本文整理汇总了C++中SecurityOrigin::canDisplay方法的典型用法代码示例。如果您正苦于以下问题:C++ SecurityOrigin::canDisplay方法的具体用法?C++ SecurityOrigin::canDisplay怎么用?C++ SecurityOrigin::canDisplay使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类SecurityOrigin的用法示例。
在下文中一共展示了SecurityOrigin::canDisplay方法的2个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: WTF_LOG
ResourceRequestBlockedReason FrameFetchContext::canRequestInternal(Resource::Type type, const ResourceRequest& resourceRequest, const KURL& url, const ResourceLoaderOptions& options, bool forPreload, FetchRequest::OriginRestriction originRestriction, ResourceRequest::RedirectStatus redirectStatus) const
{
if (InspectorInstrumentation::shouldBlockRequest(frame(), resourceRequest))
return ResourceRequestBlockedReasonInspector;
SecurityOrigin* securityOrigin = options.securityOrigin.get();
if (!securityOrigin && m_document)
securityOrigin = m_document->getSecurityOrigin();
if (originRestriction != FetchRequest::NoOriginRestriction && securityOrigin && !securityOrigin->canDisplay(url)) {
if (!forPreload)
FrameLoader::reportLocalLoadFailed(frame(), url.elidedString());
WTF_LOG(ResourceLoading, "ResourceFetcher::requestResource URL was not allowed by SecurityOrigin::canDisplay");
return ResourceRequestBlockedReasonOther;
}
// Some types of resources can be loaded only from the same origin. Other
// types of resources, like Images, Scripts, and CSS, can be loaded from
// any URL.
switch (type) {
case Resource::MainResource:
case Resource::Image:
case Resource::CSSStyleSheet:
case Resource::Script:
case Resource::Font:
case Resource::Raw:
case Resource::LinkPrefetch:
case Resource::LinkPreload:
case Resource::TextTrack:
case Resource::ImportResource:
case Resource::Media:
case Resource::Manifest:
// By default these types of resources can be loaded from any origin.
// FIXME: Are we sure about Resource::Font?
if (originRestriction == FetchRequest::RestrictToSameOrigin && !securityOrigin->canRequest(url)) {
printAccessDeniedMessage(url);
return ResourceRequestBlockedReasonOrigin;
}
break;
case Resource::XSLStyleSheet:
ASSERT(RuntimeEnabledFeatures::xsltEnabled());
case Resource::SVGDocument:
if (!securityOrigin->canRequest(url)) {
printAccessDeniedMessage(url);
return ResourceRequestBlockedReasonOrigin;
}
break;
}
// FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved.
bool shouldBypassMainWorldCSP = frame()->script().shouldBypassMainWorldCSP() || options.contentSecurityPolicyOption == DoNotCheckContentSecurityPolicy;
// Don't send CSP messages for preloads, we might never actually display those items.
ContentSecurityPolicy::ReportingStatus cspReporting = forPreload ?
ContentSecurityPolicy::SuppressReport : ContentSecurityPolicy::SendReport;
if (m_document) {
DCHECK(m_document->contentSecurityPolicy());
if (!shouldBypassMainWorldCSP && !m_document->contentSecurityPolicy()->allowRequest(resourceRequest.requestContext(), url, options.contentSecurityPolicyNonce, redirectStatus, cspReporting))
return ResourceRequestBlockedReasonCSP;
}
if (type == Resource::Script || type == Resource::ImportResource) {
ASSERT(frame());
if (!frame()->loader().client()->allowScriptFromSource(!frame()->settings() || frame()->settings()->scriptEnabled(), url)) {
frame()->loader().client()->didNotAllowScript();
// TODO(estark): Use a different ResourceRequestBlockedReason
// here, since this check has nothing to do with
// CSP. https://crbug.com/600795
return ResourceRequestBlockedReasonCSP;
}
} else if (type == Resource::Media || type == Resource::TextTrack) {
ASSERT(frame());
if (!frame()->loader().client()->allowMedia(url))
return ResourceRequestBlockedReasonOther;
}
// SVG Images have unique security rules that prevent all subresource requests
// except for data urls.
if (type != Resource::MainResource && frame()->chromeClient().isSVGImageChromeClient() && !url.protocolIsData())
return ResourceRequestBlockedReasonOrigin;
// Measure the number of legacy URL schemes ('ftp://') and the number of embedded-credential
// ('http://user:[email protected]') resources embedded as subresources. in the hopes that we can
// block them at some point in the future.
if (resourceRequest.frameType() != WebURLRequest::FrameTypeTopLevel) {
ASSERT(frame()->document());
if (SchemeRegistry::shouldTreatURLSchemeAsLegacy(url.protocol()) && !SchemeRegistry::shouldTreatURLSchemeAsLegacy(frame()->document()->getSecurityOrigin()->protocol()))
UseCounter::count(frame()->document(), UseCounter::LegacyProtocolEmbeddedAsSubresource);
if (!url.user().isEmpty() || !url.pass().isEmpty())
UseCounter::count(frame()->document(), UseCounter::RequestedSubresourceWithEmbeddedCredentials);
}
// Check for mixed content. We do this second-to-last so that when folks block
// mixed content with a CSP policy, they don't get a warning. They'll still
// get a warning in the console about CSP blocking the load.
MixedContentChecker::ReportingStatus mixedContentReporting = forPreload ?
