| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. |
| 3 * Copyright (C) 2011 Google Inc. All rights reserved. | 3 * Copyright (C) 2011 Google Inc. All rights reserved. |
| 4 * | 4 * |
| 5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
| 6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
| 7 * are met: | 7 * are met: |
| 8 * | 8 * |
| 9 * 1. Redistributions of source code must retain the above copyright | 9 * 1. Redistributions of source code must retain the above copyright |
| 10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
| (...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 82 #include "platform/wtf/text/WTFString.h" | 82 #include "platform/wtf/text/WTFString.h" |
| 83 #include "public/platform/Platform.h" | 83 #include "public/platform/Platform.h" |
| 84 #include "public/platform/modules/serviceworker/WebServiceWorkerNetworkProvider.
h" | 84 #include "public/platform/modules/serviceworker/WebServiceWorkerNetworkProvider.
h" |
| 85 | 85 |
| 86 namespace blink { | 86 namespace blink { |
| 87 | 87 |
| 88 static bool IsArchiveMIMEType(const String& mime_type) { | 88 static bool IsArchiveMIMEType(const String& mime_type) { |
| 89 return DeprecatedEqualIgnoringCase("multipart/related", mime_type); | 89 return DeprecatedEqualIgnoringCase("multipart/related", mime_type); |
| 90 } | 90 } |
| 91 | 91 |
| 92 static bool ShouldInheritSecurityOriginFromOwner(const KURL& url) { | |
| 93 // https://html.spec.whatwg.org/multipage/browsers.html#origin | |
| 94 // | |
| 95 // If a Document is the initial "about:blank" document The origin and | |
| 96 // effective script origin of the Document are those it was assigned when its | |
| 97 // browsing context was created. | |
| 98 // | |
| 99 // Note: We generalize this to all "blank" URLs and invalid URLs because we | |
| 100 // treat all of these URLs as about:blank. | |
| 101 return url.IsEmpty() || url.ProtocolIsAbout(); | |
| 102 } | |
| 103 | |
| 104 DocumentLoader::DocumentLoader(LocalFrame* frame, | 92 DocumentLoader::DocumentLoader(LocalFrame* frame, |
| 105 const ResourceRequest& req, | 93 const ResourceRequest& req, |
| 106 const SubstituteData& substitute_data, | 94 const SubstituteData& substitute_data, |
| 107 ClientRedirectPolicy client_redirect_policy) | 95 ClientRedirectPolicy client_redirect_policy) |
| 108 : frame_(frame), | 96 : frame_(frame), |
| 109 fetcher_(FrameFetchContext::CreateFetcherFromDocumentLoader(this)), | 97 fetcher_(FrameFetchContext::CreateFetcherFromDocumentLoader(this)), |
| 110 original_request_(req), | 98 original_request_(req), |
| 111 substitute_data_(substitute_data), | 99 substitute_data_(substitute_data), |
| 112 request_(req), | 100 request_(req), |
| 113 load_type_(kFrameLoadTypeStandard), | 101 load_type_(kFrameLoadTypeStandard), |
| (...skipping 542 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 656 if (!frame_) | 644 if (!frame_) |
| 657 return; | 645 return; |
| 658 | 646 |
| 659 const AtomicString& encoding = GetResponse().TextEncodingName(); | 647 const AtomicString& encoding = GetResponse().TextEncodingName(); |
| 660 | 648 |
| 661 // Prepare a DocumentInit before clearing the frame, because it may need to | 649 // Prepare a DocumentInit before clearing the frame, because it may need to |
| 662 // inherit an aliased security context. | 650 // inherit an aliased security context. |
| 663 Document* owner = nullptr; | 651 Document* owner = nullptr; |
| 664 // TODO(dcheng): This differs from the behavior of both IE and Firefox: the | 652 // TODO(dcheng): This differs from the behavior of both IE and Firefox: the |
| 665 // origin is inherited from the document that loaded the URL. | 653 // origin is inherited from the document that loaded the URL. |
| 666 if (ShouldInheritSecurityOriginFromOwner(Url())) { | 654 if (Document::ShouldInheritSecurityOriginFromOwner(Url())) { |
