Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(579)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/fetch/ResourceFetcher.cpp

Issue 1016373002: Perform CORS access checks on Beacon redirects. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: rebased + add mixed content test Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Source/core/fetch/CrossOriginAccessControl.cpp ('k') | Source/core/loader/BeaconLoader.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) 2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de)
3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) 3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org)
4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) 4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org)
5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved. 5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved.
6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ 6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/
7 7
8 This library is free software; you can redistribute it and/or 8 This library is free software; you can redistribute it and/or
9 modify it under the terms of the GNU Library General Public 9 modify it under the terms of the GNU Library General Public
10 License as published by the Free Software Foundation; either 10 License as published by the Free Software Foundation; either
(...skipping 1141 matching lines...) Expand 10 before | Expand all | Expand 10 after
1152 bool ResourceFetcher::canAccessRedirect(Resource* resource, ResourceRequest& req uest, const ResourceResponse& redirectResponse, ResourceLoaderOptions& options) 1152 bool ResourceFetcher::canAccessRedirect(Resource* resource, ResourceRequest& req uest, const ResourceResponse& redirectResponse, ResourceLoaderOptions& options)
1153 { 1153 {
1154 if (!context().canRequest(resource->type(), request, request.url(), options, resource->isUnusedPreload(), FetchRequest::UseDefaultOriginRestrictionForType)) 1154 if (!context().canRequest(resource->type(), request, request.url(), options, resource->isUnusedPreload(), FetchRequest::UseDefaultOriginRestrictionForType))
1155 return false; 1155 return false;
1156 if (options.corsEnabled == IsCORSEnabled) { 1156 if (options.corsEnabled == IsCORSEnabled) {
1157 SecurityOrigin* sourceOrigin = options.securityOrigin.get(); 1157 SecurityOrigin* sourceOrigin = options.securityOrigin.get();
1158 if (!sourceOrigin) 1158 if (!sourceOrigin)
1159 sourceOrigin = context().securityOrigin(); 1159 sourceOrigin = context().securityOrigin();
1160 1160
1161 String errorMessage; 1161 String errorMessage;
1162 if (!CrossOriginAccessControl::handleRedirect(resource, sourceOrigin, re quest, redirectResponse, options, errorMessage)) { 1162 StoredCredentials withCredentials = resource->lastResourceRequest().allo wStoredCredentials() ? AllowStoredCredentials : DoNotAllowStoredCredentials;
1163 if (!CrossOriginAccessControl::handleRedirect(sourceOrigin, request, red irectResponse, withCredentials, options, errorMessage)) {
1163 if (resource->type() == Resource::Font) 1164 if (resource->type() == Resource::Font)
1164 toFontResource(resource)->setCORSFailed(); 1165 toFontResource(resource)->setCORSFailed();
1165 context().addConsoleMessage(errorMessage); 1166 context().addConsoleMessage(errorMessage);
1166 return false; 1167 return false;
1167 } 1168 }
1168 } 1169 }
1169 if (resource->type() == Resource::Image && shouldDeferImageLoad(request.url( ))) 1170 if (resource->type() == Resource::Image && shouldDeferImageLoad(request.url( )))
1170 return false; 1171 return false;
1171 return true; 1172 return true;
1172 } 1173 }
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after
1288 ResourceLoaderHost::trace(visitor); 1289 ResourceLoaderHost::trace(visitor);
1289 } 1290 }
1290 1291
1291 ResourceFetcher* ResourceFetcher::toResourceFetcher(ResourceLoaderHost* host) 1292 ResourceFetcher* ResourceFetcher::toResourceFetcher(ResourceLoaderHost* host)
1292 { 1293 {
1293 ASSERT(host->objectType() == ResourceLoaderHost::ResourceFetcherType); 1294 ASSERT(host->objectType() == ResourceLoaderHost::ResourceFetcherType);
1294 return static_cast<ResourceFetcher*>(host); 1295 return static_cast<ResourceFetcher*>(host);
1295 } 1296 }
1296 1297
1297 } 1298 }
OLDNEW
« no previous file with comments | « Source/core/fetch/CrossOriginAccessControl.cpp ('k') | Source/core/loader/BeaconLoader.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698