OLD | NEW |
---|---|
1 /* | 1 /* |
2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) | 2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) |
3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) | 3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) |
4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) | 4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) |
5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved. | 5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved. |
6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ | 6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ |
7 | 7 |
8 This library is free software; you can redistribute it and/or | 8 This library is free software; you can redistribute it and/or |
9 modify it under the terms of the GNU Library General Public | 9 modify it under the terms of the GNU Library General Public |
10 License as published by the Free Software Foundation; either | 10 License as published by the Free Software Foundation; either |
(...skipping 537 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
548 break; | 548 break; |
549 } | 549 } |
550 | 550 |
551 // SVG Images have unique security rules that prevent all subresource reques ts | 551 // SVG Images have unique security rules that prevent all subresource reques ts |
552 // except for data urls. | 552 // except for data urls. |
553 if (type != Resource::MainResource) { | 553 if (type != Resource::MainResource) { |
554 if (frame() && frame()->chromeClient().isSVGImageChromeClient() && !url. protocolIsData()) | 554 if (frame() && frame()->chromeClient().isSVGImageChromeClient() && !url. protocolIsData()) |
555 return false; | 555 return false; |
556 } | 556 } |
557 | 557 |
558 // FIXME(mkwst): Make sure that CSP uses RequestContext instead of this terr ible Resource::Type enum. | |
Mike West
2014/09/16 11:46:20
Nit: We don't generally do the (<nick>) thing in B
| |
559 if (resourceRequest.requestContext() == WebURLRequest::RequestContextManifes t) { | |
560 if (!shouldBypassMainWorldCSP && !csp->allowManifestFromSource(url, cspR eporting)) | |
561 return false; | |
562 } | |
563 | |
558 // Last of all, check for mixed content. We do this last so that when | 564 // Last of all, check for mixed content. We do this last so that when |
559 // folks block mixed content with a CSP policy, they don't get a warning. | 565 // folks block mixed content with a CSP policy, they don't get a warning. |
560 // They'll still get a warning in the console about CSP blocking the load. | 566 // They'll still get a warning in the console about CSP blocking the load. |
561 | 567 |
562 // If we're loading the main resource of a subframe, ensure that we check | 568 // If we're loading the main resource of a subframe, ensure that we check |
563 // against the parent of the active frame, rather than the frame itself. | 569 // against the parent of the active frame, rather than the frame itself. |
564 LocalFrame* effectiveFrame = frame(); | 570 LocalFrame* effectiveFrame = frame(); |
565 if (resourceRequest.frameType() == WebURLRequest::FrameTypeNested) { | 571 if (resourceRequest.frameType() == WebURLRequest::FrameTypeNested) { |
566 // FIXME: Deal with RemoteFrames. | 572 // FIXME: Deal with RemoteFrames. |
567 if (frame()->tree().parent()->isLocalFrame()) | 573 if (frame()->tree().parent()->isLocalFrame()) |
(...skipping 926 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1494 | 1500 |
1495 void ResourceFetcher::trace(Visitor* visitor) | 1501 void ResourceFetcher::trace(Visitor* visitor) |
1496 { | 1502 { |
1497 visitor->trace(m_document); | 1503 visitor->trace(m_document); |
1498 visitor->trace(m_loaders); | 1504 visitor->trace(m_loaders); |
1499 visitor->trace(m_multipartLoaders); | 1505 visitor->trace(m_multipartLoaders); |
1500 ResourceLoaderHost::trace(visitor); | 1506 ResourceLoaderHost::trace(visitor); |
1501 } | 1507 } |
1502 | 1508 |
1503 } | 1509 } |
OLD | NEW |