void ResourceLoader::didReceiveResponse(const ResourceResponse& r) { ASSERT(!m_reachedTerminalState); // Protect this in this delegate method since the additional processing can do // anything including possibly derefing this; one example of this is Radar 3266216. Ref<ResourceLoader> protect(*this); logResourceResponseSource(m_frame.get(), r.source()); m_response = r; if (FormData* data = m_request.httpBody()) data->removeGeneratedFilesIfNeeded(); if (m_options.sendLoadCallbacks() == SendCallbacks) frameLoader()->notifier().didReceiveResponse(this, m_response); }
void ResourceLoader::didReceiveResponse(const ResourceResponse& r) { ASSERT(!m_reachedTerminalState); // Protect this in this delegate method since the additional processing can do // anything including possibly derefing this; one example of this is Radar 3266216. Ref<ResourceLoader> protectedThis(*this); logResourceResponseSource(m_frame.get(), r.source()); m_response = r; if (m_response.isHttpVersion0_9()) { auto url = m_response.url(); // Non-HTTP responses are interpreted as HTTP/0.9 which may allow exfiltration of data // from non-HTTP services. Therefore cancel if the document was loaded with different // HTTP version or if the resource request was to a non-default port. if (!m_documentLoader->response().isHttpVersion0_9()) { String message = "Cancelled resource load from '" + url.string() + "' because it is using HTTP/0.9 and the document was loaded with a different HTTP version."; m_frame->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, message, identifier()); ResourceError error(emptyString(), 0, url, message); didFail(error); return; } if (!isDefaultPortForProtocol(url.port(), url.protocol())) { String message = "Cancelled resource load from '" + url.string() + "' because it is using HTTP/0.9 on a non-default port."; m_frame->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, message, identifier()); ResourceError error(emptyString(), 0, url, message); didFail(error); return; } String message = "Sandboxing '" + m_response.url().string() + "' because it is using HTTP/0.9."; m_frame->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, message, m_identifier); frameLoader()->forceSandboxFlags(SandboxScripts | SandboxPlugins); } if (FormData* data = m_request.httpBody()) data->removeGeneratedFilesIfNeeded(); if (m_options.sendLoadCallbacks() == SendCallbacks) frameLoader()->notifier().didReceiveResponse(this, m_response); }
void ResourceLoader::didReceiveResponse(const ResourceResponse& r) { ASSERT(!m_reachedTerminalState); // Protect this in this delegate method since the additional processing can do // anything including possibly derefing this; one example of this is Radar 3266216. Ref<ResourceLoader> protect(*this); logResourceResponseSource(m_frame.get(), r.source()); m_response = r; if (m_response.isHttpVersion0_9()) { String message = "Sandboxing '" + m_response.url().string() + "' because it is using HTTP/0.9."; m_frame->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, message, m_identifier); frameLoader()->forceSandboxFlags(SandboxScripts | SandboxPlugins); } if (FormData* data = m_request.httpBody()) data->removeGeneratedFilesIfNeeded(); if (m_options.sendLoadCallbacks() == SendCallbacks) frameLoader()->notifier().didReceiveResponse(this, m_response); }