| Index: third_party/WebKit/Source/core/loader/FrameFetchContext.cpp
|
| diff --git a/third_party/WebKit/Source/core/loader/FrameFetchContext.cpp b/third_party/WebKit/Source/core/loader/FrameFetchContext.cpp
|
| index aad2404223ad5a4d6ec402328f81e4ac9c6f6034..e350736a54ebf48790623bb5e9f0f6aa274dbb1f 100644
|
| --- a/third_party/WebKit/Source/core/loader/FrameFetchContext.cpp
|
| +++ b/third_party/WebKit/Source/core/loader/FrameFetchContext.cpp
|
| @@ -337,10 +337,6 @@ LocalFrameClient* FrameFetchContext::GetLocalFrameClient() const {
|
| return GetFrame()->Client();
|
| }
|
|
|
| -ContentSettingsClient* FrameFetchContext::GetContentSettingsClient() const {
|
| - return GetFrame()->GetContentSettingsClient();
|
| -}
|
| -
|
| void FrameFetchContext::AddAdditionalRequestHeaders(ResourceRequest& request,
|
| FetchResourceType type) {
|
| BaseFetchContext::AddAdditionalRequestHeaders(request, type);
|
| @@ -636,204 +632,6 @@ bool FrameFetchContext::AllowImage(bool images_enabled, const KURL& url) const {
|
| return GetContentSettingsClient()->AllowImage(images_enabled, url);
|
| }
|
|
|
| -ResourceRequestBlockedReason FrameFetchContext::CanRequest(
|
| - Resource::Type type,
|
| - const ResourceRequest& resource_request,
|
| - const KURL& url,
|
| - const ResourceLoaderOptions& options,
|
| - SecurityViolationReportingPolicy reporting_policy,
|
| - FetchParameters::OriginRestriction origin_restriction) const {
|
| - ResourceRequestBlockedReason blocked_reason = CanRequestInternal(
|
| - type, resource_request, url, options, reporting_policy,
|
| - origin_restriction, resource_request.GetRedirectStatus());
|
| - if (blocked_reason != ResourceRequestBlockedReason::kNone &&
|
| - reporting_policy == SecurityViolationReportingPolicy::kReport) {
|
| - probe::didBlockRequest(GetFrame(), resource_request, MasterDocumentLoader(),
|
| - options.initiator_info, blocked_reason);
|
| - }
|
| - return blocked_reason;
|
| -}
|
| -
|
| -ResourceRequestBlockedReason FrameFetchContext::AllowResponse(
|
| - Resource::Type type,
|
| - const ResourceRequest& resource_request,
|
| - const KURL& url,
|
| - const ResourceLoaderOptions& options) const {
|
| - ResourceRequestBlockedReason blocked_reason =
|
| - CanRequestInternal(type, resource_request, url, options,
|
| - SecurityViolationReportingPolicy::kReport,
|
| - FetchParameters::kUseDefaultOriginRestrictionForType,
|
| - RedirectStatus::kFollowedRedirect);
|
| - if (blocked_reason != ResourceRequestBlockedReason::kNone) {
|
| - probe::didBlockRequest(GetFrame(), resource_request, MasterDocumentLoader(),
|
| - options.initiator_info, blocked_reason);
|
| - }
|
| - return blocked_reason;
|
| -}
|
| -
|
| -ResourceRequestBlockedReason FrameFetchContext::CanRequestInternal(
|
| - Resource::Type type,
|
| - const ResourceRequest& resource_request,
|
| - const KURL& url,
|
| - const ResourceLoaderOptions& options,
|
| - SecurityViolationReportingPolicy reporting_policy,
|
| - FetchParameters::OriginRestriction origin_restriction,
|
| - ResourceRequest::RedirectStatus redirect_status) const {
|
| - bool should_block_request = false;
|
| - probe::shouldBlockRequest(GetFrame(), resource_request,
|
| - &should_block_request);
|
| - if (should_block_request)
|
| - return ResourceRequestBlockedReason::kInspector;
|
| -
|
| - SecurityOrigin* security_origin = options.security_origin.Get();
|
| - if (!security_origin && execution_context_)
|
| - security_origin = execution_context_->GetSecurityOrigin();
|
| -
|
| - if (origin_restriction != FetchParameters::kNoOriginRestriction &&
|
| - security_origin && !security_origin->CanDisplay(url)) {
|
| - if (reporting_policy == SecurityViolationReportingPolicy::kReport)
|
| - FrameLoader::ReportLocalLoadFailed(GetFrame(), url.ElidedString());
|
| - RESOURCE_LOADING_DVLOG(1) << "ResourceFetcher::requestResource URL was not "
|
| - "allowed by SecurityOrigin::canDisplay";
|
| - return ResourceRequestBlockedReason::kOther;
|
| - }
|
| -
|
| - // Some types of resources can be loaded only from the same origin. Other
|
| - // types of resources, like Images, Scripts, and CSS, can be loaded from
|
| - // any URL.
