void MainResourceLoader::didReceiveResponse(const ResourceResponse& r)
{
if (documentLoader()->applicationCacheHost()->maybeLoadFallbackForMainResponse(request(), r))
return;
HTTPHeaderMap::const_iterator it = r.httpHeaderFields().find(AtomicString("x-frame-options"));
if (it != r.httpHeaderFields().end()) {
String content = it->value;
if (m_frame->loader()->shouldInterruptLoadForXFrameOptions(content, r.url())) {
InspectorInstrumentation::continueAfterXFrameOptionsDenied(m_frame.get(), documentLoader(), identifier(), r);
DEFINE_STATIC_LOCAL(String, consoleMessage, (ASCIILiteral("Refused to display document because display forbidden by X-Frame-Options.\n")));
m_frame->document()->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage);
cancel();
return;
}
}
// There is a bug in CFNetwork where callbacks can be dispatched even when loads are deferred.
// See <rdar://problem/6304600> for more details.
#if !USE(CF)
ASSERT(shouldLoadAsEmptyDocument(r.url()) || !defersLoading());
#endif
if (m_loadingMultipartContent) {
m_documentLoader->setupForReplace();
clearResourceData();
}
if (r.isMultipart())
m_loadingMultipartContent = true;
// The additional processing can do anything including possibly removing the last
// reference to this object; one example of this is 3266216.
RefPtr<MainResourceLoader> protect(this);
m_documentLoader->setResponse(r);
m_response = r;
ASSERT(!m_waitingForContentPolicy);
m_waitingForContentPolicy = true;
ref(); // balanced by deref in continueAfterContentPolicy and didCancel
ASSERT(frameLoader()->activeDocumentLoader());
// Always show content with valid substitute data.
if (frameLoader()->activeDocumentLoader()->substituteData().isValid()) {
callContinueAfterContentPolicy(this, PolicyUse);
return;
}
#if ENABLE(FTPDIR)
// Respect the hidden FTP Directory Listing pref so it can be tested even if the policy delegate might otherwise disallow it
Settings* settings = m_frame->settings();
if (settings && settings->forceFTPDirectoryListings() && m_response.mimeType() == "application/x-ftp-directory") {
callContinueAfterContentPolicy(this, PolicyUse);
return;
}
#endif
#if PLATFORM(MAC) && !PLATFORM(IOS) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 1080
if (r.url().protocolIs("https") && wkFilterIsManagedSession())
m_filter = wkFilterCreateInstance(r.nsURLResponse());
#endif
frameLoader()->policyChecker()->checkContentPolicy(m_response, callContinueAfterContentPolicy, this);
}
void MainResourceLoader::responseReceived(CachedResource* resource, const ResourceResponse& r)
{
ASSERT_UNUSED(resource, m_resource == resource);
if (documentLoader()->applicationCacheHost()->maybeLoadFallbackForMainResponse(request(), r))
return;
DEFINE_STATIC_LOCAL(AtomicString, xFrameOptionHeader, ("x-frame-options", AtomicString::ConstructFromLiteral));
HTTPHeaderMap::const_iterator it = r.httpHeaderFields().find(xFrameOptionHeader);
if (it != r.httpHeaderFields().end()) {
String content = it->value;
if (frameLoader()->shouldInterruptLoadForXFrameOptions(content, r.url(), identifier())) {
InspectorInstrumentation::continueAfterXFrameOptionsDenied(m_documentLoader->frame(), documentLoader(), identifier(), r);
String message = "Refused to display '" + r.url().string() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'.";
m_documentLoader->frame()->document()->addConsoleMessage(JSMessageSource, ErrorMessageLevel, message, identifier());
cancel();
return;
}
}
// There is a bug in CFNetwork where callbacks can be dispatched even when loads are deferred.
// See <rdar://problem/6304600> for more details.
#if !USE(CF)
ASSERT(!defersLoading());
#endif
if (m_loadingMultipartContent) {
m_documentLoader->setupForReplace();
m_resource->clear();
}
if (r.isMultipart())
m_loadingMultipartContent = true;
// The additional processing can do anything including possibly removing the last
// reference to this object; one example of this is 3266216.
RefPtr<MainResourceLoader> protect(this);
m_documentLoader->setResponse(r);
m_response = r;
if (!loader())
frameLoader()->notifier()->dispatchDidReceiveResponse(documentLoader(), identifier(), m_response, 0);
ASSERT(!m_waitingForContentPolicy);
m_waitingForContentPolicy = true;
ref(); // balanced by deref in continueAfterContentPolicy and cancel
// Always show content with valid substitute data.
if (m_documentLoader->substituteData().isValid()) {
callContinueAfterContentPolicy(this, PolicyUse);
return;
}
#if ENABLE(FTPDIR)
// Respect the hidden FTP Directory Listing pref so it can be tested even if the policy delegate might otherwise disallow it
Settings* settings = m_documentLoader->frame()->settings();
if (settings && settings->forceFTPDirectoryListings() && m_response.mimeType() == "application/x-ftp-directory") {
callContinueAfterContentPolicy(this, PolicyUse);
return;
}
#endif
#if USE(CONTENT_FILTERING)
if (r.url().protocolIs("https") && wkFilterIsManagedSession())
m_filter = wkFilterCreateInstance(r.nsURLResponse());
#endif
frameLoader()->policyChecker()->checkContentPolicy(m_response, callContinueAfterContentPolicy, this);
}