Perform CORS access checks on Beacon redirects.

Source/core/loader/BeaconLoader.cpp

Index: Source/core/loader/BeaconLoader.cpp
diff --git a/Source/core/loader/BeaconLoader.cpp b/Source/core/loader/BeaconLoader.cpp
index 17126db5ba9c6bc55d43dcff002217ddcef9f7e2..478c7f246d6665bd99d5480717cc785ff20b4372 100644
--- a/Source/core/loader/BeaconLoader.cpp
+++ b/Source/core/loader/BeaconLoader.cpp
@@ -8,11 +8,16 @@
 #include "core/FetchInitiatorTypeNames.h"
 #include "core/dom/DOMArrayBufferView.h"
 #include "core/dom/Document.h"
+#include "core/fetch/CrossOriginAccessControl.h"
 #include "core/fetch/FetchContext.h"
 #include "core/fetch/ResourceFetcher.h"
 #include "core/fileapi/File.h"
 #include "core/frame/LocalFrame.h"
 #include "core/html/DOMFormData.h"
+#include "core/inspector/ConsoleMessage.h"
+#include "core/loader/MixedContentChecker.h"
+#include "platform/exported/WrappedResourceRequest.h"
+#include "platform/exported/WrappedResourceResponse.h"
 #include "platform/network/FormData.h"
 #include "platform/network/ParsedContentType.h"
 #include "platform/network/ResourceRequest.h"
@@ -68,6 +73,9 @@ class BeaconLoader::Sender {
 public:
     static bool send(LocalFrame* frame, int allowance, const KURL& beaconURL, const Beacon& beacon, int& payloadLength)
     {
+        if (!frame->document())
+            return false;
+
         unsigned long long entitySize = beacon.size();
         if (allowance > 0 && static_cast<unsigned long long>(allowance) < entitySize)
             return false;
@@ -80,6 +88,9 @@ public:
         frame->document()->fetcher()->context().addAdditionalRequestHeaders(request, FetchSubresource);
         frame->document()->fetcher()->context().setFirstPartyForCookies(request);
 
+        if (MixedContentChecker::shouldBlockFetch(frame, request, request.url()))

[Mike West, 2015/03/20 16:51:27]

Why do the check here? Won't it get picked up by FrameFetchContext::canRequest?

[sof, 2015/03/20 20:33:16]

This builds on just PingLoader, which is just a thinly veneered WebURLLoader. So
none of ResourceFetcher/Loader will be involved here.

The mixed content check mirrors the one in PingLoader::start(); I can't see a
tidy way of sharing that check.

+            return false;
+
         payloadLength = entitySize;
         if (!beacon.serialize(request, allowance, payloadLength))
             return false;
@@ -87,7 +98,9 @@ public:
         FetchInitiatorInfo initiatorInfo;
         initiatorInfo.name = FetchInitiatorTypeNames::beacon;
 
-        PingLoader::start(frame, request, initiatorInfo);
+        // Leak the loader, since it will kill itself as soon as it receives a response.
+        RefPtrWillBeRawPtr<BeaconLoader> loader = adoptRefWillBeNoop(new BeaconLoader(frame, request, initiatorInfo, AllowStoredCredentials));
+        loader->ref();
         return true;
     }
 };
@@ -116,6 +129,40 @@ bool BeaconLoader::sendBeacon(LocalFrame* frame, int allowance, const KURL& beac
     return Sender::send(frame, allowance, beaconURL, beacon, payloadLength);
 }
 
+BeaconLoader::BeaconLoader(LocalFrame* frame, ResourceRequest& request, const FetchInitiatorInfo& initiatorInfo, StoredCredentials credentialsAllowed)
+    : PingLoader(frame, request, initiatorInfo, credentialsAllowed)
+    , m_beaconOrigin(frame->document()->securityOrigin())
+{
+}
+
+void BeaconLoader::willSendRequest(WebURLLoader*, WebURLRequest& passedNewRequest, const WebURLResponse& passedRedirectResponse)
+{
+    passedNewRequest.setAllowStoredCredentials(true);
+    ResourceRequest& newRequest(passedNewRequest.toMutableResourceRequest());
+    const ResourceResponse& redirectResponse(passedRedirectResponse.toResourceResponse());
+
+    ASSERT(!newRequest.isNull());
+    ASSERT(!redirectResponse.isNull());
+
+    String errorDescription;
+    StoredCredentials withCredentials = AllowStoredCredentials;
+    ResourceLoaderOptions options;
+    if (!CrossOriginAccessControl::handleRedirect(nullptr, m_beaconOrigin.get(), newRequest, redirectResponse, withCredentials, options, errorDescription)) {
+        if (page() && page()->mainFrame()) {
+            if (page()->mainFrame()->isLocalFrame()) {
+                LocalFrame* localFrame = toLocalFrame(page()->mainFrame());
+                if (localFrame->document())
+                    localFrame->document()->addConsoleMessage(ConsoleMessage::create(JSMessageSource, ErrorMessageLevel, errorDescription));
+            }
+        }
+        // Cancel the load and self destruct.
+        dispose();
+        return;
+    }
+    // FIXME: http://crbug.com/427429 is needed to correctly propagate
+    // updates of Origin: following this successful redirect.
+}
+
 namespace {
 
 unsigned long long Beacon::beaconSize(const String& data)