|
| - switch (type) {
|
| - case Resource::kMainResource:
|
| - case Resource::kImage:
|
| - case Resource::kCSSStyleSheet:
|
| - case Resource::kScript:
|
| - case Resource::kFont:
|
| - case Resource::kRaw:
|
| - case Resource::kLinkPrefetch:
|
| - case Resource::kTextTrack:
|
| - case Resource::kImportResource:
|
| - case Resource::kMedia:
|
| - case Resource::kManifest:
|
| - case Resource::kMock:
|
| - // By default these types of resources can be loaded from any origin.
|
| - // FIXME: Are we sure about Resource::Font?
|
| - if (origin_restriction == FetchParameters::kRestrictToSameOrigin &&
|
| - !security_origin->CanRequest(url)) {
|
| - PrintAccessDeniedMessage(url);
|
| - return ResourceRequestBlockedReason::kOrigin;
|
| - }
|
| - break;
|
| - case Resource::kXSLStyleSheet:
|
| - DCHECK(RuntimeEnabledFeatures::xsltEnabled());
|
| - case Resource::kSVGDocument:
|
| - if (!security_origin->CanRequest(url)) {
|
| - PrintAccessDeniedMessage(url);
|
| - return ResourceRequestBlockedReason::kOrigin;
|
| - }
|
| - break;
|
| - }
|
| -
|
| - // FIXME: Convert this to check the isolated world's Content Security Policy
|
| - // once webkit.org/b/104520 is solved.
|
| - bool should_bypass_main_world_csp =
|
| - GetFrame()->GetScriptController().ShouldBypassMainWorldCSP() ||
|
| - options.content_security_policy_option ==
|
| - kDoNotCheckContentSecurityPolicy;
|
| -
|
| - if (execution_context_) {
|
| - DCHECK(execution_context_->GetContentSecurityPolicy());
|
| - if (!should_bypass_main_world_csp &&
|
| - !execution_context_->GetContentSecurityPolicy()->AllowRequest(
|
| - resource_request.GetRequestContext(), url,
|
| - options.content_security_policy_nonce, options.integrity_metadata,
|
| - options.parser_disposition, redirect_status, reporting_policy))
|
| - return ResourceRequestBlockedReason::CSP;
|
| - }
|
| -
|
| - if (type == Resource::kScript || type == Resource::kImportResource) {
|
| - DCHECK(GetFrame());
|
| - if (!GetContentSettingsClient()->AllowScriptFromSource(
|
| - !GetFrame()->GetSettings() ||
|
| - GetFrame()->GetSettings()->GetScriptEnabled(),
|
| - url)) {
|
| - GetContentSettingsClient()->DidNotAllowScript();
|
| - // TODO(estark): Use a different ResourceRequestBlockedReason here, since
|
| - // this check has nothing to do with CSP. https://crbug.com/600795
|
| - return ResourceRequestBlockedReason::CSP;
|
| - }
|
| - }
|
| -
|
| - // SVG Images have unique security rules that prevent all subresource requests
|
| - // except for data urls.
