OLD | NEW |
1 /* | 1 /* |
2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) | 2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) |
3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) | 3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) |
4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) | 4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) |
5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All
rights reserved. | 5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All
rights reserved. |
6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ | 6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ |
7 | 7 |
8 This library is free software; you can redistribute it and/or | 8 This library is free software; you can redistribute it and/or |
9 modify it under the terms of the GNU Library General Public | 9 modify it under the terms of the GNU Library General Public |
10 License as published by the Free Software Foundation; either | 10 License as published by the Free Software Foundation; either |
(...skipping 427 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
438 Frame* top = f->tree().top(); | 438 Frame* top = f->tree().top(); |
439 if (!top->loader().mixedContentChecker()->canDisplayInsecureContent(
top->document()->securityOrigin(), url)) | 439 if (!top->loader().mixedContentChecker()->canDisplayInsecureContent(
top->document()->securityOrigin(), url)) |
440 return false; | 440 return false; |
441 } | 441 } |
442 } else { | 442 } else { |
443 ASSERT(treatment == TreatAsAlwaysAllowedContent); | 443 ASSERT(treatment == TreatAsAlwaysAllowedContent); |
444 } | 444 } |
445 return true; | 445 return true; |
446 } | 446 } |
447 | 447 |
448 bool ResourceFetcher::canRequest(Resource::Type type, const KURL& url, const Res
ourceLoaderOptions& options, bool forPreload, FetchRequest::OriginRestriction or
iginRestriction) | 448 bool ResourceFetcher::canRequest(Resource::Type type, const KURL& url, const Res
ourceLoaderOptions& options, bool forPreload, FetchRequest::OriginRestriction or
iginRestriction) const |
449 { | 449 { |
450 SecurityOrigin* securityOrigin = options.securityOrigin.get(); | 450 SecurityOrigin* securityOrigin = options.securityOrigin.get(); |
451 if (!securityOrigin && document()) | 451 if (!securityOrigin && document()) |
452 securityOrigin = document()->securityOrigin(); | 452 securityOrigin = document()->securityOrigin(); |
453 | 453 |
454 if (securityOrigin && !securityOrigin->canDisplay(url)) { | 454 if (securityOrigin && !securityOrigin->canDisplay(url)) { |
455 if (!forPreload) | 455 if (!forPreload) |
456 context().reportLocalLoadFailed(url); | 456 context().reportLocalLoadFailed(url); |
457 WTF_LOG(ResourceLoading, "ResourceFetcher::requestResource URL was not a
llowed by SecurityOrigin::canDisplay"); | 457 WTF_LOG(ResourceLoading, "ResourceFetcher::requestResource URL was not a
llowed by SecurityOrigin::canDisplay"); |
458 return 0; | 458 return 0; |
(...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
543 // folks block insecure content with a CSP policy, they don't get a warning. | 543 // folks block insecure content with a CSP policy, they don't get a warning. |
544 // They'll still get a warning in the console about CSP blocking the load. | 544 // They'll still get a warning in the console about CSP blocking the load. |
545 | 545 |
546 // FIXME: Should we consider forPreload here? | 546 // FIXME: Should we consider forPreload here? |
547 if (!checkInsecureContent(type, url, options.mixedContentBlockingTreatment)) | 547 if (!checkInsecureContent(type, url, options.mixedContentBlockingTreatment)) |
548 return false; | 548 return false; |
549 | 549 |
550 return true; | 550 return true; |
551 } | 551 } |
552 | 552 |
553 bool ResourceFetcher::canAccess(Resource* resource, CORSEnabled corsEnabled, Fet
chRequest::OriginRestriction originRestriction) | 553 bool ResourceFetcher::canAccessResource(Resource* resource, const KURL& url) con
st |
554 { | 554 { |
555 // Redirects can change the response URL different from one of request. | 555 // Redirects can change the response URL different from one of request. |
556 if (!canRequest(resource->type(), resource->response().url(), resource->opti
ons(), false, originRestriction)) | 556 if (!canRequest(resource->type(), url, resource->options(), false, FetchRequ
est::UseDefaultOriginRestrictionForType)) |
557 return false; | 557 return false; |
558 | 558 |
559 String error; | 559 if (!document() || document()->securityOrigin()->canRequest(url)) |
560 switch (resource->type()) { | 560 return true; |
561 case Resource::Script: | 561 |
562 case Resource::ImportResource: | 562 String errorDescription; |
563 if (corsEnabled == PotentiallyCORSEnabled | 563 if (!resource->passesAccessControlCheck(document()->securityOrigin(), errorD
escription)) { |
564 && !m_document->securityOrigin()->canRequest(resource->response().ur
l()) | 564 if (frame() && frame()->document()) { |
565 && !resource->passesAccessControlCheck(m_document->securityOrigin(),
error)) { | 565 String resourceType = Resource::resourceTypeToString(resource->type(
), resource->options().initiatorInfo); |
566 if (frame() && frame()->document()) | 566 frame()->document()->addConsoleMessage(JSMessageSource, ErrorMessage
Level, resourceType + " from origin '" + SecurityOrigin::create(url)->toString()
+ "' has been blocked from loading by Cross-Origin Resource Sharing policy: " +
errorDescription); |
567 frame()->document()->addConsoleMessage(JSMessageSource, ErrorMes
sageLevel, "Script from origin '" + SecurityOrigin::create(resource->response().
