Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(83)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/fetch/ResourceFetcher.cpp

Issue 303793003: Make mixed content checking and CSP aware of RemoteFrames (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Improved comments Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Source/core/dom/Document.cpp ('k') | Source/core/frame/Location.cpp » ('j') | Source/core/frame/csp/CSPDirectiveList.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) 2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de)
3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) 3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org)
4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) 4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org)
5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved. 5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved.
6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ 6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/
7 7
8 This library is free software; you can redistribute it and/or 8 This library is free software; you can redistribute it and/or
9 modify it under the terms of the GNU Library General Public 9 modify it under the terms of the GNU Library General Public
10 License as published by the Free Software Foundation; either 10 License as published by the Free Software Foundation; either
(...skipping 421 matching lines...) Expand 10 before | Expand all | Expand 10 after
432 break; 432 break;
433 433
434 case Resource::MainResource: 434 case Resource::MainResource:
435 case Resource::LinkPrefetch: 435 case Resource::LinkPrefetch:
436 case Resource::LinkSubresource: 436 case Resource::LinkSubresource:
437 // These cannot affect the current document. 437 // These cannot affect the current document.
438 treatment = TreatAsAlwaysAllowedContent; 438 treatment = TreatAsAlwaysAllowedContent;
439 break; 439 break;
440 } 440 }
441 } 441 }
442 // FIXME: We need a way to access the top-level frame's mixedContentChecker when that frame
443 // is in a different process from the current frame. Until that is done, we fail loading
444 // mixed content in remote frames.
445 if (frame() && !frame()->tree().top()->isLocalFrame())
446 return false;
442 if (treatment == TreatAsActiveContent) { 447 if (treatment == TreatAsActiveContent) {
443 if (LocalFrame* f = frame()) { 448 if (LocalFrame* f = frame()) {
444 if (!f->loader().mixedContentChecker()->canRunInsecureContent(m_docu ment->securityOrigin(), url)) 449 if (!f->loader().mixedContentChecker()->canRunInsecureContent(m_docu ment->securityOrigin(), url))
445 return false; 450 return false;
446 LocalFrame* top = f->tree().top(); 451 Frame* top = f->tree().top();
447 if (top != f && !top->loader().mixedContentChecker()->canRunInsecure Content(top->document()->securityOrigin(), url)) 452 if (top != f && !toLocalFrame(top)->loader().mixedContentChecker()-> canRunInsecureContent(toLocalFrame(top)->document()->securityOrigin(), url))
448 return false; 453 return false;
449 } 454 }
450 } else if (treatment == TreatAsPassiveContent) { 455 } else if (treatment == TreatAsPassiveContent) {
451 if (LocalFrame* f = frame()) { 456 if (LocalFrame* f = frame()) {
452 LocalFrame* top = f->tree().top(); 457 Frame* top = f->tree().top();
453 if (!top->loader().mixedContentChecker()->canDisplayInsecureContent( top->document()->securityOrigin(), url)) 458 if (!toLocalFrame(top)->loader().mixedContentChecker()->canDisplayIn secureContent(toLocalFrame(top)->document()->securityOrigin(), url))
454 return false; 459 return false;
455 if (type == Resource::Font && MixedContentChecker::isMixedContent(to p->document()->securityOrigin(), url)) 460 if (type == Resource::Font && MixedContentChecker::isMixedContent(to LocalFrame(top)->document()->securityOrigin(), url))
456 UseCounter::count(top->document(), UseCounter::MixedContentFont) ; 461 UseCounter::count(toLocalFrame(top)->document(), UseCounter::Mix edContentFont);
