Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(152)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/web/AssociatedURLLoader.cpp

Issue 570563003: Implement CSP check for manifest fetching (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« Source/core/frame/csp/CSPDirectiveList.cpp ('K') | « Source/core/frame/csp/ContentSecurityPolicy.cpp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2010, 2011, 2012 Google Inc. All rights reserved. 2 * Copyright (C) 2010, 2011, 2012 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 304 matching lines...) Expand 10 before | Expand all | Expand 10 after
315 315
316 void AssociatedURLLoader::loadAsynchronously(const WebURLRequest& request, WebUR LLoaderClient* client) 316 void AssociatedURLLoader::loadAsynchronously(const WebURLRequest& request, WebUR LLoaderClient* client)
317 { 317 {
318 ASSERT(!m_client); 318 ASSERT(!m_client);
319 319
320 m_client = client; 320 m_client = client;
321 ASSERT(m_client); 321 ASSERT(m_client);
322 322
323 bool allowLoad = true; 323 bool allowLoad = true;
324 WebURLRequest newRequest(request); 324 WebURLRequest newRequest(request);
325
mlamouri (slow - plz ping) 2014/09/15 15:48:44 nit: empty line edit.
325 if (m_options.untrustedHTTP) { 326 if (m_options.untrustedHTTP) {
326 WebString method = newRequest.httpMethod(); 327 WebString method = newRequest.httpMethod();
327 allowLoad = isValidHTTPToken(method) && FetchUtils::isUsefulMethod(metho d); 328 allowLoad = isValidHTTPToken(method) && FetchUtils::isUsefulMethod(metho d);
328 if (allowLoad) { 329 if (allowLoad) {
329 newRequest.setHTTPMethod(XMLHttpRequest::uppercaseKnownHTTPMethod(me thod)); 330 newRequest.setHTTPMethod(XMLHttpRequest::uppercaseKnownHTTPMethod(me thod));
330 HTTPRequestHeaderValidator validator; 331 HTTPRequestHeaderValidator validator;
331 newRequest.visitHTTPHeaderFields(&validator); 332 newRequest.visitHTTPHeaderFields(&validator);
332 allowLoad = validator.isSafe(); 333 allowLoad = validator.isSafe();
333 } 334 }
334 } 335 }
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after
370 m_loader->cancel(); 371 m_loader->cancel();
371 } 372 }
372 373
373 void AssociatedURLLoader::setDefersLoading(bool defersLoading) 374 void AssociatedURLLoader::setDefersLoading(bool defersLoading)
374 { 375 {
375 if (m_loader) 376 if (m_loader)
376 m_loader->setDefersLoading(defersLoading); 377 m_loader->setDefersLoading(defersLoading);
377 } 378 }
378 379
379 } // namespace blink 380 } // namespace blink
OLDNEW
« Source/core/frame/csp/CSPDirectiveList.cpp ('K') | « Source/core/frame/csp/ContentSecurityPolicy.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698