Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(486)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/loader/PingLoader.cpp

Issue 324013003: Block mixed PingLoader requests. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Rebase. Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « LayoutTests/http/tests/navigation/resources/ping-cross-origin-from-https-target.html ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2010 Google Inc. All rights reserved. 2 * Copyright (C) 2010 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after
113 frame->loader().fetchContext().addAdditionalRequestHeaders(frame->document() , request, FetchSubresource); 113 frame->loader().fetchContext().addAdditionalRequestHeaders(frame->document() , request, FetchSubresource);
114 frame->loader().fetchContext().setFirstPartyForCookies(request); 114 frame->loader().fetchContext().setFirstPartyForCookies(request);
115 115
116 FetchInitiatorInfo initiatorInfo; 116 FetchInitiatorInfo initiatorInfo;
117 initiatorInfo.name = FetchInitiatorTypeNames::violationreport; 117 initiatorInfo.name = FetchInitiatorTypeNames::violationreport;
118 PingLoader::start(frame, request, initiatorInfo, SecurityOrigin::create(repo rtURL)->isSameSchemeHostPort(frame->document()->securityOrigin()) ? AllowStoredC redentials : DoNotAllowStoredCredentials); 118 PingLoader::start(frame, request, initiatorInfo, SecurityOrigin::create(repo rtURL)->isSameSchemeHostPort(frame->document()->securityOrigin()) ? AllowStoredC redentials : DoNotAllowStoredCredentials);
119 } 119 }
120 120
121 void PingLoader::start(LocalFrame* frame, ResourceRequest& request, const FetchI nitiatorInfo& initiatorInfo, StoredCredentials credentialsAllowed) 121 void PingLoader::start(LocalFrame* frame, ResourceRequest& request, const FetchI nitiatorInfo& initiatorInfo, StoredCredentials credentialsAllowed)
122 { 122 {
123 if (!frame->loader().mixedContentChecker()->canRunInsecureContent(frame->doc ument()->securityOrigin(), request.url()))
124 return;
125 Frame* top = frame->tree().top();
126 if (top != frame && !toLocalFrame(top)->loader().mixedContentChecker()->canR unInsecureContent(toLocalFrame(top)->document()->securityOrigin(), request.url() ))
127 return;
128
123 OwnPtr<PingLoader> pingLoader = adoptPtr(new PingLoader(frame, request, init iatorInfo, credentialsAllowed)); 129 OwnPtr<PingLoader> pingLoader = adoptPtr(new PingLoader(frame, request, init iatorInfo, credentialsAllowed));
124 130
125 // Leak the ping loader, since it will kill itself as soon as it receives a response. 131 // Leak the ping loader, since it will kill itself as soon as it receives a response.
126 PingLoader* leakedPingLoader ALLOW_UNUSED = pingLoader.leakPtr(); 132 PingLoader* leakedPingLoader ALLOW_UNUSED = pingLoader.leakPtr();
127 } 133 }
128 134
129 PingLoader::PingLoader(LocalFrame* frame, ResourceRequest& request, const FetchI nitiatorInfo& initiatorInfo, StoredCredentials credentialsAllowed) 135 PingLoader::PingLoader(LocalFrame* frame, ResourceRequest& request, const FetchI nitiatorInfo& initiatorInfo, StoredCredentials credentialsAllowed)
130 : PageLifecycleObserver(frame->page()) 136 : PageLifecycleObserver(frame->page())
131 , m_timeout(this, &PingLoader::timeout) 137 , m_timeout(this, &PingLoader::timeout)
132 , m_url(request.url()) 138 , m_url(request.url())
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after
200 { 206 {
201 if (Page* page = this->page()) { 207 if (Page* page = this->page()) {
202 TRACE_EVENT_INSTANT1(TRACE_DISABLED_BY_DEFAULT("devtools.timeline"), "Re sourceFinish", "data", InspectorResourceFinishEvent::data(m_identifier, 0, true) ); 208 TRACE_EVENT_INSTANT1(TRACE_DISABLED_BY_DEFAULT("devtools.timeline"), "Re sourceFinish", "data", InspectorResourceFinishEvent::data(m_identifier, 0, true) );
203 // FIXME(361045): remove InspectorInstrumentation calls once DevTools Ti meline migrates to tracing. 209 // FIXME(361045): remove InspectorInstrumentation calls once DevTools Ti meline migrates to tracing.
204 InspectorInstrumentation::didFailLoading(page->deprecatedLocalMainFrame( ), m_identifier, ResourceError::cancelledError(m_url)); 210 InspectorInstrumentation::didFailLoading(page->deprecatedLocalMainFrame( ), m_identifier, ResourceError::cancelledError(m_url));
205 } 211 }
206 delete this; 212 delete this;
207 } 213 }
208 214
209 } 215 }
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/navigation/resources/ping-cross-origin-from-https-target.html ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698