MixedContentChecker::SuppressReport : MixedContentChecker::SendReport;
if (MixedContentChecker::shouldBlockFetch(frame(), resourceRequest, url, mixedContentReporting))
return ResourceRequestBlockedReasonMixedContent;
//.........这里部分代码省略.........
示例2: WTF_LOG
ResourceRequestBlockedReason FrameFetchContext::canRequestInternal(Resource::Type type, const ResourceRequest& resourceRequest, const KURL& url, const ResourceLoaderOptions& options, bool forPreload, FetchRequest::OriginRestriction originRestriction) const
{
InstrumentingAgents* agents = InspectorInstrumentation::instrumentingAgentsFor(frame());
if (agents && agents->inspectorResourceAgent()) {
if (agents->inspectorResourceAgent()->shouldBlockRequest(resourceRequest))
return ResourceRequestBlockedReasonInspector;
}
SecurityOrigin* securityOrigin = options.securityOrigin.get();
if (!securityOrigin && m_document)
securityOrigin = m_document->securityOrigin();
if (originRestriction != FetchRequest::NoOriginRestriction && securityOrigin && !securityOrigin->canDisplay(url)) {
if (!forPreload)
FrameLoader::reportLocalLoadFailed(frame(), url.elidedString());
WTF_LOG(ResourceLoading, "ResourceFetcher::requestResource URL was not allowed by SecurityOrigin::canDisplay");
return ResourceRequestBlockedReasonOther;
}
// Some types of resources can be loaded only from the same origin. Other
// types of resources, like Images, Scripts, and CSS, can be loaded from
// any URL.
switch (type) {
case Resource::MainResource:
case Resource::Image:
case Resource::CSSStyleSheet:
case Resource::Script:
case Resource::Font:
case Resource::Raw:
case Resource::LinkPrefetch:
case Resource::LinkSubresource:
case Resource::LinkPreload:
case Resource::TextTrack:
case Resource::ImportResource:
case Resource::Media:
// By default these types of resources can be loaded from any origin.
// FIXME: Are we sure about Resource::Font?
if (originRestriction == FetchRequest::RestrictToSameOrigin && !securityOrigin->canRequest(url)) {
printAccessDeniedMessage(url);
return ResourceRequestBlockedReasonOrigin;
}
break;
case Resource::XSLStyleSheet:
ASSERT(RuntimeEnabledFeatures::xsltEnabled());
case Resource::SVGDocument:
if (!securityOrigin->canRequest(url)) {
printAccessDeniedMessage(url);
return ResourceRequestBlockedReasonOrigin;
}
break;
}
// FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved.
bool shouldBypassMainWorldCSP = frame()->script().shouldBypassMainWorldCSP() || options.contentSecurityPolicyOption == DoNotCheckContentSecurityPolicy;
// Don't send CSP messages for preloads, we might never actually display those items.
ContentSecurityPolicy::ReportingStatus cspReporting = forPreload ?
ContentSecurityPolicy::SuppressReport : ContentSecurityPolicy::SendReport;
// As of CSP2, for requests that are the results of redirects, the match
// algorithm should ignore the path component of the URL.
ContentSecurityPolicy::RedirectStatus redirectStatus = resourceRequest.followedRedirect() ? ContentSecurityPolicy::DidRedirect : ContentSecurityPolicy::DidNotRedirect;
// m_document can be null, but not in any of the cases where csp is actually used below.
// ImageResourceTest.MultipartImage crashes w/o the m_document null check.
// I believe it's the Resource::Raw case.
const ContentSecurityPolicy* csp = m_document ? m_document->contentSecurityPolicy() : nullptr;
// FIXME: This would be cleaner if moved this switch into an allowFromSource()
// helper on this object which took a Resource::Type, then this block would
// collapse to about 10 lines for handling Raw and Script special cases.
switch (type) {
case Resource::XSLStyleSheet:
ASSERT(RuntimeEnabledFeatures::xsltEnabled());
ASSERT(ContentSecurityPolicy::isScriptResource(resourceRequest));
if (!shouldBypassMainWorldCSP && !csp->allowScriptFromSource(url, redirectStatus, cspReporting))
return ResourceRequestBlockedReasonCSP;
break;
case Resource::Script:
case Resource::ImportResource:
ASSERT(ContentSecurityPolicy::isScriptResource(resourceRequest));
if (!shouldBypassMainWorldCSP && !csp->allowScriptFromSource(url, redirectStatus, cspReporting))
return ResourceRequestBlockedReasonCSP;
if (!frame()->loader().client()->allowScriptFromSource(!frame()->settings() || frame()->settings()->scriptEnabled(), url)) {
frame()->loader().client()->didNotAllowScript();
return ResourceRequestBlockedReasonCSP;
}
break;
case Resource::CSSStyleSheet:
ASSERT(ContentSecurityPolicy::isStyleResource(resourceRequest));
if (!shouldBypassMainWorldCSP && !csp->allowStyleFromSource(url, redirectStatus, cspReporting))
return ResourceRequestBlockedReasonCSP;
break;
case Resource::SVGDocument:
case Resource::Image:
ASSERT(ContentSecurityPolicy::isImageResource(resourceRequest));
if (!shouldBypassMainWorldCSP && !csp->allowImageFromSource(url, redirectStatus, cspReporting))
return ResourceRequestBlockedReasonCSP;
break;
//.........这里部分代码省略.........