LEFT | RIGHT |
1 /* | 1 /* |
2 * Copyright (C) 2006-2017 Apple Inc. All rights reserved. | 2 * Copyright (C) 2006-2017 Apple Inc. All rights reserved. |
3 * Copyright (C) 2011 Google Inc. All rights reserved. | 3 * Copyright (C) 2011 Google Inc. All rights reserved. |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
7 * are met: | 7 * are met: |
8 * | 8 * |
9 * 1. Redistributions of source code must retain the above copyright | 9 * 1. Redistributions of source code must retain the above copyright |
10 * notice, this list of conditions and the following disclaimer.· | 10 * notice, this list of conditions and the following disclaimer.· |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
53 #include "FrameTree.h" | 53 #include "FrameTree.h" |
54 #include "HTMLFormElement.h" | 54 #include "HTMLFormElement.h" |
55 #include "HTMLFrameOwnerElement.h" | 55 #include "HTMLFrameOwnerElement.h" |
56 #include "HTTPHeaderField.h" | 56 #include "HTTPHeaderField.h" |
57 #include "HTTPHeaderNames.h" | 57 #include "HTTPHeaderNames.h" |
58 #include "HistoryItem.h" | 58 #include "HistoryItem.h" |
59 #include "IconLoader.h" | 59 #include "IconLoader.h" |
60 #include "InspectorInstrumentation.h" | 60 #include "InspectorInstrumentation.h" |
61 #include "LinkIconCollector.h" | 61 #include "LinkIconCollector.h" |
62 #include "LinkIconType.h" | 62 #include "LinkIconType.h" |
| 63 #include "LoaderStrategy.h" |
63 #include "Logging.h" | 64 #include "Logging.h" |
64 #include "MemoryCache.h" | 65 #include "MemoryCache.h" |
65 #include "NetworkLoadMetrics.h" | 66 #include "NetworkLoadMetrics.h" |
66 #include "Page.h" | 67 #include "Page.h" |
| 68 #include "PingLoader.h" |
| 69 #include "PlatformStrategies.h" |
67 #include "PolicyChecker.h" | 70 #include "PolicyChecker.h" |
68 #include "ProgressTracker.h" | 71 #include "ProgressTracker.h" |
69 #include "ResourceHandle.h" | 72 #include "ResourceHandle.h" |
70 #include "ResourceLoadObserver.h" | 73 #include "ResourceLoadObserver.h" |
71 #include "SWClientConnection.h" | 74 #include "SWClientConnection.h" |
72 #include "SchemeRegistry.h" | 75 #include "SchemeRegistry.h" |
73 #include "ScriptableDocumentParser.h" | 76 #include "ScriptableDocumentParser.h" |
74 #include "SecurityPolicy.h" | 77 #include "SecurityPolicy.h" |
| 78 #include "SecurityPolicyViolationEvent.h" |
75 #include "ServiceWorker.h" | 79 #include "ServiceWorker.h" |
76 #include "ServiceWorkerProvider.h" | 80 #include "ServiceWorkerProvider.h" |
77 #include "Settings.h" | 81 #include "Settings.h" |
78 #include "SubresourceLoader.h" | 82 #include "SubresourceLoader.h" |
79 #include "TextResourceDecoder.h" | 83 #include "TextResourceDecoder.h" |
80 #include <wtf/Assertions.h> | 84 #include <wtf/Assertions.h> |
81 #include <wtf/CompletionHandler.h> | 85 #include <wtf/CompletionHandler.h> |
82 #include <wtf/NeverDestroyed.h> | 86 #include <wtf/NeverDestroyed.h> |
83 #include <wtf/Ref.h> | 87 #include <wtf/Ref.h> |
84 #include <wtf/text/CString.h> | 88 #include <wtf/text/CString.h> |
(...skipping 571 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
656 }; | 660 }; |
657 | 661 |
658 ASSERT(!m_waitingForNavigationPolicy); | 662 ASSERT(!m_waitingForNavigationPolicy); |
659 m_waitingForNavigationPolicy = true; | 663 m_waitingForNavigationPolicy = true; |
660 | 664 |
661 if (shouldContinue == ShouldContinue::ForSuspension) { | 665 if (shouldContinue == ShouldContinue::ForSuspension) { |
662 navigationPolicyCompletionHandler(WTFMove(newRequest), nullptr, shouldCo
ntinue); | 666 navigationPolicyCompletionHandler(WTFMove(newRequest), nullptr, shouldCo
ntinue); |
663 return; | 667 return; |
664 } | 668 } |
665 | 669 |
666 frameLoader()->policyChecker().checkNavigationPolicy(ResourceRequest(newRequ
est), didReceiveRedirectResponse, WTFMove(navigationPolicyCompletionHandler)); | 670 frameLoader()->policyChecker().checkNavigationPolicy(WTFMove(newRequest), di
dReceiveRedirectResponse, WTFMove(navigationPolicyCompletionHandler)); |
667 } | 671 } |
668 | 672 |
669 bool DocumentLoader::tryLoadingRequestFromApplicationCache() | 673 bool DocumentLoader::tryLoadingRequestFromApplicationCache() |
