Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(105)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/dom/ScriptLoader.cpp

Issue 135723008: Add CORS support for <link> elements. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Add setCrossOriginAccessControl() helper to avoid repetition matching CORS attribute value Created 6 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « LayoutTests/http/tests/security/resources/link-crossorigin-common.js ('k') | Source/core/fetch/FetchRequest.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) 3 * (C) 1999 Antti Koivisto (koivisto@kde.org)
4 * (C) 2001 Dirk Mueller (mueller@kde.org) 4 * (C) 2001 Dirk Mueller (mueller@kde.org)
5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserv ed. 5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserv ed.
6 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org> 6 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org>
7 * 7 *
8 * This library is free software; you can redistribute it and/or 8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Library General Public 9 * modify it under the terms of the GNU Library General Public
10 * License as published by the Free Software Foundation; either 10 * License as published by the Free Software Foundation; either
(...skipping 242 matching lines...) Expand 10 before | Expand all | Expand 10 after
253 RefPtr<Document> elementDocument(m_element->document()); 253 RefPtr<Document> elementDocument(m_element->document());
254 if (!m_element->dispatchBeforeLoadEvent(sourceUrl)) 254 if (!m_element->dispatchBeforeLoadEvent(sourceUrl))
255 return false; 255 return false;
256 if (!m_element->inDocument() || m_element->document() != elementDocument) 256 if (!m_element->inDocument() || m_element->document() != elementDocument)
257 return false; 257 return false;
258 258
259 ASSERT(!m_resource); 259 ASSERT(!m_resource);
260 if (!stripLeadingAndTrailingHTMLSpaces(sourceUrl).isEmpty()) { 260 if (!stripLeadingAndTrailingHTMLSpaces(sourceUrl).isEmpty()) {
261 FetchRequest request(ResourceRequest(elementDocument->completeURL(source Url)), m_element->localName()); 261 FetchRequest request(ResourceRequest(elementDocument->completeURL(source Url)), m_element->localName());
262 262
263 String crossOriginMode = m_element->fastGetAttribute(HTMLNames::crossori ginAttr); 263 AtomicString crossOriginMode = m_element->fastGetAttribute(HTMLNames::cr ossoriginAttr);
264 if (!crossOriginMode.isNull()) { 264 if (!crossOriginMode.isNull())
265 StoredCredentials allowCredentials = equalIgnoringCase(crossOriginMo de, "use-credentials") ? AllowStoredCredentials : DoNotAllowStoredCredentials; 265 request.setCrossOriginAccessControl(elementDocument->securityOrigin( ), crossOriginMode);
266 request.setCrossOriginAccessControl(elementDocument->securityOrigin( ), allowCredentials);
267 }
268 request.setCharset(scriptCharset()); 266 request.setCharset(scriptCharset());
269 267
270 bool isValidScriptNonce = elementDocument->contentSecurityPolicy()->allo wScriptNonce(m_element->fastGetAttribute(HTMLNames::nonceAttr)); 268 bool isValidScriptNonce = elementDocument->contentSecurityPolicy()->allo wScriptNonce(m_element->fastGetAttribute(HTMLNames::nonceAttr));
271 if (isValidScriptNonce) 269 if (isValidScriptNonce)
272 request.setContentSecurityCheck(DoNotCheckContentSecurityPolicy); 270 request.setContentSecurityCheck(DoNotCheckContentSecurityPolicy);
273 271
274 m_resource = elementDocument->fetcher()->fetchScript(request); 272 m_resource = elementDocument->fetcher()->fetchScript(request);
275 m_isExternalScript = true; 273 m_isExternalScript = true;
276 } 274 }
277 275
(...skipping 154 matching lines...) Expand 10 before | Expand all | Expand 10 after
432 if (isHTMLScriptLoader(element)) 430 if (isHTMLScriptLoader(element))
433 return toHTMLScriptElement(element)->loader(); 431 return toHTMLScriptElement(element)->loader();
434 432
435 if (isSVGScriptLoader(element)) 433 if (isSVGScriptLoader(element))
436 return toSVGScriptElement(element)->loader(); 434 return toSVGScriptElement(element)->loader();
437 435
438 return 0; 436 return 0;
439 } 437 }
440 438
441 } 439 }
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/security/resources/link-crossorigin-common.js ('k') | Source/core/fetch/FetchRequest.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698