| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) | 2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) |
| 3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) | 3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) |
| 4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) | 4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) |
| 5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All
rights reserved. | 5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All
rights reserved. |
| 6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ | 6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ |
| 7 | 7 |
| 8 This library is free software; you can redistribute it and/or | 8 This library is free software; you can redistribute it and/or |
| 9 modify it under the terms of the GNU Library General Public | 9 modify it under the terms of the GNU Library General Public |
| 10 License as published by the Free Software Foundation; either | 10 License as published by the Free Software Foundation; either |
| (...skipping 12 matching lines...) Expand all Loading... |
| 23 This class provides all functionality needed for loading images, style sheet
s and html | 23 This class provides all functionality needed for loading images, style sheet
s and html |
| 24 pages from the web. It has a memory cache for these objects. | 24 pages from the web. It has a memory cache for these objects. |
| 25 */ | 25 */ |
| 26 | 26 |
| 27 #include "config.h" | 27 #include "config.h" |
| 28 #include "core/fetch/ResourceFetcher.h" | 28 #include "core/fetch/ResourceFetcher.h" |
| 29 | 29 |
| 30 #include "RuntimeEnabledFeatures.h" | 30 #include "RuntimeEnabledFeatures.h" |
| 31 #include "bindings/v8/ScriptController.h" | 31 #include "bindings/v8/ScriptController.h" |
| 32 #include "core/dom/Document.h" | 32 #include "core/dom/Document.h" |
| 33 #include "core/dom/ScriptLoader.h" |
| 33 #include "core/fetch/CSSStyleSheetResource.h" | 34 #include "core/fetch/CSSStyleSheetResource.h" |
| 34 #include "core/fetch/DocumentResource.h" | 35 #include "core/fetch/DocumentResource.h" |
| 35 #include "core/fetch/FetchContext.h" | 36 #include "core/fetch/FetchContext.h" |
| 36 #include "core/fetch/FetchRequest.h" | 37 #include "core/fetch/FetchRequest.h" |
| 37 #include "core/fetch/FontResource.h" | 38 #include "core/fetch/FontResource.h" |
| 38 #include "core/fetch/ImageResource.h" | 39 #include "core/fetch/ImageResource.h" |
| 39 #include "core/fetch/MemoryCache.h" | 40 #include "core/fetch/MemoryCache.h" |
| 40 #include "core/fetch/RawResource.h" | 41 #include "core/fetch/RawResource.h" |
| 41 #include "core/fetch/ResourceLoader.h" | 42 #include "core/fetch/ResourceLoader.h" |
| 42 #include "core/fetch/ResourceLoaderSet.h" | 43 #include "core/fetch/ResourceLoaderSet.h" |
| (...skipping 496 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 539 return false; | 540 return false; |
| 540 | 541 |
| 541 String error; | 542 String error; |
| 542 switch (resource->type()) { | 543 switch (resource->type()) { |
| 543 case Resource::Script: | 544 case Resource::Script: |
| 544 case Resource::ImportResource: | 545 case Resource::ImportResource: |
| 545 if (resource->options().requestOriginPolicy == PotentiallyCrossOriginEna
bled | 546 if (resource->options().requestOriginPolicy == PotentiallyCrossOriginEna
bled |
| 546 && !m_document->securityOrigin()->canRequest(resource->response().ur
l()) | 547 && !m_document->securityOrigin()->canRequest(resource->response().ur
l()) |
| 547 && !resource->passesAccessControlCheck(m_document->securityOrigin(),
error)) { | 548 && !resource->passesAccessControlCheck(m_document->securityOrigin(),
error)) { |
| 548 if (frame() && frame()->document()) | 549 if (frame() && frame()->document()) |
| 549 frame()->document()->addConsoleMessage(JSMessageSource, ErrorMes
sageLevel, "Script from origin '" + SecurityOrigin::create(resource->response().
url())->toString() + "' has been blocked from loading by Cross-Origin Resource S
haring policy: " + error); | 550 ScriptLoader::reportCrossOriginFailure(frame()->document(), reso
urce->response().url(), error); |
| 550 return false; | 551 return false; |
| 551 } | 552 } |
| 552 | 553 |
| 553 break; | 554 break; |
| 554 default: | 555 default: |
| 555 ASSERT_NOT_REACHED(); // FIXME: generalize to non-script resources | 556 ASSERT_NOT_REACHED(); // FIXME: generalize to non-script resources |
| 556 return false; | 557 return false; |
| 557 } | 558 } |
| 558 | 559 |
| 559 return true; | 560 return true; |
| (...skipping 767 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1327 } | 1328 } |
| 1328 #endif | 1329 #endif |
| 1329 | 1330 |
| 1330 const ResourceLoaderOptions& ResourceFetcher::defaultResourceOptions() | 1331 const ResourceLoaderOptions& ResourceFetcher::defaultResourceOptions() |
| 1331 { | 1332 { |
| 1332 DEFINE_STATIC_LOCAL(ResourceLoaderOptions, options, (SendCallbacks, SniffCon
tent, BufferData, AllowStoredCredentials, ClientRequestedCredentials, AskClientF
orCrossOriginCredentials, DoSecurityCheck, CheckContentSecurityPolicy, UseDefaul
tOriginRestrictionsForType, DocumentContext)); | 1333 DEFINE_STATIC_LOCAL(ResourceLoaderOptions, options, (SendCallbacks, SniffCon
tent, BufferData, AllowStoredCredentials, ClientRequestedCredentials, AskClientF
orCrossOriginCredentials, DoSecurityCheck, CheckContentSecurityPolicy, UseDefaul
tOriginRestrictionsForType, DocumentContext)); |
| 1333 return options; | 1334 return options; |
| 1334 } | 1335 } |
| 1335 | 1336 |
| 1336 } | 1337 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 47923008:
Block execution of failed 'crossorigin' <script>s. (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master