Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(906)

Unified Diff: Source/core/loader/PingLoader.cpp

Issue 324013003: Block mixed PingLoader requests. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Rebase. Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « LayoutTests/http/tests/navigation/resources/ping-cross-origin-from-https-target.html ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/loader/PingLoader.cpp
diff --git a/Source/core/loader/PingLoader.cpp b/Source/core/loader/PingLoader.cpp
index 99d5ee390a939d69df86c06c9b5492affa9027bd..8bc691a594ad59ebc3af89be2bc29b4f51750618 100644
--- a/Source/core/loader/PingLoader.cpp
+++ b/Source/core/loader/PingLoader.cpp
@@ -120,6 +120,12 @@ void PingLoader::sendViolationReport(LocalFrame* frame, const KURL& reportURL, P
void PingLoader::start(LocalFrame* frame, ResourceRequest& request, const FetchInitiatorInfo& initiatorInfo, StoredCredentials credentialsAllowed)
{
+ if (!frame->loader().mixedContentChecker()->canRunInsecureContent(frame->document()->securityOrigin(), request.url()))
+ return;
+ Frame* top = frame->tree().top();
+ if (top != frame && !toLocalFrame(top)->loader().mixedContentChecker()->canRunInsecureContent(toLocalFrame(top)->document()->securityOrigin(), request.url()))
+ return;
+
OwnPtr<PingLoader> pingLoader = adoptPtr(new PingLoader(frame, request, initiatorInfo, credentialsAllowed));
// Leak the ping loader, since it will kill itself as soon as it receives a response.
« no previous file with comments | « LayoutTests/http/tests/navigation/resources/ping-cross-origin-from-https-target.html ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698