OLD | NEW |
1 /* | 1 /* |
2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) | 2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) |
3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) | 3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) |
4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) | 4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) |
5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All
rights reserved. | 5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All
rights reserved. |
6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ | 6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ |
7 | 7 |
8 This library is free software; you can redistribute it and/or | 8 This library is free software; you can redistribute it and/or |
9 modify it under the terms of the GNU Library General Public | 9 modify it under the terms of the GNU Library General Public |
10 License as published by the Free Software Foundation; either | 10 License as published by the Free Software Foundation; either |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
49 #include "core/frame/LocalDOMWindow.h" | 49 #include "core/frame/LocalDOMWindow.h" |
50 #include "core/frame/LocalFrame.h" | 50 #include "core/frame/LocalFrame.h" |
51 #include "core/frame/Settings.h" | 51 #include "core/frame/Settings.h" |
52 #include "core/frame/csp/ContentSecurityPolicy.h" | 52 #include "core/frame/csp/ContentSecurityPolicy.h" |
53 #include "core/html/HTMLElement.h" | 53 #include "core/html/HTMLElement.h" |
54 #include "core/html/HTMLFrameOwnerElement.h" | 54 #include "core/html/HTMLFrameOwnerElement.h" |
55 #include "core/inspector/ConsoleMessage.h" | 55 #include "core/inspector/ConsoleMessage.h" |
56 #include "core/loader/DocumentLoader.h" | 56 #include "core/loader/DocumentLoader.h" |
57 #include "core/loader/FrameLoader.h" | 57 #include "core/loader/FrameLoader.h" |
58 #include "core/loader/FrameLoaderClient.h" | 58 #include "core/loader/FrameLoaderClient.h" |
| 59 #include "core/loader/MixedContentChecker.h" |
59 #include "core/loader/PingLoader.h" | 60 #include "core/loader/PingLoader.h" |
60 #include "core/loader/appcache/ApplicationCacheHost.h" | 61 #include "core/loader/appcache/ApplicationCacheHost.h" |
61 #include "core/timing/DOMWindowPerformance.h" | 62 #include "core/timing/DOMWindowPerformance.h" |
62 #include "core/timing/Performance.h" | 63 #include "core/timing/Performance.h" |
63 #include "core/timing/ResourceTimingInfo.h" | 64 #include "core/timing/ResourceTimingInfo.h" |
64 #include "core/svg/graphics/SVGImageChromeClient.h" | 65 #include "core/svg/graphics/SVGImageChromeClient.h" |
65 #include "platform/Logging.h" | 66 #include "platform/Logging.h" |
66 #include "platform/RuntimeEnabledFeatures.h" | 67 #include "platform/RuntimeEnabledFeatures.h" |
67 #include "platform/TraceEvent.h" | 68 #include "platform/TraceEvent.h" |
68 #include "platform/mhtml/ArchiveResource.h" | 69 #include "platform/mhtml/ArchiveResource.h" |
(...skipping 470 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
539 | 540 |
540 // FIXME: Once we use RequestContext for CSP (http://crbug.com/390497), remo
ve this extra check. | 541 // FIXME: Once we use RequestContext for CSP (http://crbug.com/390497), remo
ve this extra check. |
541 if (resourceRequest.requestContext() == WebURLRequest::RequestContextManifes
t) { | 542 if (resourceRequest.requestContext() == WebURLRequest::RequestContextManifes
t) { |
542 if (!shouldBypassMainWorldCSP && !csp->allowManifestFromSource(url, redi
rectStatus, cspReporting)) | 543 if (!shouldBypassMainWorldCSP && !csp->allowManifestFromSource(url, redi