| 667 Frame* owner_frame = frame_->Tree().Parent(); | 655 Frame* owner_frame = frame_->Tree().Parent(); |
| 668 if (!owner_frame) | 656 if (!owner_frame) |
| 669 owner_frame = frame_->Loader().Opener(); | 657 owner_frame = frame_->Loader().Opener(); |
| 670 if (owner_frame && owner_frame->IsLocalFrame()) | 658 if (owner_frame && owner_frame->IsLocalFrame()) |
| 671 owner = ToLocalFrame(owner_frame)->GetDocument(); | 659 owner = ToLocalFrame(owner_frame)->GetDocument(); |
| 672 } | 660 } |
| 673 DocumentInit init(owner, Url(), frame_); | 661 DocumentInit init(owner, Url(), frame_); |
| 674 init.WithNewRegistrationContext(); | 662 init.WithNewRegistrationContext(); |
| 675 frame_->Loader().Clear(); | 663 frame_->Loader().Clear(); |
| 676 DCHECK(frame_->GetPage()); | 664 DCHECK(frame_->GetPage()); |
| (...skipping 317 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 994 LocalFrame* frame = document->GetFrame(); | 982 LocalFrame* frame = document->GetFrame(); |
| 995 WebFeaturePolicy* parent_feature_policy = | 983 WebFeaturePolicy* parent_feature_policy = |
| 996 frame->IsMainFrame() | 984 frame->IsMainFrame() |
| 997 ? nullptr | 985 ? nullptr |
| 998 : frame->Tree().Parent()->GetSecurityContext()->GetFeaturePolicy(); | 986 : frame->Tree().Parent()->GetSecurityContext()->GetFeaturePolicy(); |
| 999 Vector<String> messages; | 987 Vector<String> messages; |
| 1000 const WebParsedFeaturePolicy& parsed_header = ParseFeaturePolicy( | 988 const WebParsedFeaturePolicy& parsed_header = ParseFeaturePolicy( |
| 1001 feature_policy_header, frame->GetSecurityContext()->GetSecurityOrigin(), | 989 feature_policy_header, frame->GetSecurityContext()->GetSecurityOrigin(), |
| 1002 &messages); | 990 &messages); |
| 1003 WebParsedFeaturePolicy container_policy; | 991 WebParsedFeaturePolicy container_policy; |
| 1004 if (frame->Owner()) { | 992 if (frame->Owner()) |
| 1005 container_policy = GetContainerPolicyFromAllowedFeatures( | 993 container_policy = frame->Owner()->ContainerPolicy(); |
| 1006 frame->Owner()->AllowedFeatures(), | |
| 1007 frame->GetSecurityContext()->GetSecurityOrigin()); | |
| 1008 } | |
| 1009 frame->GetSecurityContext()->InitializeFeaturePolicy( | 994 frame->GetSecurityContext()->InitializeFeaturePolicy( |
| 1010 parsed_header, container_policy, parent_feature_policy); | 995 parsed_header, container_policy, parent_feature_policy); |
| 1011 | 996 |
| 1012 for (auto& message : messages) { | 997 for (auto& message : messages) { |
| 1013 document->AddConsoleMessage( | 998 document->AddConsoleMessage( |
| 1014 ConsoleMessage::Create(kOtherMessageSource, kErrorMessageLevel, | 999 ConsoleMessage::Create(kOtherMessageSource, kErrorMessageLevel, |
| 1015 "Error with Feature-Policy header: " + message)); | 1000 "Error with Feature-Policy header: " + message)); |
| 1016 } | 1001 } |
| 1017 if (!parsed_header.empty()) | 1002 if (!parsed_header.empty()) |
| 1018 frame->Client()->DidSetFeaturePolicyHeader(parsed_header); | 1003 frame->Client()->DidSetFeaturePolicyHeader(parsed_header); |
| (...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1101 InstallNewDocumentReason::kJavascriptURL, | 1086 InstallNewDocumentReason::kJavascriptURL, |
| 1102 kForceSynchronousParsing, KURL()); | 1087 kForceSynchronousParsing, KURL()); |
| 1103 if (!source.IsNull()) | 1088 if (!source.IsNull()) |
| 1104 writer_->AppendReplacingData(source); | 1089 writer_->AppendReplacingData(source); |
| 1105 EndWriting(); | 1090 EndWriting(); |
| 1106 } | 1091 } |
| 1107 | 1092 |
| 1108 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); | 1093 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); |
| 1109 | 1094 |
| 1110 } // namespace blink | 1095 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2797813002:
Replicate feature policy container policies. (Closed)
