Chromium Code Reviews Chromium Code Reviews
Issue 1196423003:
Improve console log message for CORS failure (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. |
| 3 * Copyright (C) 2013, Intel Corporation | 3 * Copyright (C) 2013, Intel Corporation |
| 4 * | 4 * |
| 5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
| 6 * modification, are permitted provided that the following conditions are | 6 * modification, are permitted provided that the following conditions are |
| 7 * met: | 7 * met: |
| 8 * | 8 * |
| 9 * * Redistributions of source code must retain the above copyright | 9 * * Redistributions of source code must retain the above copyright |
| 10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
| (...skipping 281 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 292 --m_corsRedirectLimit; | 292 --m_corsRedirectLimit; |
| 293 | 293 |
| 294 InspectorInstrumentation::didReceiveCORSRedirectResponse(m_document.fram e(), resource->identifier(), m_document.frame()->loader().documentLoader(), redi rectResponse, 0); | 294 InspectorInstrumentation::didReceiveCORSRedirectResponse(m_document.fram e(), resource->identifier(), m_document.frame()->loader().documentLoader(), redi rectResponse, 0); |
| 295 | 295 |
| 296 bool allowRedirect = false; | 296 bool allowRedirect = false; |
| 297 String accessControlErrorDescription; | 297 String accessControlErrorDescription; |
| 298 | 298 |
| 299 // Non-simple cross origin requests (both preflight and actual one) are | 299 // Non-simple cross origin requests (both preflight and actual one) are |
| 300 // not allowed to follow redirect. | 300 // not allowed to follow redirect. |
| 301 if (m_crossOriginNonSimpleRequest) { | 301 if (m_crossOriginNonSimpleRequest) { |
| 302 accessControlErrorDescription = "The request was redirected to '"+ r equest.url().string() + "', which is disallowed for cross-origin requests that r equire preflight."; | 302 accessControlErrorDescription = "The request was redirected to '" + request.url().string() + "', which is disallowed for cross-origin requests that require preflight."; |
| 303 } else { | 303 } else { |
| 304 // The redirect response must pass the access control check if the | 304 // The redirect response must pass the access control check if the |
| 305 // original request was not same-origin. | 305 // original request was not same-origin. |
| 306 allowRedirect = CrossOriginAccessControl::isLegalRedirectLocation(re quest.url(), accessControlErrorDescription) | 306 if (CrossOriginAccessControl::isLegalRedirectLocation(request.url(), accessControlErrorDescription)) { |
| 307 && (m_sameOriginRequest || passesAccessControlCheck(redirectResp onse, effectiveAllowCredentials(), securityOrigin(), accessControlErrorDescripti on)); | 307 if (m_sameOriginRequest || passesAccessControlCheck(redirectResp onse, effectiveAllowCredentials(), securityOrigin(), accessControlErrorDescripti on)) { |
| 308 allowRedirect = true; | |
| 309 } else { | |
| 310 accessControlErrorDescription = "The request was redirected to '" + request.url().string() + "', and has been blocked from loading by Cross- Origin Resource Sharing policy: " + accessControlErrorDescription; | |
| 311 } | |
| 312 } | |
| 308 } | 313 } |
| 309 | 314 |
| 310 if (allowRedirect) { | 315 if (allowRedirect) { |
| 311 // FIXME: consider combining this with CORS redirect handling perfor med by | 316 // FIXME: consider combining this with CORS redirect handling perfor med by |
| 312 // CrossOriginAccessControl::handleRedirect(). | 317 // CrossOriginAccessControl::handleRedirect(). |
| 313 clearResource(); | 318 clearResource(); |
| 314 | 319 |
| 315 RefPtr<SecurityOrigin> originalOrigin = SecurityOrigin::create(redir ectResponse.url()); | 320 RefPtr<SecurityOrigin> originalOrigin = SecurityOrigin::create(redir ectResponse.url()); |
| 316 RefPtr<SecurityOrigin> requestOrigin = SecurityOrigin::create(reques t.url()); | 321 RefPtr<SecurityOrigin> requestOrigin = SecurityOrigin::create(reques t.url()); |
| 317 // If the original request wasn't same-origin, then if the request U RL origin is not same origin with the original URL origin, | 322 // If the original request wasn't same-origin, then if the request U RL origin is not same origin with the original URL origin, |
| (...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 387 m_isUsingDataConsumerHandle = true; | 392 m_isUsingDataConsumerHandle = true; |
| 388 | 393 |
| 389 handleResponse(resource->identifier(), response, handle); | 394 handleResponse(resource->identifier(), response, handle); |
