Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(244)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/loader/FrameLoader.cpp

Issue 901903003: CSP: Adding the 'upgrade-insecure-requests' directive. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« Source/core/frame/csp/ContentSecurityPolicy.cpp ('K') | « Source/core/loader/FrameLoader.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv ed. 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv ed.
3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) 3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/) 4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/)
5 * Copyright (C) 2008 Alp Toker <alp@atoker.com> 5 * Copyright (C) 2008 Alp Toker <alp@atoker.com>
6 * Copyright (C) Research In Motion Limited 2009. All rights reserved. 6 * Copyright (C) Research In Motion Limited 2009. All rights reserved.
7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> 7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com>
8 * Copyright (C) 2011 Google Inc. All rights reserved. 8 * Copyright (C) 2011 Google Inc. All rights reserved.
9 * 9 *
10 * Redistribution and use in source and binary forms, with or without 10 * Redistribution and use in source and binary forms, with or without
(...skipping 1384 matching lines...) Expand 10 before | Expand all | Expand 10 after
1395 return false; 1395 return false;
1396 1396
1397 // FIXME: We need a way to propagate strict mixed content checking flags to 1397 // FIXME: We need a way to propagate strict mixed content checking flags to
1398 // out-of-process frames. For now, we'll always enforce. 1398 // out-of-process frames. For now, we'll always enforce.
1399 if (!parentFrame->isLocalFrame()) 1399 if (!parentFrame->isLocalFrame())
1400 return true; 1400 return true;
1401 1401
1402 return toLocalFrame(parentFrame)->document()->shouldEnforceStrictMixedConten tChecking(); 1402 return toLocalFrame(parentFrame)->document()->shouldEnforceStrictMixedConten tChecking();
1403 } 1403 }
1404 1404
1405 SecurityContext::InsecureContentPolicy FrameLoader::insecureContentPolicy() cons t
1406 {
1407 Frame* parentFrame = m_frame->tree().parent();
1408 if (!parentFrame)
1409 return SecurityContext::InsecureContentIgnore;
1410
1411 // FIXME: We need a way to propagate insecure content policy flags to
1412 // out-of-process frames. For now, we'll always upgrade.
1413 if (!parentFrame->isLocalFrame())
1414 return SecurityContext::InsecureContentUpgrade;
Yoav Weiss 2015/02/05 13:25:36 Why always upgrade? Isn't ignoring the safer optio
Mike West 2015/02/05 13:39:34 I suppose so. *shrug* I'll change it. :)
1415
1416 return toLocalFrame(parentFrame)->document()->insecureContentPolicy();
1417 }
1418
1405 } // namespace blink 1419 } // namespace blink
OLDNEW
« Source/core/frame/csp/ContentSecurityPolicy.cpp ('K') | « Source/core/loader/FrameLoader.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698