'X-Frame-Options: SAMEORIGIN' should check all ancestor frames.
Currently, XFO performs a same origin check only against the top-level
frame in a document's ancestor chain. As lcamtuf notes in [1], "Any site
that allows a rogue ad to be displayed in an IFRAME; or that frames
third-party content for other reasons (e.g., iGoogle, Image Search
results, Facebook gadgets), is effectively not protected, because the
framed content from evil.com can load and arbitrarily decorate any page
in the same origin as the top-level window, and entice the user to
interact with it."
This patch adjusts Blink's behavior to check each of a document's
ancestors, and blocks the load if any aren't same-origin with the
document being loaded.
[1]: https://bugzilla.mozilla.org/show_bug.cgi?id=725490
BUG=250309
Review URL: https://chromiumcodereview.appspot.com/20822002
git-svn-id: svn://svn.chromium.org/blink/trunk@158466 bbb929c8-8fbe-4397-9dbb-9b2b20218538
4 files changed