670 { | 674 { |
671 m_applicationCacheHost->maybeLoadMainResource(m_request, m_substituteData); | 675 m_applicationCacheHost->maybeLoadMainResource(m_request, m_substituteData); |
672 | 676 |
673 if (!m_substituteData.isValid() || !m_frame->page()) | 677 if (!m_substituteData.isValid() || !m_frame->page()) |
674 return false; | 678 return false; |
675 | 679 |
676 RELEASE_LOG_IF_ALLOWED("startLoadingMainResource: Returning cached main reso
urce (frame = %p, main = %d)", m_frame, m_frame->isMainFrame()); | 680 RELEASE_LOG_IF_ALLOWED("startLoadingMainResource: Returning cached main reso
urce (frame = %p, main = %d)", m_frame, m_frame->isMainFrame()); |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
719 m_serviceWorkerRegistrationData = WTFMove(registrationData); | 723 m_serviceWorkerRegistrationData = WTFMove(registrationData); |
720 loadMainResource(WTFMove(request)); | 724 loadMainResource(WTFMove(request)); |
721 | 725 |
722 if (m_mainResource) | 726 if (m_mainResource) |
723 frameLoader()->client().dispatchDidReceiveServerRedirectForProvisionalLo
ad(); | 727 frameLoader()->client().dispatchDidReceiveServerRedirectForProvisionalLo
ad(); |
724 } | 728 } |
725 #endif | 729 #endif |
726 | 730 |
727 void DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied(
unsigned long identifier, const ResourceResponse& response) | 731 void DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied(
unsigned long identifier, const ResourceResponse& response) |
728 { | 732 { |
| 733 Ref<DocumentLoader> protectedThis { *this }; |
729 InspectorInstrumentation::continueAfterXFrameOptionsDenied(*m_frame, identif
ier, *this, response); | 734 InspectorInstrumentation::continueAfterXFrameOptionsDenied(*m_frame, identif
ier, *this, response); |
730 m_frame->document()->enforceSandboxFlags(SandboxOrigin); | 735 m_frame->document()->enforceSandboxFlags(SandboxOrigin); |
731 if (HTMLFrameOwnerElement* ownerElement = m_frame->ownerElement()) | 736 if (HTMLFrameOwnerElement* ownerElement = m_frame->ownerElement()) |
732 ownerElement->dispatchEvent(Event::create(eventNames().loadEvent, false,
false)); | 737 ownerElement->dispatchEvent(Event::create(eventNames().loadEvent, false,
false)); |
733 | 738 |
734 // The load event might have detached this frame. In that case, the load wil
l already have been cancelled during detach. | 739 // The load event might have detached this frame. In that case, the load wil
l already have been cancelled during detach. |
735 if (FrameLoader* frameLoader = this->frameLoader()) | 740 if (FrameLoader* frameLoader = this->frameLoader()) |
736 cancelMainResourceLoad(frameLoader->cancelledError(m_request)); | 741 cancelMainResourceLoad(frameLoader->cancelledError(m_request)); |
737 } | 742 } |
738 | 743 |
(...skipping 19 matching lines...) Expand all Loading... |
758 // from the application cache, ensure we don't save the result for future us
e. | 763 // from the application cache, ensure we don't save the result for future us
e. |
759 if (willLoadFallback) | 764 if (willLoadFallback) |
760 MemoryCache::singleton().remove(*m_mainResource); | 765 MemoryCache::singleton().remove(*m_mainResource); |
761 | 766 |
762 if (willLoadFallback) | 767 if (willLoadFallback) |
763 return; | 768 return; |
764 | 769 |
765 ASSERT(m_identifierForLoadWithoutResourceLoader || m_mainResource); | 770 ASSERT(m_identifierForLoadWithoutResourceLoader || m_mainResource); |
766 unsigned long identifier = m_identifierForLoadWithoutResourceLoader ? m_iden
tifierForLoadWithoutResourceLoader : m_mainResource->identifier(); | 771 unsigned long identifier = m_identifierForLoadWithoutResourceLoader ? m_iden
tifierForLoadWithoutResourceLoader : m_mainResource->identifier(); |
767 ASSERT(identifier); | 772 ASSERT(identifier); |
768 ···· | 773 |
769 auto url = response.url(); | 774 if (m_substituteData.isValid() || !platformStrategies()->loaderStrategy()->h
avePerformedSecurityChecks(response)) { |
770 | 775 auto url = response.url(); |
771 ContentSecurityPolicy contentSecurityPolicy(SecurityOrigin::create(url), m_f
rame); | 776 ContentSecurityPolicy contentSecurityPolicy(URL { url }, this); |