|
| - if (type != Resource::kMainResource &&
|
| - GetFrame()->GetChromeClient().IsSVGImageChromeClient() &&
|
| - !url.ProtocolIsData())
|
| - return ResourceRequestBlockedReason::kOrigin;
|
| -
|
| - // Measure the number of legacy URL schemes ('ftp://') and the number of
|
| - // embedded-credential ('http://user:password@...') resources embedded as
|
| - // subresources.
|
| - if (resource_request.GetFrameType() != WebURLRequest::kFrameTypeTopLevel) {
|
| - DCHECK(GetFrame()->GetDocument());
|
| - if (SchemeRegistry::ShouldTreatURLSchemeAsLegacy(url.Protocol()) &&
|
| - !SchemeRegistry::ShouldTreatURLSchemeAsLegacy(
|
| - GetFrame()->GetDocument()->GetSecurityOrigin()->Protocol())) {
|
| - Deprecation::CountDeprecation(
|
| - GetFrame()->GetDocument(),
|
| - UseCounter::kLegacyProtocolEmbeddedAsSubresource);
|
| -
|
| - // TODO(mkwst): Enabled by default in M59. Drop the runtime-enabled check
|
| - // in M60: https://www.chromestatus.com/feature/5709390967472128
|
| - if (RuntimeEnabledFeatures::blockLegacySubresourcesEnabled())
|
| - return ResourceRequestBlockedReason::kOrigin;
|
| - }
|
| -
|
| - if ((!url.User().IsEmpty() || !url.Pass().IsEmpty()) &&
|
| - resource_request.GetRequestContext() !=
|
| - WebURLRequest::kRequestContextXMLHttpRequest) {
|
| - Deprecation::CountDeprecation(
|
| - GetFrame()->GetDocument(),
|
| - UseCounter::kRequestedSubresourceWithEmbeddedCredentials);
|
| - // TODO(mkwst): Remove the runtime-enabled check in M59:
|
| - // https://www.chromestatus.com/feature/5669008342777856
|
| - if (RuntimeEnabledFeatures::blockCredentialedSubresourcesEnabled())
|
| - return ResourceRequestBlockedReason::kOrigin;
|
| - }
|
| - }
|
| -
|
| - // Check for mixed content. We do this second-to-last so that when folks block
|
| - // mixed content with a CSP policy, they don't get a warning. They'll still
|
| - // get a warning in the console about CSP blocking the load.
|
| - if (MixedContentChecker::ShouldBlockFetch(GetFrame(), resource_request, url,
|
| - reporting_policy))
|
| - return ResourceRequestBlockedReason::kMixedContent;
|
| -
|
| - if (url.WhitespaceRemoved()) {
|
| - Deprecation::CountDeprecation(
|
| - GetFrame()->GetDocument(),
|
| - UseCounter::kCanRequestURLHTTPContainingNewline);
|
| - if (url.ProtocolIsInHTTPFamily()) {
|
| - if (RuntimeEnabledFeatures::restrictCanRequestURLCharacterSetEnabled())
|
| - return ResourceRequestBlockedReason::kOther;
|
| - } else {
|
| - UseCounter::Count(GetFrame()->GetDocument(),
|
| - UseCounter::kCanRequestURLNonHTTPContainingNewline);
|
| - }
|
| - }
|
| -
|
| - // Let the client have the final say into whether or not the load should
|
| - // proceed.
