Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(465)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/loader/cache/CachedResourceLoader.cpp

Issue 14949017: Implementation of W3C compliant CSP script-src nonce. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Minor fixes based on Adam's comments Created 7 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« Source/core/dom/ScriptElement.cpp ('K') | « Source/core/loader/cache/CachedResourceLoader.h ('k') | Source/core/loader/cache/CachedResourceRequest.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) 2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de)
3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) 3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org)
4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) 4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org)
5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved. 5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved.
6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ 6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/
7 7
8 This library is free software; you can redistribute it and/or 8 This library is free software; you can redistribute it and/or
9 modify it under the terms of the GNU Library General Public 9 modify it under the terms of the GNU Library General Public
10 License as published by the Free Software Foundation; either 10 License as published by the Free Software Foundation; either
(...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after
140 Frame* CachedResourceLoader::frame() const 140 Frame* CachedResourceLoader::frame() const
141 { 141 {
142 return m_documentLoader ? m_documentLoader->frame() : 0; 142 return m_documentLoader ? m_documentLoader->frame() : 0;
143 } 143 }
144 144
145 CachedResourceHandle<CachedImage> CachedResourceLoader::requestImage(CachedResou rceRequest& request) 145 CachedResourceHandle<CachedImage> CachedResourceLoader::requestImage(CachedResou rceRequest& request)
146 { 146 {
147 if (Frame* f = frame()) { 147 if (Frame* f = frame()) {
148 if (f->loader()->pageDismissalEventBeingDispatched() != FrameLoader::NoD ismissal) { 148 if (f->loader()->pageDismissalEventBeingDispatched() != FrameLoader::NoD ismissal) {
149 KURL requestURL = request.resourceRequest().url(); 149 KURL requestURL = request.resourceRequest().url();
150 if (requestURL.isValid() && canRequest(CachedResource::ImageResource , requestURL)) 150 if (requestURL.isValid() && canRequest(CachedResource::ImageResource , requestURL, CheckContentSecurityPolicy))
151 PingLoader::loadImage(f, requestURL); 151 PingLoader::loadImage(f, requestURL);
152 return 0; 152 return 0;
153 } 153 }
154 } 154 }
155 request.setDefer(clientDefersImage(request.resourceRequest().url()) ? Cached ResourceRequest::DeferredByClient : CachedResourceRequest::NoDefer); 155 request.setDefer(clientDefersImage(request.resourceRequest().url()) ? Cached ResourceRequest::DeferredByClient : CachedResourceRequest::NoDefer);
156 return static_cast<CachedImage*>(requestResource(CachedResource::ImageResour ce, request).get()); 156 return static_cast<CachedImage*>(requestResource(CachedResource::ImageResour ce, request).get());
157 } 157 }
158 158
159 CachedResourceHandle<CachedFont> CachedResourceLoader::requestFont(CachedResourc eRequest& request) 159 CachedResourceHandle<CachedFont> CachedResourceLoader::requestFont(CachedResourc eRequest& request)
160 { 160 {
(...skipping 18 matching lines...) Expand all
179 CachedResourceHandle<CachedCSSStyleSheet> CachedResourceLoader::requestUserCSSSt yleSheet(CachedResourceRequest& request) 179 CachedResourceHandle<CachedCSSStyleSheet> CachedResourceLoader::requestUserCSSSt yleSheet(CachedResourceRequest& request)
180 { 180 {
181 KURL url = MemoryCache::removeFragmentIdentifierIfNeeded(request.resourceReq uest().url()); 181 KURL url = MemoryCache::removeFragmentIdentifierIfNeeded(request.resourceReq uest().url());
182 182
