Index: Source/core/loader/cache/CachedResourceLoader.cpp |
diff --git a/Source/core/loader/cache/CachedResourceLoader.cpp b/Source/core/loader/cache/CachedResourceLoader.cpp |
index 719dd753d8073077b3de4c858bbb0d4c1f1b3af7..94e6eaec5a204fb074a23e758fb97515085eb31d 100644 |
--- a/Source/core/loader/cache/CachedResourceLoader.cpp |
+++ b/Source/core/loader/cache/CachedResourceLoader.cpp |
@@ -147,7 +147,7 @@ CachedResourceHandle<CachedImage> CachedResourceLoader::requestImage(CachedResou |
if (Frame* f = frame()) { |
if (f->loader()->pageDismissalEventBeingDispatched() != FrameLoader::NoDismissal) { |
KURL requestURL = request.resourceRequest().url(); |
- if (requestURL.isValid() && canRequest(CachedResource::ImageResource, requestURL)) |
+ if (requestURL.isValid() && canRequest(CachedResource::ImageResource, requestURL, CheckContentSecurityPolicy)) |
PingLoader::loadImage(f, requestURL); |
return 0; |
} |
@@ -186,7 +186,7 @@ CachedResourceHandle<CachedCSSStyleSheet> CachedResourceLoader::requestUserCSSSt |
memoryCache()->remove(existing); |
} |
- request.setOptions(ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, BufferData, AllowStoredCredentials, ClientRequestedCredentials, AskClientForCrossOriginCredentials, SkipSecurityCheck)); |
+ request.setOptions(ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, BufferData, AllowStoredCredentials, ClientRequestedCredentials, AskClientForCrossOriginCredentials, SkipSecurityCheck, CheckContentSecurityPolicy)); |
return static_cast<CachedCSSStyleSheet*>(requestResource(CachedResource::CSSStyleSheet, request).get()); |
} |
@@ -261,7 +261,7 @@ bool CachedResourceLoader::checkInsecureContent(CachedResource::Type type, const |
return true; |
} |
-bool CachedResourceLoader::canRequest(CachedResource::Type type, const KURL& url, bool forPreload) |
+bool CachedResourceLoader::canRequest(CachedResource::Type type, const KURL& url, ContentSecurityPolicyCheck contentSecurityPolicyCheck, bool forPreload) |
{ |
if (document() && !document()->securityOrigin()->canDisplay(url)) { |
if (!forPreload) |
@@ -271,7 +271,7 @@ bool CachedResourceLoader::canRequest(CachedResource::Type type, const KURL& url |
} |
// FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved. |
- bool shouldBypassMainWorldContentSecurityPolicy = (frame() && frame()->script()->shouldBypassMainWorldContentSecurityPolicy()); |
+ bool shouldBypassMainWorldContentSecurityPolicy = (frame() && frame()->script()->shouldBypassMainWorldContentSecurityPolicy()) || (contentSecurityPolicyCheck == DoNotCheckContentSecurityPolicy); |
// Some types of resources can be loaded only from the same origin. Other |
// types of resources, like Images, Scripts, and CSS, can be loaded from |
@@ -372,7 +372,7 @@ CachedResourceHandle<CachedResource> CachedResourceLoader::requestResource(Cache |
if (!url.isValid()) |
return 0; |
- if (!canRequest(type, url, request.forPreload())) |
+ if (!canRequest(type, url, request.options().contentSecurityPolicyOption, request.forPreload())) |
return 0; |
if (Frame* f = frame()) |
@@ -1014,7 +1014,7 @@ void CachedResourceLoader::reportMemoryUsage(MemoryObjectInfo* memoryObjectInfo) |
const ResourceLoaderOptions& CachedResourceLoader::defaultCachedResourceOptions() |
{ |
- static ResourceLoaderOptions options(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, ClientRequestedCredentials, AskClientForCrossOriginCredentials, DoSecurityCheck); |
+ static ResourceLoaderOptions options(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, ClientRequestedCredentials, AskClientForCrossOriginCredentials, DoSecurityCheck, CheckContentSecurityPolicy); |
return options; |
} |