OLD | NEW |
1 /* | 1 /* |
2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) | 2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) |
3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) | 3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) |
4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) | 4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) |
5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All
rights reserved. | 5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All
rights reserved. |
6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ | 6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ |
7 | 7 |
8 This library is free software; you can redistribute it and/or | 8 This library is free software; you can redistribute it and/or |
9 modify it under the terms of the GNU Library General Public | 9 modify it under the terms of the GNU Library General Public |
10 License as published by the Free Software Foundation; either | 10 License as published by the Free Software Foundation; either |
(...skipping 701 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
712 } | 712 } |
713 m_validatedURLs.add(request.resourceRequest().url()); | 713 m_validatedURLs.add(request.resourceRequest().url()); |
714 } | 714 } |
715 | 715 |
716 ResourcePtr<Resource> ResourceFetcher::requestResource(Resource::Type type, Fetc
hRequest& request) | 716 ResourcePtr<Resource> ResourceFetcher::requestResource(Resource::Type type, Fetc
hRequest& request) |
717 { | 717 { |
718 ASSERT(request.options().synchronousPolicy == RequestAsynchronously || type
== Resource::Raw); | 718 ASSERT(request.options().synchronousPolicy == RequestAsynchronously || type
== Resource::Raw); |
719 | 719 |
720 TRACE_EVENT0("blink", "ResourceFetcher::requestResource"); | 720 TRACE_EVENT0("blink", "ResourceFetcher::requestResource"); |
721 | 721 |
722 maybeUpgradeInsecureRequestURL(request); | 722 upgradeInsecureRequest(request); |
723 | 723 |
724 KURL url = request.resourceRequest().url(); | 724 KURL url = request.resourceRequest().url(); |
725 | 725 |
726 WTF_LOG(ResourceLoading, "ResourceFetcher::requestResource '%s', charset '%s
', priority=%d, forPreload=%u, type=%s", url.elidedString().latin1().data(), req
uest.charset().latin1().data(), request.priority(), request.forPreload(), Resour
ceTypeName(type)); | 726 WTF_LOG(ResourceLoading, "ResourceFetcher::requestResource '%s', charset '%s
', priority=%d, forPreload=%u, type=%s", url.elidedString().latin1().data(), req
uest.charset().latin1().data(), request.priority(), request.forPreload(), Resour
ceTypeName(type)); |
727 | 727 |
728 // If only the fragment identifiers differ, it is the same resource. | 728 // If only the fragment identifiers differ, it is the same resource. |
729 url = MemoryCache::removeFragmentIdentifierIfNeeded(url); | 729 url = MemoryCache::removeFragmentIdentifierIfNeeded(url); |
730 | 730 |
731 if (!url.isValid()) | 731 if (!url.isValid()) |
732 return nullptr; | 732 return nullptr; |
(...skipping 161 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
894 if (request.requestContext() == WebURLRequest::RequestContextUnspecified) | 894 if (request.requestContext() == WebURLRequest::RequestContextUnspecified) |
895 determineRequestContext(request, type); | 895 determineRequestContext(request, type); |
896 if (type == Resource::LinkPrefetch || type == Resource::LinkSubresource) | 896 if (type == Resource::LinkPrefetch || type == Resource::LinkSubresource) |
897 request.setHTTPHeaderField("Purpose", "prefetch"); | 897 request.setHTTPHeaderField("Purpose", "prefetch"); |
898 if (frame()->document()) | 898 if (frame()->document()) |
899 request.setOriginatesFromReservedIPRange(frame()->document()->isHostedIn
ReservedIPRange()); | 899 request.setOriginatesFromReservedIPRange(frame()->document()->isHostedIn
ReservedIPRange()); |
900 | 900 |
901 context().addAdditionalRequestHeaders(document(), request, (type == Resource
::MainResource) ? FetchMainResource : FetchSubresource); | 901 context().addAdditionalRequestHeaders(document(), request, (type == Resource
::MainResource) ? FetchMainResource : FetchSubresource); |
902 } | 902 } |
903 | 903 |
904 void ResourceFetcher::maybeUpgradeInsecureRequestURL(FetchRequest& fetchRequest) | 904 void ResourceFetcher::upgradeInsecureRequest(FetchRequest& fetchRequest) |
905 { | 905 { |
906 if (!m_document) | 906 if (!m_document || !RuntimeEnabledFeatures::experimentalContentSecurityPolic
yFeaturesEnabled()) |
907 return; | 907 return; |
908 | 908 |
909 KURL url = fetchRequest.resourceRequest().url(); | 909 KURL url = fetchRequest.resourceRequest().url(); |
| 910 |
| 911 // Tack a 'Prefer' header to outgoing navigational requests, as described in |
| 912 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect |
| 913 if (fetchRequest.resourceRequest().frameType() != WebURLRequest::FrameTypeNo
ne && !SecurityOrigin::isSecure(url)) |
| 914 fetchRequest.mutableResourceRequest().addHTTPHeaderField("Prefer", "retu
rn=secure-representation"); |
| 915 |
910 if (m_document->insecureContentPolicy() == SecurityContext::InsecureContentU
pgrade && url.protocolIs("http")) { | 916 if (m_document->insecureContentPolicy() == SecurityContext::InsecureContentU
pgrade && url.protocolIs("http")) { |
911 // We always upgrade subresource requests and nested frames, we always u
pgrade form | 917 // We always upgrade subresource requests and nested frames, we always u
pgrade form |
912 // submissions, and we always upgrade requests whose host matches the ho
st of the | 918 // submissions, and we always upgrade requests whose host matches the ho
st of the |
913 // containing document's security origin. | 919 // containing document's security origin. |
914 // | 920 // |
915 // FIXME: We need to check the document that set the policy, not the cur
rent document. | 921 // FIXME: We need to check the document that set the policy, not the cur
rent document. |
916 const ResourceRequest& request = fetchRequest.resourceRequest(); | 922 const ResourceRequest& request = fetchRequest.resourceRequest(); |
917 if (request.frameType() == WebURLRequest::FrameTypeNone | 923 if (request.frameType() == WebURLRequest::FrameTypeNone |
918 || request.frameType() == WebURLRequest::FrameTypeNested | 924 || request.frameType() == WebURLRequest::FrameTypeNested |
919 || request.requestContext() == WebURLRequest::RequestContextForm | 925 || request.requestContext() == WebURLRequest::RequestContextForm |
(...skipping 726 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1646 ResourceLoaderHost::trace(visitor); | 1652 ResourceLoaderHost::trace(visitor); |
1647 } | 1653 } |
1648 | 1654 |
1649 ResourceFetcher* ResourceFetcher::toResourceFetcher(ResourceLoaderHost* host) | 1655 ResourceFetcher* ResourceFetcher::toResourceFetcher(ResourceLoaderHost* host) |
1650 { | 1656 { |
1651 ASSERT(host->objectType() == ResourceLoaderHost::ResourceFetcherType); | 1657 ASSERT(host->objectType() == ResourceLoaderHost::ResourceFetcherType); |
1652 return static_cast<ResourceFetcher*>(host); | 1658 return static_cast<ResourceFetcher*>(host); |
1653 } | 1659 } |
1654 | 1660 |
1655 } | 1661 } |
OLD | NEW |