|
| - DocumentLoader* document_loader = MasterDocumentLoader();
|
| - if (document_loader && document_loader->GetSubresourceFilter() &&
|
| - type != Resource::kMainResource && type != Resource::kImportResource) {
|
| - if (!document_loader->GetSubresourceFilter()->AllowLoad(
|
| - url, resource_request.GetRequestContext(), reporting_policy)) {
|
| - return ResourceRequestBlockedReason::kSubresourceFilter;
|
| - }
|
| - }
|
| -
|
| - return ResourceRequestBlockedReason::kNone;
|
| -}
|
| -
|
| bool FrameFetchContext::IsControlledByServiceWorker() const {
|
| DCHECK(MasterDocumentLoader());
|
|
|
| @@ -1030,6 +828,69 @@ RefPtr<WebTaskRunner> FrameFetchContext::LoadingTaskRunner() const {
|
| return GetFrame()->FrameScheduler()->LoadingTaskRunner();
|
| }
|
|
|
| +ContentSettingsClient* FrameFetchContext::GetContentSettingsClient() const {
|
| + return GetFrame()->GetContentSettingsClient();
|
| +}
|
| +
|
| +Settings* FrameFetchContext::GetSettings() const {
|
| + DCHECK(GetFrame());
|
| + return GetFrame()->GetSettings();
|
| +}
|
| +
|
| +SubresourceFilter* FrameFetchContext::GetSubresourceFilter() const {
|
| + DocumentLoader* document_loader = MasterDocumentLoader();
|
| + return document_loader ? document_loader->GetSubresourceFilter() : nullptr;
|
| +}
|
| +
|
| +SecurityContext* FrameFetchContext::GetMainResourceSecurityContext() const {
|
| + DCHECK(GetFrame()->GetDocument());
|
| + return GetFrame()->GetDocument();
|
| +}
|
| +
|
| +bool FrameFetchContext::ShouldBlockRequestByInspector(
|
| + const ResourceRequest& resource_request) const {
|
| + bool should_block_request = false;
|
| + probe::shouldBlockRequest(GetFrame(), resource_request,
|
| + &should_block_request);
|
| + return should_block_request;
|
| +}
|
| +
|
| +void FrameFetchContext::DispatchDidBlockRequest(
|
| + const ResourceRequest& resource_request,
|
| + const FetchInitiatorInfo& fetch_initiator_info,
|
| + ResourceRequestBlockedReason blocked_reason) const {
|
| + probe::didBlockRequest(GetFrame(), resource_request, MasterDocumentLoader(),
|
| + fetch_initiator_info, blocked_reason);
|
| +}
|
| +
|
| +void FrameFetchContext::ReportLocalLoadFailed(const KURL& url) const {
|
| + FrameLoader::ReportLocalLoadFailed(GetFrame(), url.ElidedString());
|
| +}
|
| +
|
| +bool FrameFetchContext::ShouldBypassMainWorldCSP() const {
|
| + return GetFrame()->GetScriptController().ShouldBypassMainWorldCSP();
|
| +}
|
| +
|
| +bool FrameFetchContext::IsSVGImageChromeClient() const {
|
| + return GetFrame()->GetChromeClient().IsSVGImageChromeClient();
|
| +}
|
| +
|
| +void FrameFetchContext::CountUsage(UseCounter::Feature feature) const {
|
| + UseCounter::Count(GetFrame()->GetDocument(), feature);
|
| +}
|
| +
|
| +void FrameFetchContext::CountDeprecation(UseCounter::Feature feature) const {
|
| + Deprecation::CountDeprecation(GetFrame()->GetDocument(), feature);
|
| +}
|
| +
|
| +bool FrameFetchContext::ShouldBlockFetchByMixedContentCheck(
|
| + const ResourceRequest& resource_request,
|
| + const KURL& url,
|
| + SecurityViolationReportingPolicy reporting_policy) const {
|
| + return MixedContentChecker::ShouldBlockFetch(GetFrame(), resource_request,
|
| + url, reporting_policy);
|
| +}
|
| +
|
| DEFINE_TRACE(FrameFetchContext) {
|
| visitor->Trace(document_loader_);
|
| BaseFetchContext::Trace(visitor);
|
|
|
Chromium Code Reviews
Issue 2823213002:
Implement CanRequest in BaseFetchContext (Closed)