url())->toString() + "' has been blocked from loading by Cross-Origin Resource S
haring policy: " + error); | |
568 return false; | |
569 } | 567 } |
570 | |
571 break; | |
572 default: | |
573 ASSERT_NOT_REACHED(); // FIXME: generalize to non-script resources | |
574 return false; | 568 return false; |
575 } | 569 } |
576 | |
577 return true; | 570 return true; |
578 } | 571 } |
579 | 572 |
580 bool ResourceFetcher::shouldLoadNewResource(Resource::Type type) const | 573 bool ResourceFetcher::shouldLoadNewResource(Resource::Type type) const |
581 { | 574 { |
582 if (!frame()) | 575 if (!frame()) |
583 return false; | 576 return false; |
584 if (!m_documentLoader) | 577 if (!m_documentLoader) |
585 return true; | 578 return true; |
586 if (type == Resource::MainResource) | 579 if (type == Resource::MainResource) |
(...skipping 28 matching lines...) Expand all Loading... |
615 | 608 |
616 if (!canRequest(type, url, request.options(), request.forPreload(), request.
originRestriction())) | 609 if (!canRequest(type, url, request.options(), request.forPreload(), request.
originRestriction())) |
617 return 0; | 610 return 0; |
618 | 611 |
619 if (Frame* f = frame()) | 612 if (Frame* f = frame()) |
620 f->loader().client()->dispatchWillRequestResource(&request); | 613 f->loader().client()->dispatchWillRequestResource(&request); |
621 | 614 |
622 // See if we can use an existing resource from the cache. | 615 // See if we can use an existing resource from the cache. |
623 ResourcePtr<Resource> resource = memoryCache()->resourceForURL(url); | 616 ResourcePtr<Resource> resource = memoryCache()->resourceForURL(url); |
624 | 617 |
625 const RevalidationPolicy policy = determineRevalidationPolicy(type, request.
mutableResourceRequest(), request.forPreload(), resource.get(), request.defer())
; | 618 const RevalidationPolicy policy = determineRevalidationPolicy(type, request.
mutableResourceRequest(), request.forPreload(), resource.get(), request.defer(),
request.options()); |
626 switch (policy) { | 619 switch (policy) { |
627 case Reload: | 620 case Reload: |
628 memoryCache()->remove(resource.get()); | 621 memoryCache()->remove(resource.get()); |
629 // Fall through | 622 // Fall through |
630 case Load: | 623 case Load: |
631 resource = loadResource(type, request, request.charset()); | 624 resource = loadResource(type, request, request.charset()); |
632 break; | 625 break; |
633 case Revalidate: | 626 case Revalidate: |
634 resource = revalidateResource(request, resource.get()); | 627 resource = revalidateResource(request, resource.get()); |
635 break; | 628 break; |
(...skipping 199 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
835 if (frame()->ownerElement() && !frame()->ownerElement()->loadedNonEmptyD
ocument()) { | 828 if (frame()->ownerElement() && !frame()->ownerElement()->loadedNonEmptyD
ocument()) { |
836 info->setInitiatorType(frame()->ownerElement()->localName()); | 829 info->setInitiatorType(frame()->ownerElement()->localName()); |
837 m_resourceTimingInfoMap.add(resource.get(), info); | 830 m_resourceTimingInfoMap.add(resource.get(), info); |
838 frame()->ownerElement()->didLoadNonEmptyDocument(); | 831 frame()->ownerElement()->didLoadNonEmptyDocument(); |
839 } | 832 } |
840 } else { | 833 } else { |
841 m_resourceTimingInfoMap.add(resource.get(), info); | 834 m_resourceTimingInfoMap.add(resource.get(), info); |
842 } | 835 } |
843 } | 836 } |
844 | 837 |
845 ResourceFetcher::RevalidationPolicy ResourceFetcher::determineRevalidationPolicy
(Resource::Type type, ResourceRequest& request, bool forPreload, Resource* exist
ingResource, FetchRequest::DeferOption defer) const | 838 ResourceFetcher::RevalidationPolicy ResourceFetcher::determineRevalidationPolicy
(Resource::Type type, ResourceRequest& request, bool forPreload, Resource* exist
