Google Git
Sign in
webkit / WebKit / bcbaacaca28327dcc3b6bd3fe70a09a0d8503954^! / . / Source / WebCore / loader / DocumentThreadableLoader.cpp
commitbcbaacaca28327dcc3b6bd3fe70a09a0d8503954[log] [tgz]
authorwilander@apple.com <wilander@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Fri Jul 22 00:44:27 2016 +0000
committerwilander@apple.com <wilander@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Fri Jul 22 00:44:27 2016 +0000
tree6ebc1995118af408a694364da864c99aa47c8416
parentc95a501b05271be73d75090420bf975c0f3b8343 [diff] [blame]
Block mixed content synchronous XHR
https://bugs.webkit.org/show_bug.cgi?id=105462
<rdar://problem/13666424>

Reviewed by Brent Fulgham.

Source/WebCore:

Test: http/tests/security/mixedContent/insecure-xhr-sync-in-main-frame.html

* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::loadRequest):

LayoutTests:

* http/tests/security/mixedContent/insecure-xhr-sync-in-main-frame-expected.txt: Added.
* http/tests/security/mixedContent/insecure-xhr-sync-in-main-frame.html: Added.
* http/tests/security/mixedContent/resources/insecure-xhr-sync-in-main-frame-window.html: Added.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@203542 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/WebCore/loader/DocumentThreadableLoader.cpp b/Source/WebCore/loader/DocumentThreadableLoader.cpp
index 16f3ad6..b38cec3 100644
--- a/Source/WebCore/loader/DocumentThreadableLoader.cpp
+++ b/Source/WebCore/loader/DocumentThreadableLoader.cpp

@@ -375,8 +375,12 @@
     ResourceError error;
     ResourceResponse response;
     unsigned long identifier = std::numeric_limits<unsigned long>::max();
-    if (m_document.frame())
-        identifier = m_document.frame()->loader().loadResourceSynchronously(request, m_options.allowCredentials(), m_options.clientCredentialPolicy(), error, response, data);
+    if (m_document.frame()) {
+        auto& frameLoader = m_document.frame()->loader();
+        if (!frameLoader.mixedContentChecker().canRunInsecureContent(m_document.securityOrigin(), requestURL))
+            return;
+        identifier = frameLoader.loadResourceSynchronously(request, m_options.allowCredentials(), m_options.clientCredentialPolicy(), error, response, data);
+    }
 
     if (!error.isNull() && response.httpStatusCode() <= 0) {
         if (requestURL.isLocalFile()) {