rectStatus, cspReporting)) |
543 return false; | 544 return false; |
544 } | 545 } |
545 | 546 |
546 // Measure the number of legacy URL schemes ('ftp://') and the number of emb
edded-credential | 547 // Measure the number of legacy URL schemes ('ftp://') and the number of emb
edded-credential |
547 // ('http://user:password@...') resources embedded as subresources. in the h
opes that we can | 548 // ('http://user:password@...') resources embedded as subresources. in the h
opes that we can |
548 // block them at some point in the future. | 549 // block them at some point in the future. |
549 if (resourceRequest.frameType() != WebURLRequest::FrameTypeTopLevel) { | 550 if (frame() && resourceRequest.frameType() != WebURLRequest::FrameTypeTopLev
el) { |
| 551 ASSERT(frame()->document()); |
550 if (SchemeRegistry::shouldTreatURLSchemeAsLegacy(url.protocol()) && !Sch
emeRegistry::shouldTreatURLSchemeAsLegacy(frame()->document()->securityOrigin()-
>protocol())) | 552 if (SchemeRegistry::shouldTreatURLSchemeAsLegacy(url.protocol()) && !Sch
emeRegistry::shouldTreatURLSchemeAsLegacy(frame()->document()->securityOrigin()-
>protocol())) |
551 UseCounter::count(frame()->document(), UseCounter::LegacyProtocolEmb
eddedAsSubresource); | 553 UseCounter::count(frame()->document(), UseCounter::LegacyProtocolEmb
eddedAsSubresource); |
552 if (!url.user().isEmpty() || !url.pass().isEmpty()) | 554 if (!url.user().isEmpty() || !url.pass().isEmpty()) |
553 UseCounter::count(frame()->document(), UseCounter::RequestedSubresou
rceWithEmbeddedCredentials); | 555 UseCounter::count(frame()->document(), UseCounter::RequestedSubresou
rceWithEmbeddedCredentials); |
554 } | 556 } |
555 | 557 |
556 // Last of all, check for mixed content. We do this last so that when | 558 // Last of all, check for mixed content. We do this last so that when |
557 // folks block mixed content with a CSP policy, they don't get a warning. | 559 // folks block mixed content with a CSP policy, they don't get a warning. |
558 // They'll still get a warning in the console about CSP blocking the load. | 560 // They'll still get a warning in the console about CSP blocking the load. |
559 | 561 |
560 // If we're loading the main resource of a subframe, ensure that we check | 562 // If we're loading the main resource of a subframe, ensure that we check |
561 // against the parent of the active frame, rather than the frame itself. | 563 // against the parent of the active frame, rather than the frame itself. |
562 LocalFrame* effectiveFrame = frame(); | 564 LocalFrame* effectiveFrame = frame(); |
563 if (resourceRequest.frameType() == WebURLRequest::FrameTypeNested) { | 565 if (effectiveFrame && resourceRequest.frameType() == WebURLRequest::FrameTyp
eNested) { |
564 // FIXME: Deal with RemoteFrames. | 566 // FIXME: Deal with RemoteFrames. |
565 if (frame()->tree().parent()->isLocalFrame()) | 567 Frame* parentFrame = effectiveFrame->tree().parent(); |
566 effectiveFrame = toLocalFrame(frame()->tree().parent()); | 568 ASSERT(parentFrame); |
| 569 if (parentFrame->isLocalFrame()) |
| 570 effectiveFrame = toLocalFrame(parentFrame); |
567 } | 571 } |
568 | 572 |
569 MixedContentChecker::ReportingStatus mixedContentReporting = forPreload ? | 573 MixedContentChecker::ReportingStatus mixedContentReporting = forPreload ? |
570 MixedContentChecker::SuppressReport : MixedContentChecker::SendReport; | 574 MixedContentChecker::SuppressReport : MixedContentChecker::SendReport; |
571 return !MixedContentChecker::shouldBlockFetch(effectiveFrame, resourceReques
