Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(29)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/loader/DocumentLoader.cpp

Issue 303793003: Make mixed content checking and CSP aware of RemoteFrames (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Improved comments Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« Source/core/frame/csp/CSPDirectiveList.cpp ('K') | « Source/core/frame/csp/CSPDirectiveList.cpp ('k') | Source/core/loader/FrameLoader.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. 2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved.
3 * Copyright (C) 2011 Google Inc. All rights reserved. 3 * Copyright (C) 2011 Google Inc. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
(...skipping 353 matching lines...) Expand 10 before | Expand all | Expand 10 after
364 } 364 }
365 365
366 // If we're fielding a redirect in response to a POST, force a load from ori gin, since 366 // If we're fielding a redirect in response to a POST, force a load from ori gin, since
367 // this is a common site technique to return to a page viewing some data tha t the POST 367 // this is a common site technique to return to a page viewing some data tha t the POST
368 // just modified. 368 // just modified.
369 if (newRequest.cachePolicy() == UseProtocolCachePolicy && isRedirectAfterPos t(newRequest, redirectResponse)) 369 if (newRequest.cachePolicy() == UseProtocolCachePolicy && isRedirectAfterPos t(newRequest, redirectResponse))
370 newRequest.setCachePolicy(ReloadIgnoringCacheData); 370 newRequest.setCachePolicy(ReloadIgnoringCacheData);
371 371
372 // If this is a sub-frame, check for mixed content blocking against the top frame. 372 // If this is a sub-frame, check for mixed content blocking against the top frame.
373 if (m_frame->tree().parent()) { 373 if (m_frame->tree().parent()) {
374 LocalFrame* top = m_frame->tree().top(); 374 // FIXME: This does not yet work with out-of-process iframes.
375 if (!top->loader().mixedContentChecker()->canRunInsecureContent(top->doc ument()->securityOrigin(), newRequest.url())) { 375 Frame* top = m_frame->tree().top();
376 if (top->isLocalFrame() && !toLocalFrame(top)->loader().mixedContentChec ker()->canRunInsecureContent(toLocalFrame(top)->document()->securityOrigin(), ne wRequest.url())) {
376 cancelMainResourceLoad(ResourceError::cancelledError(newRequest.url( ))); 377 cancelMainResourceLoad(ResourceError::cancelledError(newRequest.url( )));
377 return; 378 return;
378 } 379 }
379 } 380 }
380 381
381 m_request = newRequest; 382 m_request = newRequest;
382 383
383 if (redirectResponse.isNull()) 384 if (redirectResponse.isNull())
384 return; 385 return;
385 386
(...skipping 431 matching lines...) Expand 10 before | Expand all | Expand 10 after
817 void DocumentLoader::replaceDocument(const String& source, Document* ownerDocume nt) 818 void DocumentLoader::replaceDocument(const String& source, Document* ownerDocume nt)
818 { 819 {
819 m_frame->loader().stopAllLoaders(); 820 m_frame->loader().stopAllLoaders();
820 m_writer = createWriterFor(m_frame, ownerDocument, m_frame->document()->url( ), mimeType(), m_writer ? m_writer->encoding() : emptyAtom, m_writer ? m_writer ->encodingWasChosenByUser() : false, true); 821 m_writer = createWriterFor(m_frame, ownerDocument, m_frame->document()->url( ), mimeType(), m_writer ? m_writer->encoding() : emptyAtom, m_writer ? m_writer ->encodingWasChosenByUser() : false, true);
821 if (!source.isNull()) 822 if (!source.isNull())
822 m_writer->appendReplacingData(source); 823 m_writer->appendReplacingData(source);
823 endWriting(m_writer.get()); 824 endWriting(m_writer.get());
824 } 825 }
825 826
826 } // namespace WebCore 827 } // namespace WebCore
OLDNEW
« Source/core/frame/csp/CSPDirectiveList.cpp ('K') | « Source/core/frame/csp/CSPDirectiveList.cpp ('k') | Source/core/loader/FrameLoader.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698