SandboxFlags DocumentInit::getSandboxFlags() const { DCHECK(frameForSecurityContext()); FrameLoader* loader = &frameForSecurityContext()->loader(); SandboxFlags flags = loader->effectiveSandboxFlags(); // If the load was blocked by X-Frame-Options or CSP, force the Document's // origin to be unique, so that the blocked document appears to be a normal // cross-origin document's load per CSP spec: // https://www.w3.org/TR/CSP2/#directive-frame-ancestors if (loader->documentLoader() && loader->documentLoader()->wasBlockedAfterXFrameOptionsOrCSP()) flags |= SandboxOrigin; return flags; }
bool DocumentInit::isHostedInReservedIPRange() const { if (LocalFrame* frame = frameForSecurityContext()) { if (DocumentLoader* loader = frame->loader().provisionalDocumentLoader() ? frame->loader().provisionalDocumentLoader() : frame->loader().documentLoader()) { if (!loader->response().remoteIPAddress().isEmpty()) return Platform::current()->isReservedIPAddress(loader->response().remoteIPAddress()); } } return false; }
bool DocumentInit::shouldSetURL() const { LocalFrame* frame = frameForSecurityContext(); return (frame && frame->owner()) || !m_url.isEmpty(); }
Settings* DocumentInit::settings() const { ASSERT(frameForSecurityContext()); return frameForSecurityContext()->settings(); }
SecurityContext::InsecureNavigationsSet* DocumentInit::insecureNavigationsToUpgrade() const { ASSERT(frameForSecurityContext()); return frameForSecurityContext()->loader().insecureNavigationsToUpgrade(); }
SecurityContext::InsecureRequestsPolicy DocumentInit::insecureRequestsPolicy() const { ASSERT(frameForSecurityContext()); return frameForSecurityContext()->loader().insecureRequestsPolicy(); }
bool DocumentInit::shouldEnforceStrictMixedContentChecking() const { ASSERT(frameForSecurityContext()); return frameForSecurityContext()->loader().shouldEnforceStrictMixedContentChecking(); }
SandboxFlags DocumentInit::sandboxFlags() const { ASSERT(frameForSecurityContext()); return frameForSecurityContext()->loader().effectiveSandboxFlags(); }
WebInsecureRequestPolicy DocumentInit::getInsecureRequestPolicy() const { DCHECK(frameForSecurityContext()); return frameForSecurityContext()->loader().getInsecureRequestPolicy(); }