Chromium Code Reviews Chromium Code Reviews
Issue 1267023004:
WebFonts: Send credentials for same origin requests (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2007, 2010 Apple Inc. All rights reserved. | 2 * Copyright (C) 2007, 2010 Apple Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 66 result.append(')'); | 66 result.append(')'); |
| 67 } | 67 } |
| 68 return result.toString(); | 68 return result.toString(); |
| 69 } | 69 } |
| 70 | 70 |
| 71 bool CSSFontFaceSrcValue::hasFailedOrCanceledSubresources() const | 71 bool CSSFontFaceSrcValue::hasFailedOrCanceledSubresources() const |
| 72 { | 72 { |
| 73 return m_fetched && m_fetched->loadFailedOrCanceled(); | 73 return m_fetched && m_fetched->loadFailedOrCanceled(); |
| 74 } | 74 } |
| 75 | 75 |
| 76 static bool shouldSetCrossOriginAccessControl(const KURL& resource) | 76 static void setCrossOriginAccessControl(FetchRequest& request, SecurityOrigin* s ecurityOrigin) |
| 77 { | 77 { |
| 78 // Local fonts are accessible from file: URLs even when | 78 // Local fonts are accessible from file: URLs even when |
| 79 // allowFileAccessFromFileURLs is false. | 79 // allowFileAccessFromFileURLs is false. |
| 80 if (resource.isLocalFile()) | 80 if (request.url().isLocalFile()) |
| 81 return false; | 81 return; |
| 82 return true; | 82 |
| 83 bool sameOriginRequest = securityOrigin->canRequestNoSuborigin(request.url() ); | |
|
sof
2015/08/20 14:56:58
I see what this is based on, but should we rephras
Kunihiko Sakamoto
2015/08/21 01:37:06
Done.
| |
| 84 request.setCrossOriginAccessControl( | |
| 85 securityOrigin, sameOriginRequest ? AllowStoredCredentials : DoNotAllowS toredCredentials, | |
| 86 ClientDidNotRequestCredentials); | |
| 83 } | 87 } |
| 84 | 88 |
| 85 FontResource* CSSFontFaceSrcValue::fetch(Document* document) | 89 FontResource* CSSFontFaceSrcValue::fetch(Document* document) |
| 86 { | 90 { |
| 87 if (!m_fetched) { | 91 if (!m_fetched) { |
| 88 FetchRequest request(ResourceRequest(document->completeURL(m_resource)), FetchInitiatorTypeNames::css); | 92 FetchRequest request(ResourceRequest(document->completeURL(m_resource)), FetchInitiatorTypeNames::css); |
| 89 request.setContentSecurityCheck(m_shouldCheckContentSecurityPolicy); | 93 request.setContentSecurityCheck(m_shouldCheckContentSecurityPolicy); |
| 90 SecurityOrigin* securityOrigin = document->securityOrigin(); | 94 SecurityOrigin* securityOrigin = document->securityOrigin(); |
| 91 if (shouldSetCrossOriginAccessControl(request.url())) | 95 setCrossOriginAccessControl(request, securityOrigin); |
| 92 request.setCrossOriginAccessControl(securityOrigin, DoNotAllowStored Credentials); | |
| 93 request.mutableResourceRequest().setHTTPReferrer(SecurityPolicy::generat eReferrer(m_referrer.referrerPolicy, request.url(), m_referrer.referrer)); | 96 request.mutableResourceRequest().setHTTPReferrer(SecurityPolicy::generat eReferrer(m_referrer.referrerPolicy, request.url(), m_referrer.referrer)); |
| 94 m_fetched = FontResource::fetch(request, document->fetcher()); | 97 m_fetched = FontResource::fetch(request, document->fetcher()); |
| 95 } else { | 98 } else { |
| 96 // FIXME: CSSFontFaceSrcValue::fetch is invoked when @font-face rule | 99 // FIXME: CSSFontFaceSrcValue::fetch is invoked when @font-face rule |
| 97 // is processed by StyleResolver / StyleEngine. | 100 // is processed by StyleResolver / StyleEngine. |
| 98 restoreCachedResourceIfNeeded(document); | 101 restoreCachedResourceIfNeeded(document); |
| 99 } | 102 } |
| 100 return m_fetched.get(); | 103 return m_fetched.get(); |
| 101 } | 104 } |
| 102 | 105 |
| (...skipping 12 matching lines...) Expand all Loading... | |
| 115 m_fetched->lastResourceRequest().url(), MixedContentChecker::SendReport) ; | 118 m_fetched->lastResourceRequest().url(), MixedContentChecker::SendReport) ; |
| 116 document->fetcher()->requestLoadStarted(m_fetched.get(), request, ResourceFe tcher::ResourceLoadingFromCache); | 119 document->fetcher()->requestLoadStarted(m_fetched.get(), request, ResourceFe tcher::ResourceLoadingFromCache); |
| 117 } | 120 } |
| 118 | 121 |
| 119 bool CSSFontFaceSrcValue::equals(const CSSFontFaceSrcValue& other) const | 122 bool CSSFontFaceSrcValue::equals(const CSSFontFaceSrcValue& other) const |
| 120 { | 123 { |
| 121 return m_isLocal == other.m_isLocal && m_format == other.m_format && m_resou rce == other.m_resource; | 124 return m_isLocal == other.m_isLocal && m_format == other.m_format && m_resou rce == other.m_resource; |
| 122 } | 125 } |
| 123 | 126 |
| 124 } | 127 } |
| OLD | NEW |
