Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(421)

Side by Side Diff: Source/core/loader/FrameLoader.cpp

Issue 91353002: CSP 1.1: Implement the 'frame-ancestors' directive. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Ugh. Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « Source/core/frame/ContentSecurityPolicy.cpp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv ed. 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv ed.
3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) 3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/) 4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/)
5 * Copyright (C) 2008 Alp Toker <alp@atoker.com> 5 * Copyright (C) 2008 Alp Toker <alp@atoker.com>
6 * Copyright (C) Research In Motion Limited 2009. All rights reserved. 6 * Copyright (C) Research In Motion Limited 2009. All rights reserved.
7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> 7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com>
8 * Copyright (C) 2011 Google Inc. All rights reserved. 8 * Copyright (C) 2011 Google Inc. All rights reserved.
9 * 9 *
10 * Redistribution and use in source and binary forms, with or without 10 * Redistribution and use in source and binary forms, with or without
(...skipping 343 matching lines...) Expand 10 before | Expand all | Expand 10 after
354 m_frame->document()->setReadyState(Document::Loading); 354 m_frame->document()->setReadyState(Document::Loading);
355 355
356 if (m_provisionalItem && m_loadType == FrameLoadTypeBackForward) 356 if (m_provisionalItem && m_loadType == FrameLoadTypeBackForward)
357 m_frame->domWindow()->statePopped(m_provisionalItem->stateObject()); 357 m_frame->domWindow()->statePopped(m_provisionalItem->stateObject());
358 358
359 if (dispatch) 359 if (dispatch)
360 dispatchDidClearWindowObjectsInAllWorlds(); 360 dispatchDidClearWindowObjectsInAllWorlds();
361 361
362 m_frame->document()->initContentSecurityPolicy(m_documentLoader ? ContentSec urityPolicyResponseHeaders(m_documentLoader->response()) : ContentSecurityPolicy ResponseHeaders()); 362 m_frame->document()->initContentSecurityPolicy(m_documentLoader ? ContentSec urityPolicyResponseHeaders(m_documentLoader->response()) : ContentSecurityPolicy ResponseHeaders());
363 363
364 if (!m_frame->document()->contentSecurityPolicy()->allowAncestors(m_frame)) {
365 // load event and stopAllLoaders can detach the Frame, so protect it.
Nate Chapin 2014/01/21 18:24:22 The contents of this if() should probably be a hel
Mike West 2014/01/22 10:08:46 Done.
366 RefPtr<Frame> protect(m_frame);
367
368 // Move the page to a unique origin.
369 m_frame->document()->enforceSandboxFlags(SandboxOrigin);
370
371 // Fire a load event, as timing attacks would otherwise reveal that the
372 // frame was blocked. This way, it looks like every other cross-origin
373 // page.
374 if (HTMLFrameOwnerElement* ownerElement = m_frame->ownerElement())
375 ownerElement->dispatchEvent(Event::create(EventTypeNames::load));
376
377 stopAllLoaders();
Nate Chapin 2014/01/21 18:24:22 If a navigation was triggered during the load even
Mike West 2014/01/22 10:08:46 Hrm. Probably not. I'll reverse the order.
378 clear();
Nate Chapin 2014/01/21 18:24:22 Do you really need clear() here? It was just calle
Mike West 2014/01/22 10:08:46 Done.
379 return;
380 }
381
382
364 Settings* settings = m_frame->document()->settings(); 383 Settings* settings = m_frame->document()->settings();
365 if (settings) { 384 if (settings) {
366 m_frame->document()->fetcher()->setImagesEnabled(settings->imagesEnabled ()); 385 m_frame->document()->fetcher()->setImagesEnabled(settings->imagesEnabled ());
367 m_frame->document()->fetcher()->setAutoLoadImages(settings->loadsImagesA utomatically()); 386 m_frame->document()->fetcher()->setAutoLoadImages(settings->loadsImagesA utomatically());
368 } 387 }
369 388
370 if (m_documentLoader) { 389 if (m_documentLoader) {
371 const AtomicString& dnsPrefetchControl = m_documentLoader->response().ht tpHeaderField("X-DNS-Prefetch-Control"); 390 const AtomicString& dnsPrefetchControl = m_documentLoader->response().ht tpHeaderField("X-DNS-Prefetch-Control");
372 if (!dnsPrefetchControl.isEmpty()) 391 if (!dnsPrefetchControl.isEmpty())
373 m_frame->document()->parseDNSPrefetchControlHeader(dnsPrefetchContro l); 392 m_frame->document()->parseDNSPrefetchControlHeader(dnsPrefetchContro l);
(...skipping 1089 matching lines...) Expand 10 before | Expand all | Expand 10 after
1463 { 1482 {
1464 SandboxFlags flags = m_forcedSandboxFlags; 1483 SandboxFlags flags = m_forcedSandboxFlags;
1465 if (Frame* parentFrame = m_frame->tree().parent()) 1484 if (Frame* parentFrame = m_frame->tree().parent())
1466 flags |= parentFrame->document()->sandboxFlags(); 1485 flags |= parentFrame->document()->sandboxFlags();
1467 if (HTMLFrameOwnerElement* ownerElement = m_frame->ownerElement()) 1486 if (HTMLFrameOwnerElement* ownerElement = m_frame->ownerElement())
1468 flags |= ownerElement->sandboxFlags(); 1487 flags |= ownerElement->sandboxFlags();
1469 return flags; 1488 return flags;
1470 } 1489 }
1471 1490
1472 } // namespace WebCore 1491 } // namespace WebCore
OLDNEW
« no previous file with comments | « Source/core/frame/ContentSecurityPolicy.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698