183 if (CachedResource* existing = memoryCache()->resourceForURL(url)) { 183 if (CachedResource* existing = memoryCache()->resourceForURL(url)) {
184 if (existing->type() == CachedResource::CSSStyleSheet) 184 if (existing->type() == CachedResource::CSSStyleSheet)
185 return static_cast<CachedCSSStyleSheet*>(existing); 185 return static_cast<CachedCSSStyleSheet*>(existing);
186 memoryCache()->remove(existing); 186 memoryCache()->remove(existing);
187 } 187 }
188 188
189 request.setOptions(ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, B ufferData, AllowStoredCredentials, ClientRequestedCredentials, AskClientForCross OriginCredentials, SkipSecurityCheck)); 189 request.setOptions(ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, B ufferData, AllowStoredCredentials, ClientRequestedCredentials, AskClientForCross OriginCredentials, SkipSecurityCheck, CheckContentSecurityPolicy));
190 return static_cast<CachedCSSStyleSheet*>(requestResource(CachedResource::CSS StyleSheet, request).get()); 190 return static_cast<CachedCSSStyleSheet*>(requestResource(CachedResource::CSS StyleSheet, request).get());
191 } 191 }
192 192
193 CachedResourceHandle<CachedScript> CachedResourceLoader::requestScript(CachedRes ourceRequest& request) 193 CachedResourceHandle<CachedScript> CachedResourceLoader::requestScript(CachedRes ourceRequest& request)
194 { 194 {
195 return static_cast<CachedScript*>(requestResource(CachedResource::Script, re quest).get()); 195 return static_cast<CachedScript*>(requestResource(CachedResource::Script, re quest).get());
196 } 196 }
197 197
198 CachedResourceHandle<CachedXSLStyleSheet> CachedResourceLoader::requestXSLStyleS heet(CachedResourceRequest& request) 198 CachedResourceHandle<CachedXSLStyleSheet> CachedResourceLoader::requestXSLStyleS heet(CachedResourceRequest& request)
199 { 199 {
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after
254 } 254 }
255 case CachedResource::MainResource: 255 case CachedResource::MainResource:
256 case CachedResource::LinkPrefetch: 256 case CachedResource::LinkPrefetch:
257 case CachedResource::LinkSubresource: 257 case CachedResource::LinkSubresource:
258 // Prefetch cannot affect the current document. 258 // Prefetch cannot affect the current document.
259 break; 259 break;
260 } 260 }
261 return true; 261 return true;
262 } 262 }
263 263
264 bool CachedResourceLoader::canRequest(CachedResource::Type type, const KURL& url , bool forPreload) 264 bool CachedResourceLoader::canRequest(CachedResource::Type type, const KURL& url , ContentSecurityPolicyCheck contentSecurityPolicyCheck, bool forPreload)
265 { 265 {
266 if (document() && !document()->securityOrigin()->canDisplay(url)) { 266 if (document() && !document()->securityOrigin()->canDisplay(url)) {
267 if (!forPreload) 267 if (!forPreload)
268 FrameLoader::reportLocalLoadFailed(frame(), url.elidedString()); 268 FrameLoader::reportLocalLoadFailed(frame(), url.elidedString());
269 LOG(ResourceLoading, "CachedResourceLoader::requestResource URL was not allowed by SecurityOrigin::canDisplay"); 269 LOG(ResourceLoading, "CachedResourceLoader::requestResource URL was not allowed by SecurityOrigin::canDisplay");
270 return 0; 270 return 0;
271 } 271 }
272 272
273 // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved. 273 // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved.
274 bool shouldBypassMainWorldContentSecurityPolicy = (frame() && frame()->scrip t()->shouldBypassMainWorldContentSecurityPolicy()); 274 bool shouldBypassMainWorldContentSecurityPolicy = (frame() && frame()->scrip t()->shouldBypassMainWorldContentSecurityPolicy()) || (contentSecurityPolicyChec k == DoNotCheckContentSecurityPolicy);
275 275
276 // Some types of resources can be loaded only from the same origin. Other 276 // Some types of resources can be loaded only from the same origin. Other
277 // types of resources, like Images, Scripts, and CSS, can be loaded from 277 // types of resources, like Images, Scripts, and CSS, can be loaded from
278 // any URL. 278 // any URL.
