X-Frame-Options: Blocked resources should fire load events.
authormkwst@chromium.org <mkwst@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 28 Mar 2013 21:56:07 +0000 (21:56 +0000)
committermkwst@chromium.org <mkwst@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 28 Mar 2013 21:56:07 +0000 (21:56 +0000)
commitc2e7f98b47d491532d25632b0408919f6aec09f9
tree6688516ba52db926af67760227d5fc48f365d356
parent49f338c27d8f301a9b6145a77e9cf29f18e58843
X-Frame-Options: Blocked resources should fire load events.
https://bugs.webkit.org/show_bug.cgi?id=113192

Reviewed by Nate Chapin.

Source/WebCore:

* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::responseReceived):
    Fire a load event on the frame's owner element when denying access
    due to X-Frame-Options header content. This brings us in-line with
    Gecko and IE, which both trigger load events currently.

LayoutTests:

* http/tests/security/XFrameOptions/x-frame-options-deny-expected.txt:
* http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-allow-expected.txt:
* http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-allow.html:
* http/tests/security/XFrameOptions/x-frame-options-deny-multiple-clients-expected.txt:
* http/tests/security/XFrameOptions/x-frame-options-deny-multiple-clients.html:
* http/tests/security/XFrameOptions/x-frame-options-deny.html:
* http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny-expected.txt:
* http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny.html:
* platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-expected.txt:
* platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-allow-expected.txt:
* platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-multiple-clients-expected.txt:
* platform/chromium/http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny-expected.txt:
    Add some expectations around the 'load' event to ensure it's fired.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@147164 268f45cc-cd09-0410-ab3c-d52691b4dbfc
15 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-expected.txt
LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-allow-expected.txt
LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-allow.html
LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-multiple-clients-expected.txt
LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-multiple-clients.html
LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny.html
LayoutTests/http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny-expected.txt
LayoutTests/http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny.html
LayoutTests/platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-expected.txt
LayoutTests/platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-allow-expected.txt
LayoutTests/platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-multiple-clients-expected.txt
LayoutTests/platform/chromium/http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny-expected.txt
Source/WebCore/ChangeLog
Source/WebCore/loader/DocumentLoader.cpp