t, url, mixedContentReporting); | 575 return !MixedContentChecker::shouldBlockFetch(effectiveFrame, resourceReques
t, url, mixedContentReporting); |
572 } | 576 } |
573 | 577 |
574 bool ResourceFetcher::canAccessResource(Resource* resource, SecurityOrigin* sour
ceOrigin, const KURL& url) const | 578 bool ResourceFetcher::canAccessResource(Resource* resource, SecurityOrigin* sour
ceOrigin, const KURL& url) const |
575 { | 579 { |
576 // Redirects can change the response URL different from one of request. | 580 // Redirects can change the response URL different from one of request. |
(...skipping 352 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
929 | 933 |
930 if (resource->isCacheValidator()) { | 934 if (resource->isCacheValidator()) { |
931 const AtomicString& timingAllowOrigin = resource->resourceToRevalidate()
->response().httpHeaderField("Timing-Allow-Origin"); | 935 const AtomicString& timingAllowOrigin = resource->resourceToRevalidate()
->response().httpHeaderField("Timing-Allow-Origin"); |
932 if (!timingAllowOrigin.isEmpty()) | 936 if (!timingAllowOrigin.isEmpty()) |
933 info->setOriginalTimingAllowOrigin(timingAllowOrigin); | 937 info->setOriginalTimingAllowOrigin(timingAllowOrigin); |
934 } | 938 } |
935 | 939 |
936 if (resource->type() == Resource::MainResource) { | 940 if (resource->type() == Resource::MainResource) { |
937 // <iframe>s should report the initial navigation requested by the paren
t document, but not subsequent navigations. | 941 // <iframe>s should report the initial navigation requested by the paren
t document, but not subsequent navigations. |
938 // FIXME: Resource timing is broken when the parent is a remote frame. | 942 // FIXME: Resource timing is broken when the parent is a remote frame. |
939 if (frame()->deprecatedLocalOwner() && !frame()->deprecatedLocalOwner()-
>loadedNonEmptyDocument()) { | 943 if (frame() && frame()->deprecatedLocalOwner() && !frame()->deprecatedLo
calOwner()->loadedNonEmptyDocument()) { |
940 info->setInitiatorType(frame()->deprecatedLocalOwner()->localName())
; | 944 info->setInitiatorType(frame()->deprecatedLocalOwner()->localName())
; |
941 m_resourceTimingInfoMap.add(resource, info); | 945 m_resourceTimingInfoMap.add(resource, info); |
942 frame()->deprecatedLocalOwner()->didLoadNonEmptyDocument(); | 946 frame()->deprecatedLocalOwner()->didLoadNonEmptyDocument(); |
943 } | 947 } |
944 } else { | 948 } else { |
945 m_resourceTimingInfoMap.add(resource, info); | 949 m_resourceTimingInfoMap.add(resource, info); |
946 } | 950 } |
947 } | 951 } |
948 | 952 |
949 ResourceFetcher::RevalidationPolicy ResourceFetcher::determineRevalidationPolicy
(Resource::Type type, const FetchRequest& fetchRequest, Resource* existingResour
ce) const | 953 ResourceFetcher::RevalidationPolicy ResourceFetcher::determineRevalidationPolicy
(Resource::Type type, const FetchRequest& fetchRequest, Resource* existingResour
ce) const |
(...skipping 635 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1585 ResourceLoaderHost::trace(visitor); | 1589 ResourceLoaderHost::trace(visitor); |
1586 } | 1590 } |
1587 | 1591 |
1588 ResourceFetcher* ResourceFetcher::toResourceFetcher(ResourceLoaderHost* host) | 1592 ResourceFetcher* ResourceFetcher::toResourceFetcher(ResourceLoaderHost* host) |
1589 { | 1593 { |
1590 ASSERT(host->objectType() == ResourceLoaderHost::ResourceFetcherType); | 1594 ASSERT(host->objectType() == ResourceLoaderHost::ResourceFetcherType); |
1591 return static_cast<ResourceFetcher*>(host); | 1595 return static_cast<ResourceFetcher*>(host); |
1592 } | 1596 } |
1593 | 1597 |
1594 } | 1598 } |
OLD | NEW |