy( | 1007 frame->GetSecurityContext()->InitializeFeaturePolicy( |
| 1023 parsed_header, container_policy, parent_feature_policy); | 1008 parsed_header, container_policy, parent_feature_policy); |
| 1024 | 1009 |
| 1025 for (auto& message : messages) { | 1010 for (auto& message : messages) { |
| 1026 document->AddConsoleMessage( | 1011 document->AddConsoleMessage( |
| 1027 ConsoleMessage::Create(kOtherMessageSource, kErrorMessageLevel, | 1012 ConsoleMessage::Create(kOtherMessageSource, kErrorMessageLevel, |
| 1028 "Error with Feature-Policy header: " + message)); | 1013 "Error with Feature-Policy header: " + message)); |
| 1029 } | 1014 } |
| 1030 if (!parsed_header.empty()) | 1015 if (!parsed_header.empty()) |
| 1031 frame->Client()->DidSetFeaturePolicyHeader(parsed_header); | 1016 frame->Client()->DidSetFeaturePolicyHeader(parsed_header); |
| (...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1114 InstallNewDocumentReason::kJavascriptURL, | 1099 InstallNewDocumentReason::kJavascriptURL, |
| 1115 kForceSynchronousParsing, KURL()); | 1100 kForceSynchronousParsing, KURL()); |
| 1116 if (!source.IsNull()) | 1101 if (!source.IsNull()) |
| 1117 writer_->AppendReplacingData(source); | 1102 writer_->AppendReplacingData(source); |
| 1118 EndWriting(); | 1103 EndWriting(); |
| 1119 } | 1104 } |
| 1120 | 1105 |
| 1121 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); | 1106 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); |
| 1122 | 1107 |
| 1123 } // namespace blink | 1108 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2797813002:
Replicate feature policy container policies. (Closed)