279 switch (type) { 279 switch (type) {
280 case CachedResource::MainResource: 280 case CachedResource::MainResource:
281 case CachedResource::ImageResource: 281 case CachedResource::ImageResource:
282 case CachedResource::CSSStyleSheet: 282 case CachedResource::CSSStyleSheet:
283 case CachedResource::Script: 283 case CachedResource::Script:
284 case CachedResource::FontResource: 284 case CachedResource::FontResource:
(...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after
365 KURL url = request.resourceRequest().url(); 365 KURL url = request.resourceRequest().url();
366 366
367 LOG(ResourceLoading, "CachedResourceLoader::requestResource '%s', charset '% s', priority=%d, forPreload=%u", url.elidedString().latin1().data(), request.cha rset().latin1().data(), request.priority(), request.forPreload()); 367 LOG(ResourceLoading, "CachedResourceLoader::requestResource '%s', charset '% s', priority=%d, forPreload=%u", url.elidedString().latin1().data(), request.cha rset().latin1().data(), request.priority(), request.forPreload());
368 368
369 // If only the fragment identifiers differ, it is the same resource. 369 // If only the fragment identifiers differ, it is the same resource.
370 url = MemoryCache::removeFragmentIdentifierIfNeeded(url); 370 url = MemoryCache::removeFragmentIdentifierIfNeeded(url);
371 371
372 if (!url.isValid()) 372 if (!url.isValid())
373 return 0; 373 return 0;
374 374
375 if (!canRequest(type, url, request.forPreload())) 375 if (!canRequest(type, url, request.options().contentSecurityPolicyOption, re quest.forPreload()))
376 return 0; 376 return 0;
377 377
378 if (Frame* f = frame()) 378 if (Frame* f = frame())
379 f->loader()->client()->dispatchWillRequestResource(&request); 379 f->loader()->client()->dispatchWillRequestResource(&request);
380 380
381 if (memoryCache()->disabled()) { 381 if (memoryCache()->disabled()) {
382 DocumentResourceMap::iterator it = m_documentResources.find(url.string() ); 382 DocumentResourceMap::iterator it = m_documentResources.find(url.string() );
383 if (it != m_documentResources.end()) { 383 if (it != m_documentResources.end()) {
384 it->value->setOwningCachedResourceLoader(0); 384 it->value->setOwningCachedResourceLoader(0);
385 m_documentResources.remove(it); 385 m_documentResources.remove(it);
(...skipping 621 matching lines...) Expand 10 before | Expand all | Expand 10 after
1007 info.addMember(m_validatedURLs, "validatedURLs"); 1007 info.addMember(m_validatedURLs, "validatedURLs");
1008 info.addMember(m_preloads, "preloads"); 1008 info.addMember(m_preloads, "preloads");
1009 info.addMember(m_pendingPreloads, "pendingPreloads"); 1009 info.addMember(m_pendingPreloads, "pendingPreloads");
1010 info.addMember(m_garbageCollectDocumentResourcesTimer, "garbageCollectDocume ntResourcesTimer"); 1010 info.addMember(m_garbageCollectDocumentResourcesTimer, "garbageCollectDocume ntResourcesTimer");
1011 // FIXME: m_initiatorMap has pointers to already deleted CachedResources 1011 // FIXME: m_initiatorMap has pointers to already deleted CachedResources
1012 info.ignoreMember(m_initiatorMap); 1012 info.ignoreMember(m_initiatorMap);
1013 } 1013 }
1014 1014
1015 const ResourceLoaderOptions& CachedResourceLoader::defaultCachedResourceOptions( ) 1015 const ResourceLoaderOptions& CachedResourceLoader::defaultCachedResourceOptions( )
1016 { 1016 {
1017 static ResourceLoaderOptions options(SendCallbacks, SniffContent, BufferData , AllowStoredCredentials, ClientRequestedCredentials, AskClientForCrossOriginCre dentials, DoSecurityCheck); 1017 static ResourceLoaderOptions options(SendCallbacks, SniffContent, BufferData , AllowStoredCredentials, ClientRequestedCredentials, AskClientForCrossOriginCre dentials, DoSecurityCheck, CheckContentSecurityPolicy);
1018 return options; 1018 return options;
1019 } 1019 }
1020 1020
1021 } 1021 }
OLDNEW
« Source/core/dom/ScriptElement.cpp ('K') | « Source/core/loader/cache/CachedResourceLoader.h ('k') | Source/core/loader/cache/CachedResourceRequest.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698