772 contentSecurityPolicy.didReceiveHeaders(ContentSecurityPolicyResponseHeaders
(response)); | 777 contentSecurityPolicy.didReceiveHeaders(ContentSecurityPolicyResponseHea
ders { response }, m_request.httpReferrer()); |
773 if (!contentSecurityPolicy.allowFrameAncestors(*m_frame, url)) { | 778 if (!contentSecurityPolicy.allowFrameAncestors(*m_frame, url)) { |
774 stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied(identifier, r
esponse); | |
775 return; | |
776 } | |
777 | |
778 const auto& commonHeaders = response.httpHeaderFields().commonHeaders(); | |
779 auto it = commonHeaders.find(HTTPHeaderName::XFrameOptions); | |
780 if (it != commonHeaders.end()) { | |
781 String content = it->value; | |
782 if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, url, ide
ntifier)) { | |
783 String message = "Refused to display '" + url.stringCenterEllipsized
ToLength() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'
."; | |
784 m_frame->document()->addConsoleMessage(MessageSource::Security, Mess
ageLevel::Error, message, identifier); | |
785 stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied(identifie
r, response); | 779 stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied(identifie
r, response); |
786 return; | 780 return; |
| 781 } |
| 782 |
| 783 const auto& commonHeaders = response.httpHeaderFields().commonHeaders(); |
| 784 auto it = commonHeaders.find(HTTPHeaderName::XFrameOptions); |
| 785 if (it != commonHeaders.end()) { |
| 786 String content = it->value; |
| 787 if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, url,
identifier)) { |
| 788 String message = "Refused to display '" + url.stringCenterEllips
izedToLength() + "' in a frame because it set 'X-Frame-Options' to '" + content
+ "'."; |
| 789 m_frame->document()->addConsoleMessage(MessageSource::Security,
MessageLevel::Error, message, identifier); |
| 790 stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied(ident
ifier, response); |
| 791 return; |
| 792 } |
787 } | 793 } |
788 } | 794 } |
789 | 795 |
790 // There is a bug in CFNetwork where callbacks can be dispatched even when l
oads are deferred. | 796 // There is a bug in CFNetwork where callbacks can be dispatched even when l
oads are deferred. |
791 // See <rdar://problem/6304600> for more details. | 797 // See <rdar://problem/6304600> for more details. |
792 #if !USE(CF) | 798 #if !USE(CF) |
793 ASSERT(!mainResourceLoader() || !mainResourceLoader()->defersLoading()); | 799 ASSERT(!mainResourceLoader() || !mainResourceLoader()->defersLoading()); |
794 #endif | 800 #endif |
795 | 801 |
796 if (m_isLoadingMultipartContent) { | 802 if (m_isLoadingMultipartContent) { |
(...skipping 1207 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2004 m_previewConverter = WTFMove(previewConverter); | 2010 m_previewConverter = WTFMove(previewConverter); |
2005 } | 2011 } |
2006 | 2012 |
2007 PreviewConverter* DocumentLoader::previewConverter() const | 2013 PreviewConverter* DocumentLoader::previewConverter() const |
2008 { | 2014 { |
2009 return m_previewConverter.get(); | 2015 return m_previewConverter.get(); |
2010 } | 2016 } |
2011 | 2017 |
2012 #endif | 2018 #endif |
2013 | 2019 |
| 2020 void DocumentLoader::addConsoleMessage(MessageSource messageSource, MessageLevel
messageLevel, const String& message, unsigned long requestIdentifier) |
| 2021 { |
| 2022 static_cast<ScriptExecutionContext*>(m_frame->document())->addConsoleMessage
(messageSource, messageLevel, message, requestIdentifier); |
| 2023 } |
| 2024 |
| 2025 void DocumentLoader::sendCSPViolationReport(URL&& reportURL, Ref<FormData>&& rep
ort) |
| 2026 { |
| 2027 PingLoader::sendViolationReport(*m_frame, WTFMove(reportURL), WTFMove(report
), ViolationReportType::ContentSecurityPolicy); |
| 2028 } |
| 2029 |
| 2030 void DocumentLoader::dispatchSecurityPolicyViolationEvent(Ref<SecurityPolicyViol
ationEvent>&& violationEvent) |
| 2031 { |
| 2032 m_frame->document()->enqueueDocumentEvent(WTFMove(violationEvent)); |
| 2033 } |
| 2034 |
2014 } // namespace WebCore | 2035 } // namespace WebCore |
LEFT | RIGHT |