Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(162)

Unified Diff: Source/WebCore/loader/FrameLoader.cpp

Issue 8198008: Merge 96610 - Resource loader should block HTTP redirects to local resources (Closed) Base URL: http://svn.webkit.org/repository/webkit/branches/chromium/874/
Patch Set: Created 9 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: Source/WebCore/loader/FrameLoader.cpp
===================================================================
--- Source/WebCore/loader/FrameLoader.cpp (revision 96956)
+++ Source/WebCore/loader/FrameLoader.cpp (working copy)
@@ -1124,21 +1124,6 @@
detachChildren();
}
-// This is a hack to allow keep navigation to http/https feeds working. To remove this
-// we need to introduce new API akin to registerURLSchemeAsLocal, that registers a
-// protocols navigation policy.
-static bool isFeedWithNestedProtocolInHTTPFamily(const KURL& url)
-{
- const String& urlString = url.string();
- if (!urlString.startsWith("feed", false))
- return false;
-
- return urlString.startsWith("feed://", false)
- || urlString.startsWith("feed:http:", false) || urlString.startsWith("feed:https:", false)
- || urlString.startsWith("feeds:http:", false) || urlString.startsWith("feeds:https:", false)
- || urlString.startsWith("feedsearch:http:", false) || urlString.startsWith("feedsearch:https:", false);
-}
-
void FrameLoader::loadFrameRequest(const FrameLoadRequest& request, bool lockHistory, bool lockBackForwardList,
PassRefPtr<Event> event, PassRefPtr<FormState> formState, ReferrerPolicy referrerPolicy)
{
@@ -1148,8 +1133,7 @@
KURL url = request.resourceRequest().url();
ASSERT(m_frame->document());
- // FIXME: Should we move the isFeedWithNestedProtocolInHTTPFamily logic inside SecurityOrigin::canDisplay?
- if (!isFeedWithNestedProtocolInHTTPFamily(url) && !request.requester()->canDisplay(url)) {
+ if (!request.requester()->canDisplay(url)) {
reportLocalLoadFailed(m_frame, url.string());
return;
}
« no previous file with comments | « LayoutTests/http/tests/security/resources/file-redirect-target.html ('k') | Source/WebCore/loader/MainResourceLoader.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698