| 390 } | 395 } |
| 391 | 396 |
| 392 void DocumentThreadableLoader::handlePreflightResponse(const ResourceResponse& r esponse) | 397 void DocumentThreadableLoader::handlePreflightResponse(const ResourceResponse& r esponse) |
| 393 { | 398 { |
| 394 String accessControlErrorDescription; | 399 String accessControlErrorDescription; |
| 395 | 400 |
| 396 if (!passesAccessControlCheck(response, effectiveAllowCredentials(), securit yOrigin(), accessControlErrorDescription)) { | 401 if (!passesAccessControlCheck(response, effectiveAllowCredentials(), securit yOrigin(), accessControlErrorDescription)) { |
| 397 handlePreflightFailure(response.url().string(), accessControlErrorDescri ption); | 402 handlePreflightFailure(response.url().string(), "Response for preflight doesn't pass the access control check: " + accessControlErrorDescription); |
| 398 return; | 403 return; |
| 399 } | 404 } |
| 400 | 405 |
| 401 if (!passesPreflightStatusCheck(response, accessControlErrorDescription)) { | 406 if (!passesPreflightStatusCheck(response, accessControlErrorDescription)) { |
| 402 handlePreflightFailure(response.url().string(), accessControlErrorDescri ption); | 407 handlePreflightFailure(response.url().string(), accessControlErrorDescri ption); |
| 403 return; | 408 return; |
| 404 } | 409 } |
| 405 | 410 |
| 406 OwnPtr<CrossOriginPreflightResultCacheItem> preflightResult = adoptPtr(new C rossOriginPreflightResultCacheItem(effectiveAllowCredentials())); | 411 OwnPtr<CrossOriginPreflightResultCacheItem> preflightResult = adoptPtr(new C rossOriginPreflightResultCacheItem(effectiveAllowCredentials())); |
| 407 if (!preflightResult->parse(response, accessControlErrorDescription) | 412 if (!preflightResult->parse(response, accessControlErrorDescription) |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 451 m_client->didReceiveResponse(identifier, response, handle); | 456 m_client->didReceiveResponse(identifier, response, handle); |
| 452 return; | 457 return; |
| 453 } | 458 } |
| 454 | 459 |
| 455 ASSERT(!m_fallbackRequestForServiceWorker); | 460 ASSERT(!m_fallbackRequestForServiceWorker); |
| 456 | 461 |
| 457 if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessC ontrol) { | 462 if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessC ontrol) { |
| 458 String accessControlErrorDescription; | 463 String accessControlErrorDescription; |
| 459 if (!passesAccessControlCheck(response, effectiveAllowCredentials(), sec urityOrigin(), accessControlErrorDescription)) { | 464 if (!passesAccessControlCheck(response, effectiveAllowCredentials(), sec urityOrigin(), accessControlErrorDescription)) { |
| 460 reportResponseReceived(identifier, response); | 465 reportResponseReceived(identifier, response); |
| 461 m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkIn ternal, 0, response.url().string(), accessControlErrorDescription)); | 466 m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkIn ternal, 0, response.url().string(), "Received response but it doesn't pass the a ccess control check: " + accessControlErrorDescription)); |
|
sof
2015/06/25 11:24:18
The prefixed text strikes me as redundant (and lon
tyoshino (SeeGerritForStatus)
2016/07/22 12:46:45
OK. Removed
| |
| 462 return; | 467 return; |
| 463 } | 468 } |
| 464 } | 469 } |
| 465 | 470 |
| 466 m_client->didReceiveResponse(identifier, response, handle); | 471 m_client->didReceiveResponse(identifier, response, handle); |
| 467 } | 472 } |
| 468 | 473 |
| 469 void DocumentThreadableLoader::setSerializedCachedMetadata(Resource*, const char * data, size_t size) | 474 void DocumentThreadableLoader::setSerializedCachedMetadata(Resource*, const char * data, size_t size) |
| 470 { | 475 { |
| 471 if (m_actualRequest) | 476 if (m_actualRequest) |
| (...skipping 192 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 664 return DoNotAllowStoredCredentials; | 669 return DoNotAllowStoredCredentials; |
| 665 return m_resourceLoaderOptions.allowCredentials; | 670 return m_resourceLoaderOptions.allowCredentials; |
| 666 } | 671 } |
| 667 | 672 |
| 668 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const | 673 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const |
| 669 { | 674 { |
| 670 return m_securityOrigin ? m_securityOrigin.get() : m_document.securityOrigin (); | 675 return m_securityOrigin ? m_securityOrigin.get() : m_document.securityOrigin (); |
| 671 } | 676 } |
| 672 | 677 |
| 673 } // namespace blink | 678 } // namespace blink |
| OLD | NEW |
