Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(225)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/loader/DocumentThreadableLoader.cpp

Issue 1243353002: Skip the Service Worker CORS fallback for same origin requests. [1/2 blink] (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: add link to crbug.com/336894 Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved.
3 * Copyright (C) 2013, Intel Corporation 3 * Copyright (C) 2013, Intel Corporation
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are 6 * modification, are permitted provided that the following conditions are
7 * met: 7 * met:
8 * 8 *
9 * * Redistributions of source code must retain the above copyright 9 * * Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
(...skipping 434 matching lines...) Expand 10 before | Expand all | Expand 10 after
445 // when the ServiceWorker does not call respondWith().) 445 // when the ServiceWorker does not call respondWith().)
446 ASSERT(m_fallbackRequestForServiceWorker); 446 ASSERT(m_fallbackRequestForServiceWorker);
447 loadFallbackRequestForServiceWorker(); 447 loadFallbackRequestForServiceWorker();
448 return; 448 return;
449 } 449 }
450 m_fallbackRequestForServiceWorker = nullptr; 450 m_fallbackRequestForServiceWorker = nullptr;
451 m_client->didReceiveResponse(identifier, response, handle); 451 m_client->didReceiveResponse(identifier, response, handle);
452 return; 452 return;
453 } 453 }
454 454
455 ASSERT(!m_fallbackRequestForServiceWorker); 455 // Even if the request met the conditions to get handled by a Service Worker
456 // in the constructor of this class (and therefore
457 // |m_fallbackRequestForServiceWorker| is set), the Service Worker may skip
458 // processing the request. Only if the request is same origin, the skipped
459 // response may come here (wasFetchedViaServiceWorker() returns false) since
460 // such a request doesn't have to go through the CORS algorithm by calling
461 // loadFallbackRequestForServiceWorker().
462 // FIXME: We should use |m_sameOriginRequest| when we will support
463 // Suborigins (crbug.com/336894) for Service Worker.
464 ASSERT(!m_fallbackRequestForServiceWorker || securityOrigin()->canRequest(m_ fallbackRequestForServiceWorker->url()));
tyoshino (SeeGerritForStatus) 2015/07/23 05:33:16 have you investigated carefully that this is consi
horo 2015/07/23 07:59:44 I don't think these conditions (in blink and conte
tyoshino (SeeGerritForStatus) 2015/07/23 08:09:42 Ah, yeah, actually it's enough that condition hold
horo 2015/07/23 09:42:00 The document which origin is an unique origin can'
tyoshino (SeeGerritForStatus) 2015/07/23 09:50:13 Thanks. Please write that in the CL description.
465 m_fallbackRequestForServiceWorker = nullptr;
456 466
457 if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessC ontrol) { 467 if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessC ontrol) {
458 String accessControlErrorDescription; 468 String accessControlErrorDescription;
459 if (!passesAccessControlCheck(response, effectiveAllowCredentials(), sec urityOrigin(), accessControlErrorDescription)) { 469 if (!passesAccessControlCheck(response, effectiveAllowCredentials(), sec urityOrigin(), accessControlErrorDescription)) {
460 reportResponseReceived(identifier, response); 470 reportResponseReceived(identifier, response);
461 m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkIn ternal, 0, response.url().string(), accessControlErrorDescription)); 471 m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkIn ternal, 0, response.url().string(), accessControlErrorDescription));
462 return; 472 return;
463 } 473 }
464 } 474 }
465 475
(...skipping 198 matching lines...) Expand 10 before | Expand all | Expand 10 after
664 return DoNotAllowStoredCredentials; 674 return DoNotAllowStoredCredentials;
665 return m_resourceLoaderOptions.allowCredentials; 675 return m_resourceLoaderOptions.allowCredentials;
666 } 676 }
667 677
668 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const 678 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const
669 { 679 {
670 return m_securityOrigin ? m_securityOrigin.get() : m_document.securityOrigin (); 680 return m_securityOrigin ? m_securityOrigin.get() : m_document.securityOrigin ();
671 } 681 }
672 682
673 } // namespace blink 683 } // namespace blink
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698