void DocumentLoader::willSendRequest(ResourceRequest& newRequest, const ResourceResponse& redirectResponse) { // Note that there are no asserts here as there are for the other callbacks. This is due to the // fact that this "callback" is sent when starting every load, and the state of callback // deferrals plays less of a part in this function in preventing the bad behavior deferring // callbacks is meant to prevent. ASSERT(!newRequest.isNull()); if (isFormSubmission(m_triggeringAction.type()) && !m_frame->document()->contentSecurityPolicy()->allowFormAction(newRequest.url())) { cancelMainResourceLoad(ResourceError::cancelledError(newRequest.url())); return; } ASSERT(timing()->fetchStart()); if (!redirectResponse.isNull()) { // If the redirecting url is not allowed to display content from the target origin, // then block the redirect. RefPtr<SecurityOrigin> redirectingOrigin = SecurityOrigin::create(redirectResponse.url()); if (!redirectingOrigin->canDisplay(newRequest.url())) { FrameLoader::reportLocalLoadFailed(m_frame, newRequest.url().string()); cancelMainResourceLoad(ResourceError::cancelledError(newRequest.url())); return; } timing()->addRedirect(redirectResponse.url(), newRequest.url()); } // Update cookie policy base URL as URL changes, except for subframes, which use the // URL of the main frame which doesn't change when we redirect. if (frameLoader()->isLoadingMainFrame()) newRequest.setFirstPartyForCookies(newRequest.url()); // If we're fielding a redirect in response to a POST, force a load from origin, since // this is a common site technique to return to a page viewing some data that the POST // just modified. if (newRequest.cachePolicy() == UseProtocolCachePolicy && isRedirectAfterPost(newRequest, redirectResponse)) newRequest.setCachePolicy(ReloadIgnoringCacheData); // If this is a sub-frame, check for mixed content blocking against the top frame. if (m_frame->tree().parent()) { LocalFrame* top = m_frame->tree().top(); if (!top->loader().mixedContentChecker()->canRunInsecureContent(top->document()->securityOrigin(), newRequest.url())) { cancelMainResourceLoad(ResourceError::cancelledError(newRequest.url())); return; } } m_request = newRequest; if (redirectResponse.isNull()) return; appendRedirect(newRequest.url()); frameLoader()->client()->dispatchDidReceiveServerRedirectForProvisionalLoad(); if (!shouldContinueForNavigationPolicy(newRequest)) cancelMainResourceLoad(ResourceError::cancelledError(m_request.url())); }
void DocumentLoader::willSendRequest(ResourceRequest& newRequest, const ResourceResponse& redirectResponse) { // Note that there are no asserts here as there are for the other callbacks. This is due to the // fact that this "callback" is sent when starting every load, and the state of callback // deferrals plays less of a part in this function in preventing the bad behavior deferring // callbacks is meant to prevent. ASSERT(!newRequest.isNull()); if (isFormSubmission(m_navigationType) && !m_frame->document()->contentSecurityPolicy()->allowFormAction(newRequest.url())) { cancelMainResourceLoad(ResourceError::cancelledError(newRequest.url())); return; } ASSERT(timing()->fetchStart()); if (!redirectResponse.isNull()) { // If the redirecting url is not allowed to display content from the target origin, // then block the redirect. RefPtr<SecurityOrigin> redirectingOrigin = SecurityOrigin::create(redirectResponse.url()); if (!redirectingOrigin->canDisplay(newRequest.url())) { FrameLoader::reportLocalLoadFailed(m_frame, newRequest.url().string()); cancelMainResourceLoad(ResourceError::cancelledError(newRequest.url())); return; } timing()->addRedirect(redirectResponse.url(), newRequest.url()); } // If we're fielding a redirect in response to a POST, force a load from origin, since // this is a common site technique to return to a page viewing some data that the POST // just modified. if (newRequest.cachePolicy() == UseProtocolCachePolicy && isRedirectAfterPost(newRequest, redirectResponse)) newRequest.setCachePolicy(ReloadBypassingCache); m_request = newRequest; if (redirectResponse.isNull()) return; appendRedirect(newRequest.url()); frameLoader()->client()->dispatchDidReceiveServerRedirectForProvisionalLoad(); if (!shouldContinueForNavigationPolicy(newRequest, CheckContentSecurityPolicy)) cancelMainResourceLoad(ResourceError::cancelledError(m_request.url())); }