457 } 462 }
458 } else { 463 } else {
459 ASSERT(treatment == TreatAsAlwaysAllowedContent); 464 ASSERT(treatment == TreatAsAlwaysAllowedContent);
460 } 465 }
461 return true; 466 return true;
462 } 467 }
463 468
464 bool ResourceFetcher::canRequest(Resource::Type type, const KURL& url, const Res ourceLoaderOptions& options, bool forPreload, FetchRequest::OriginRestriction or iginRestriction) const 469 bool ResourceFetcher::canRequest(Resource::Type type, const KURL& url, const Res ourceLoaderOptions& options, bool forPreload, FetchRequest::OriginRestriction or iginRestriction) const
465 { 470 {
466 SecurityOrigin* securityOrigin = options.securityOrigin.get(); 471 SecurityOrigin* securityOrigin = options.securityOrigin.get();
(...skipping 297 matching lines...) Expand 10 before | Expand all | Expand 10 after
764 { 769 {
765 if (type == Resource::MainResource) { 770 if (type == Resource::MainResource) {
766 FrameLoadType frameLoadType = frame()->loader().loadType(); 771 FrameLoadType frameLoadType = frame()->loader().loadType();
767 bool isReload = frameLoadType == FrameLoadTypeReload || frameLoadType == FrameLoadTypeReloadFromOrigin; 772 bool isReload = frameLoadType == FrameLoadTypeReload || frameLoadType == FrameLoadTypeReloadFromOrigin;
768 if (request.httpMethod() == "POST" && frameLoadType == FrameLoadTypeBack Forward) 773 if (request.httpMethod() == "POST" && frameLoadType == FrameLoadTypeBack Forward)
769 return ReturnCacheDataDontLoad; 774 return ReturnCacheDataDontLoad;
770 if (!m_documentLoader->overrideEncoding().isEmpty() || frameLoadType == FrameLoadTypeBackForward) 775 if (!m_documentLoader->overrideEncoding().isEmpty() || frameLoadType == FrameLoadTypeBackForward)
771 return ReturnCacheDataElseLoad; 776 return ReturnCacheDataElseLoad;
772 if (isReload || frameLoadType == FrameLoadTypeSame || request.isConditio nal() || request.httpMethod() == "POST") 777 if (isReload || frameLoadType == FrameLoadTypeSame || request.isConditio nal() || request.httpMethod() == "POST")
773 return ReloadIgnoringCacheData; 778 return ReloadIgnoringCacheData;
774 if (LocalFrame* parent = frame()->tree().parent()) 779 Frame* parent = frame()->tree().parent();
775 return parent->document()->fetcher()->resourceRequestCachePolicy(req uest, type); 780 if (parent && parent->isLocalFrame())
781 return toLocalFrame(parent)->document()->fetcher()->resourceRequestC achePolicy(request, type);
776 return UseProtocolCachePolicy; 782 return UseProtocolCachePolicy;
777 } 783 }
778 784
779 if (request.isConditional()) 785 if (request.isConditional())
780 return ReloadIgnoringCacheData; 786 return ReloadIgnoringCacheData;
781 787
782 if (m_documentLoader && m_document && !m_document->loadEventFinished()) { 788 if (m_documentLoader && m_document && !m_document->loadEventFinished()) {
783 // For POST requests, we mutate the main resource's cache policy to avoi d form resubmission. 789 // For POST requests, we mutate the main resource's cache policy to avoi d form resubmission.
784 // This policy should not be inherited by subresources. 790 // This policy should not be inherited by subresources.
785 ResourceRequestCachePolicy mainResourceCachePolicy = m_documentLoader->r equest().cachePolicy(); 791 ResourceRequestCachePolicy mainResourceCachePolicy = m_documentLoader->r equest().cachePolicy();
(...skipping 671 matching lines...) Expand 10 before | Expand all | Expand 10 after
1457 } 1463 }
1458 } 1464 }
1459 1465
1460 void ResourceFetcher::trace(Visitor* visitor) 1466 void ResourceFetcher::trace(Visitor* visitor)
1461 { 1467 {
1462 visitor->trace(m_document); 1468 visitor->trace(m_document);
1463 ResourceLoaderHost::trace(visitor); 1469 ResourceLoaderHost::trace(visitor);
1464 } 1470 }
1465 1471
1466 } 1472 }
OLDNEW
« no previous file with comments | « Source/core/dom/Document.cpp ('k') | Source/core/frame/Location.cpp » ('j') | Source/core/frame/csp/CSPDirectiveList.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698