OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. |
3 * Copyright (C) 2011 Google Inc. All rights reserved. | 3 * Copyright (C) 2011 Google Inc. All rights reserved. |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
7 * are met: | 7 * are met: |
8 * | 8 * |
9 * 1. Redistributions of source code must retain the above copyright | 9 * 1. Redistributions of source code must retain the above copyright |
10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
(...skipping 568 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
579 !GetFrameLoader().RequiredCSP().IsEmpty()) { | 579 !GetFrameLoader().RequiredCSP().IsEmpty()) { |
580 SecurityOrigin* parent_security_origin = | 580 SecurityOrigin* parent_security_origin = |
581 frame_->Tree().Parent()->GetSecurityContext()->GetSecurityOrigin(); | 581 frame_->Tree().Parent()->GetSecurityContext()->GetSecurityOrigin(); |
582 if (ContentSecurityPolicy::ShouldEnforceEmbeddersPolicy( | 582 if (ContentSecurityPolicy::ShouldEnforceEmbeddersPolicy( |
583 response, parent_security_origin)) { | 583 response, parent_security_origin)) { |
584 content_security_policy_->AddPolicyFromHeaderValue( | 584 content_security_policy_->AddPolicyFromHeaderValue( |
585 GetFrameLoader().RequiredCSP(), | 585 GetFrameLoader().RequiredCSP(), |
586 kContentSecurityPolicyHeaderTypeEnforce, | 586 kContentSecurityPolicyHeaderTypeEnforce, |
587 kContentSecurityPolicyHeaderSourceHTTP); | 587 kContentSecurityPolicyHeaderSourceHTTP); |
588 } else { | 588 } else { |
589 ContentSecurityPolicy* embedding_csp = ContentSecurityPolicy::Create(); | 589 ContentSecurityPolicy* required_csp = ContentSecurityPolicy::Create(); |
590 embedding_csp->AddPolicyFromHeaderValue( | 590 required_csp->AddPolicyFromHeaderValue( |
591 GetFrameLoader().RequiredCSP(), | 591 GetFrameLoader().RequiredCSP(), |
592 kContentSecurityPolicyHeaderTypeEnforce, | 592 kContentSecurityPolicyHeaderTypeEnforce, |
593 kContentSecurityPolicyHeaderSourceHTTP); | 593 kContentSecurityPolicyHeaderSourceHTTP); |
594 if (!embedding_csp->Subsumes(*content_security_policy_)) { | 594 if (!required_csp->Subsumes(*content_security_policy_)) { |
595 String message = "Refused to display '" + | 595 String message = "Refused to display '" + |
596 response.Url().ElidedString() + | 596 response.Url().ElidedString() + |
597 "' because it has not opted-into the following policy " | 597 "' because it has not opted-into the following policy " |
598 "required by its embedder: '" + | 598 "required by its embedder: '" + |
599 GetFrameLoader().RequiredCSP() + "'."; | 599 GetFrameLoader().RequiredCSP() + "'."; |
600 ConsoleMessage* console_message = ConsoleMessage::CreateForRequest( | 600 ConsoleMessage* console_message = ConsoleMessage::CreateForRequest( |
601 kSecurityMessageSource, kErrorMessageLevel, message, response.Url(), | 601 kSecurityMessageSource, kErrorMessageLevel, message, response.Url(), |
602 MainResourceIdentifier()); | 602 MainResourceIdentifier()); |
603 frame_->GetDocument()->AddConsoleMessage(console_message); | 603 frame_->GetDocument()->AddConsoleMessage(console_message); |
604 CancelLoadAfterCSPDenied(response); | 604 CancelLoadAfterCSPDenied(response); |
(...skipping 498 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1103 InstallNewDocumentReason::kJavascriptURL, | 1103 InstallNewDocumentReason::kJavascriptURL, |
1104 kForceSynchronousParsing, KURL()); | 1104 kForceSynchronousParsing, KURL()); |
1105 if (!source.IsNull()) | 1105 if (!source.IsNull()) |
1106 writer_->AppendReplacingData(source); | 1106 writer_->AppendReplacingData(source); |
1107 EndWriting(); | 1107 EndWriting(); |
1108 } | 1108 } |
1109 | 1109 |
1110 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); | 1110 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader); |
1111 | 1111 |
1112 } // namespace blink | 1112 } // namespace blink |
OLD | NEW |