OLD | NEW |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/loader/BaseFetchContext.h" | 5 #include "core/loader/BaseFetchContext.h" |
6 | 6 |
7 #include "core/dom/ExecutionContext.h" | 7 #include "core/dom/ExecutionContext.h" |
8 #include "core/frame/ContentSettingsClient.h" | 8 #include "core/frame/ContentSettingsClient.h" |
9 #include "core/frame/Settings.h" | 9 #include "core/frame/Settings.h" |
10 #include "core/inspector/ConsoleMessage.h" | 10 #include "core/inspector/ConsoleMessage.h" |
(...skipping 239 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
250 | 250 |
251 // SVG Images have unique security rules that prevent all subresource requests | 251 // SVG Images have unique security rules that prevent all subresource requests |
252 // except for data urls. | 252 // except for data urls. |
253 if (type != Resource::kMainResource && IsSVGImageChromeClient() && | 253 if (type != Resource::kMainResource && IsSVGImageChromeClient() && |
254 !url.ProtocolIsData()) | 254 !url.ProtocolIsData()) |
255 return ResourceRequestBlockedReason::kOrigin; | 255 return ResourceRequestBlockedReason::kOrigin; |
256 | 256 |
257 // Measure the number of legacy URL schemes ('ftp://') and the number of | 257 // Measure the number of legacy URL schemes ('ftp://') and the number of |
258 // embedded-credential ('http://user:password@...') resources embedded as | 258 // embedded-credential ('http://user:password@...') resources embedded as |
259 // subresources. | 259 // subresources. |
260 if (resource_request.GetFrameType() != WebURLRequest::kFrameTypeTopLevel) { | 260 WebURLRequest::FrameType frame_type = resource_request.GetFrameType(); |
261 if (GetMainResourceSecurityContext() && | 261 if (frame_type != WebURLRequest::kFrameTypeTopLevel) { |
262 SchemeRegistry::ShouldTreatURLSchemeAsLegacy(url.Protocol()) && | 262 bool is_subresource = frame_type == WebURLRequest::kFrameTypeNone; |
| 263 SecurityContext* embedding_context = |
| 264 is_subresource ? &execution_context_->GetSecurityContext() |
| 265 : GetParentSecurityContext(); |
| 266 DCHECK(embedding_context); |
| 267 if (SchemeRegistry::ShouldTreatURLSchemeAsLegacy(url.Protocol()) && |
263 !SchemeRegistry::ShouldTreatURLSchemeAsLegacy( | 268 !SchemeRegistry::ShouldTreatURLSchemeAsLegacy( |
264 GetMainResourceSecurityContext() | 269 embedding_context->GetSecurityOrigin()->Protocol())) { |
265 ->GetSecurityOrigin() | |
266 ->Protocol())) { | |
267 CountDeprecation(UseCounter::kLegacyProtocolEmbeddedAsSubresource); | 270 CountDeprecation(UseCounter::kLegacyProtocolEmbeddedAsSubresource); |
268 | 271 |
269 // TODO(mkwst): Enabled by default in M59. Drop the runtime-enabled check | 272 // TODO(mkwst): Enabled by default in M59. Drop the runtime-enabled check |
270 // in M60: https://www.chromestatus.com/feature/5709390967472128 | 273 // in M60: https://www.chromestatus.com/feature/5709390967472128 |
271 if (RuntimeEnabledFeatures::blockLegacySubresourcesEnabled()) | 274 if (RuntimeEnabledFeatures::blockLegacySubresourcesEnabled()) |
272 return ResourceRequestBlockedReason::kOrigin; | 275 return ResourceRequestBlockedReason::kOrigin; |
273 } | 276 } |
274 | 277 |
275 if ((!url.User().IsEmpty() || !url.Pass().IsEmpty()) && | 278 if ((!url.User().IsEmpty() || !url.Pass().IsEmpty()) && |
276 resource_request.GetRequestContext() != | 279 resource_request.GetRequestContext() != |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
313 | 316 |
314 return ResourceRequestBlockedReason::kNone; | 317 return ResourceRequestBlockedReason::kNone; |
315 } | 318 } |
316 | 319 |
317 DEFINE_TRACE(BaseFetchContext) { | 320 DEFINE_TRACE(BaseFetchContext) { |
318 visitor->Trace(execution_context_); | 321 visitor->Trace(execution_context_); |
319 FetchContext::Trace(visitor); | 322 FetchContext::Trace(visitor); |
320 } | 323 } |
321 | 324 |
322 } // namespace blink | 325 } // namespace blink |
OLD | NEW |