CSP 1.1: Implement the 'frame-ancestors' directive.

Source/core/loader/FrameLoader.cpp

 /*
  * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved.
  * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
  * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.torchmobile.com/)
  * Copyright (C) 2008 Alp Toker <alp@atoker.com>
  * Copyright (C) Research In Motion Limited 2009. All rights reserved.
  * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com>
  * Copyright (C) 2011 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ skipping 330 matching lines @@
     if (!m_stateMachine.committedMultipleRealLoads() && m_loadType == FrameLoadTypeStandard)
         m_stateMachine.advanceTo(FrameLoaderStateMachine::CommittedMultipleRealLoads);
 
     m_client->dispatchDidCommitLoad(m_frame, m_currentItem.get(), loadTypeToCommitType(m_loadType, isStandardLoadWithValidURL));
 
     InspectorInstrumentation::didCommitLoad(m_frame, m_documentLoader.get());
     m_frame->page()->didCommitLoad(m_frame);
     dispatchDidClearWindowObjectsInAllWorlds();
 }
 
+static void didFailContentSecurityPolicyCheck(FrameLoader* loader)
+{
+    // load event and stopAllLoaders can detach the Frame, so protect it.
+    RefPtr<Frame> frame(loader->frame());
+
+    // Move the page to a unique origin, and cancel the load.
+    frame->document()->enforceSandboxFlags(SandboxOrigin);
+    loader->stopAllLoaders();
+
+    // Fire a load event, as timing attacks would otherwise reveal that the
+    // frame was blocked. This way, it looks like every other cross-origin
+    // page.
+    if (HTMLFrameOwnerElement* ownerElement = frame->ownerElement())
+        ownerElement->dispatchEvent(Event::create(EventTypeNames::load));
+}
+
 void FrameLoader::didBeginDocument(bool dispatch)
 {
     m_isComplete = false;
     m_frame->document()->setReadyState(Document::Loading);
 
     if (m_provisionalItem && m_loadType == FrameLoadTypeBackForward)
         m_frame->domWindow()->statePopped(m_provisionalItem->stateObject());
 
     if (dispatch)
         dispatchDidClearWindowObjectsInAllWorlds();
 
     m_frame->document()->initContentSecurityPolicy(m_documentLoader ? ContentSecurityPolicyResponseHeaders(m_documentLoader->response()) : ContentSecurityPolicyResponseHeaders());
 
+    if (!m_frame->document()->contentSecurityPolicy()->allowAncestors(m_frame)) {
+        didFailContentSecurityPolicyCheck(this);
+        return;
+    }
+
     Settings* settings = m_frame->document()->settings();
     if (settings) {
         m_frame->document()->fetcher()->setImagesEnabled(settings->imagesEnabled());
         m_frame->document()->fetcher()->setAutoLoadImages(settings->loadsImagesAutomatically());
     }
 
     if (m_documentLoader) {
         const AtomicString& dnsPrefetchControl = m_documentLoader->response().httpHeaderField("X-DNS-Prefetch-Control");
         if (!dnsPrefetchControl.isEmpty())
             m_frame->document()->parseDNSPrefetchControlHeader(dnsPrefetchControl);
@@ skipping 1089 matching lines @@
 {
     SandboxFlags flags = m_forcedSandboxFlags;
     if (Frame* parentFrame = m_frame->tree().parent())
         flags |= parentFrame->document()->sandboxFlags();
     if (HTMLFrameOwnerElement* ownerElement = m_frame->ownerElement())
         flags |= ownerElement->sandboxFlags();
     return flags;
 }
 
 } // namespace WebCore