OLD | NEW |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/loader/BaseFetchContext.h" | 5 #include "core/loader/BaseFetchContext.h" |
6 | 6 |
7 #include "core/dom/ExecutionContext.h" | 7 #include "core/dom/ExecutionContext.h" |
8 #include "core/frame/ContentSettingsClient.h" | 8 #include "core/frame/ContentSettingsClient.h" |
9 #include "core/frame/Settings.h" | 9 #include "core/frame/Settings.h" |
10 #include "core/inspector/ConsoleMessage.h" | 10 #include "core/inspector/ConsoleMessage.h" |
(...skipping 272 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
283 CountDeprecation( | 283 CountDeprecation( |
284 UseCounter::kRequestedSubresourceWithEmbeddedCredentials); | 284 UseCounter::kRequestedSubresourceWithEmbeddedCredentials); |
285 // TODO(mkwst): Remove the runtime-enabled check in M59: | 285 // TODO(mkwst): Remove the runtime-enabled check in M59: |
286 // https://www.chromestatus.com/feature/5669008342777856 | 286 // https://www.chromestatus.com/feature/5669008342777856 |
287 if (RuntimeEnabledFeatures::blockCredentialedSubresourcesEnabled()) | 287 if (RuntimeEnabledFeatures::blockCredentialedSubresourcesEnabled()) |
288 return ResourceRequestBlockedReason::kOrigin; | 288 return ResourceRequestBlockedReason::kOrigin; |
289 } | 289 } |
290 } | 290 } |
291 | 291 |
292 // Check for mixed content. We do this second-to-last so that when folks block | 292 // Check for mixed content. We do this second-to-last so that when folks block |
293 // mixed content with a CSP policy, they don't get a warning. They'll still | 293 // mixed content via CSP, they don't get a mixed content warning, but a CSP |
294 // get a warning in the console about CSP blocking the load. | 294 // warning instead. |
295 if (ShouldBlockFetchByMixedContentCheck(resource_request, url, | 295 if (ShouldBlockFetchByMixedContentCheck(resource_request, url, |
296 reporting_policy)) | 296 reporting_policy)) |
297 return ResourceRequestBlockedReason::kMixedContent; | 297 return ResourceRequestBlockedReason::kMixedContent; |
298 | 298 |
299 if (url.WhitespaceRemoved()) { | 299 if (url.PotentiallyDanglingMarkup() && url.ProtocolIsInHTTPFamily()) { |
300 CountDeprecation(UseCounter::kCanRequestURLHTTPContainingNewline); | 300 CountDeprecation(UseCounter::kCanRequestURLHTTPContainingNewline); |
301 if (url.ProtocolIsInHTTPFamily()) { | 301 if (RuntimeEnabledFeatures::restrictCanRequestURLCharacterSetEnabled()) |
302 if (RuntimeEnabledFeatures::restrictCanRequestURLCharacterSetEnabled()) | 302 return ResourceRequestBlockedReason::kOther; |
303 return ResourceRequestBlockedReason::kOther; | |
304 } else { | |
305 CountUsage(UseCounter::kCanRequestURLNonHTTPContainingNewline); | |
306 } | |
307 } | 303 } |
308 | 304 |
309 // Let the client have the final say into whether or not the load should | 305 // Let the client have the final say into whether or not the load should |
310 // proceed. | 306 // proceed. |
311 if (GetSubresourceFilter() && type != Resource::kMainResource && | 307 if (GetSubresourceFilter() && type != Resource::kMainResource && |
312 type != Resource::kImportResource) { | 308 type != Resource::kImportResource) { |
313 if (!GetSubresourceFilter()->AllowLoad( | 309 if (!GetSubresourceFilter()->AllowLoad( |
314 url, resource_request.GetRequestContext(), reporting_policy)) { | 310 url, resource_request.GetRequestContext(), reporting_policy)) { |
315 return ResourceRequestBlockedReason::kSubresourceFilter; | 311 return ResourceRequestBlockedReason::kSubresourceFilter; |
316 } | 312 } |
317 } | 313 } |
318 | 314 |
319 return ResourceRequestBlockedReason::kNone; | 315 return ResourceRequestBlockedReason::kNone; |
320 } | 316 } |
321 | 317 |
322 DEFINE_TRACE(BaseFetchContext) { | 318 DEFINE_TRACE(BaseFetchContext) { |
323 visitor->Trace(execution_context_); | 319 visitor->Trace(execution_context_); |
324 FetchContext::Trace(visitor); | 320 FetchContext::Trace(visitor); |
325 } | 321 } |
326 | 322 |
327 } // namespace blink | 323 } // namespace blink |
OLD | NEW |