Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(888)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/core/fetch/ResourceFetcher.cpp

Issue 303793003: Make mixed content checking and CSP aware of RemoteFrames (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Improved comments Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « Source/core/dom/Document.cpp ('k') | Source/core/frame/Location.cpp » ('j') | Source/core/frame/csp/CSPDirectiveList.cpp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/fetch/ResourceFetcher.cpp
diff --git a/Source/core/fetch/ResourceFetcher.cpp b/Source/core/fetch/ResourceFetcher.cpp
index 8dc7481614f72fc59d67c9b5b728a3da3b345943..fea5c828559e7e3091c31a12b91d1a6eadcd5f8d 100644
--- a/Source/core/fetch/ResourceFetcher.cpp
+++ b/Source/core/fetch/ResourceFetcher.cpp
@@ -439,21 +439,26 @@ bool ResourceFetcher::checkInsecureContent(Resource::Type type, const KURL& url,
break;
}
}
+ // FIXME: We need a way to access the top-level frame's mixedContentChecker when that frame
+ // is in a different process from the current frame. Until that is done, we fail loading
+ // mixed content in remote frames.
+ if (frame() && !frame()->tree().top()->isLocalFrame())
+ return false;
if (treatment == TreatAsActiveContent) {
if (LocalFrame* f = frame()) {
if (!f->loader().mixedContentChecker()->canRunInsecureContent(m_document->securityOrigin(), url))
return false;
- LocalFrame* top = f->tree().top();
- if (top != f && !top->loader().mixedContentChecker()->canRunInsecureContent(top->document()->securityOrigin(), url))
+ Frame* top = f->tree().top();
+ if (top != f && !toLocalFrame(top)->loader().mixedContentChecker()->canRunInsecureContent(toLocalFrame(top)->document()->securityOrigin(), url))
return false;
}
} else if (treatment == TreatAsPassiveContent) {
if (LocalFrame* f = frame()) {
- LocalFrame* top = f->tree().top();
- if (!top->loader().mixedContentChecker()->canDisplayInsecureContent(top->document()->securityOrigin(), url))
+ Frame* top = f->tree().top();
+ if (!toLocalFrame(top)->loader().mixedContentChecker()->canDisplayInsecureContent(toLocalFrame(top)->document()->securityOrigin(), url))
return false;
- if (type == Resource::Font && MixedContentChecker::isMixedContent(top->document()->securityOrigin(), url))
- UseCounter::count(top->document(), UseCounter::MixedContentFont);
+ if (type == Resource::Font && MixedContentChecker::isMixedContent(toLocalFrame(top)->document()->securityOrigin(), url))
+ UseCounter::count(toLocalFrame(top)->document(), UseCounter::MixedContentFont);
}
} else {
ASSERT(treatment == TreatAsAlwaysAllowedContent);
@@ -771,8 +776,9 @@ ResourceRequestCachePolicy ResourceFetcher::resourceRequestCachePolicy(const Res
return ReturnCacheDataElseLoad;
if (isReload || frameLoadType == FrameLoadTypeSame || request.isConditional() || request.httpMethod() == "POST")
return ReloadIgnoringCacheData;
- if (LocalFrame* parent = frame()->tree().parent())
- return parent->document()->fetcher()->resourceRequestCachePolicy(request, type);
+ Frame* parent = frame()->tree().parent();
+ if (parent && parent->isLocalFrame())
+ return toLocalFrame(parent)->document()->fetcher()->resourceRequestCachePolicy(request, type);
return UseProtocolCachePolicy;
}
« no previous file with comments | « Source/core/dom/Document.cpp ('k') | Source/core/frame/Location.cpp » ('j') | Source/core/frame/csp/CSPDirectiveList.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698