ingResource, FetchRequest::DeferOption defer, const ResourceLoaderOptions& optio
ns) const |
846 { | 839 { |
847 if (!existingResource) | 840 if (!existingResource) |
848 return Load; | 841 return Load; |
849 | 842 |
850 // We already have a preload going for this URL. | 843 // We already have a preload going for this URL. |
851 if (forPreload && existingResource->isPreloaded()) | 844 if (forPreload && existingResource->isPreloaded()) |
852 return Use; | 845 return Use; |
853 | 846 |
854 // If the same URL has been loaded as a different type, we need to reload. | 847 // If the same URL has been loaded as a different type, we need to reload. |
855 if (existingResource->type() != type) { | 848 if (existingResource->type() != type) { |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
892 CachePolicy cachePolicy = context().cachePolicy(document()); | 885 CachePolicy cachePolicy = context().cachePolicy(document()); |
893 if (cachePolicy == CachePolicyHistoryBuffer) | 886 if (cachePolicy == CachePolicyHistoryBuffer) |
894 return Use; | 887 return Use; |
895 | 888 |
896 // Don't reuse resources with Cache-control: no-store. | 889 // Don't reuse resources with Cache-control: no-store. |
897 if (existingResource->response().cacheControlContainsNoStore()) { | 890 if (existingResource->response().cacheControlContainsNoStore()) { |
898 WTF_LOG(ResourceLoading, "ResourceFetcher::determineRevalidationPolicy r
eloading due to Cache-control: no-store."); | 891 WTF_LOG(ResourceLoading, "ResourceFetcher::determineRevalidationPolicy r
eloading due to Cache-control: no-store."); |
899 return Reload; | 892 return Reload; |
900 } | 893 } |
901 | 894 |
| 895 // If fetching a resource with a different 'CORS enabled' flag, reload. |
| 896 if (type != Resource::MainResource && options.corsEnabled != existingResourc
e->options().corsEnabled) |
| 897 return Reload; |
| 898 |
902 // If credentials were sent with the previous request and won't be | 899 // If credentials were sent with the previous request and won't be |
903 // with this one, or vice versa, re-fetch the resource. | 900 // with this one, or vice versa, re-fetch the resource. |
904 // | 901 // |
905 // This helps with the case where the server sends back | 902 // This helps with the case where the server sends back |
906 // "Access-Control-Allow-Origin: *" all the time, but some of the | 903 // "Access-Control-Allow-Origin: *" all the time, but some of the |
907 // client's requests are made without CORS and some with. | 904 // client's requests are made without CORS and some with. |
908 if (existingResource->resourceRequest().allowCookies() != request.allowCooki
es()) { | 905 if (existingResource->resourceRequest().allowCookies() != request.allowCooki
es()) { |
909 WTF_LOG(ResourceLoading, "ResourceFetcher::determineRevalidationPolicy r
eloading due to difference in credentials settings."); | 906 WTF_LOG(ResourceLoading, "ResourceFetcher::determineRevalidationPolicy r
eloading due to difference in credentials settings."); |
910 return Reload; | 907 return Reload; |
911 } | 908 } |
(...skipping 458 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1370 } | 1367 } |
1371 #endif | 1368 #endif |
1372 | 1369 |
1373 const ResourceLoaderOptions& ResourceFetcher::defaultResourceOptions() | 1370 const ResourceLoaderOptions& ResourceFetcher::defaultResourceOptions() |
1374 { | 1371 { |
1375 DEFINE_STATIC_LOCAL(ResourceLoaderOptions, options, (SniffContent, BufferDat
a, AllowStoredCredentials, ClientRequestedCredentials, AskClientForCrossOriginCr
edentials, DoSecurityCheck, CheckContentSecurityPolicy, DocumentContext)); | 1372 DEFINE_STATIC_LOCAL(ResourceLoaderOptions, options, (SniffContent, BufferDat
a, AllowStoredCredentials, ClientRequestedCredentials, AskClientForCrossOriginCr
edentials, DoSecurityCheck, CheckContentSecurityPolicy, DocumentContext)); |
1376 return options; | 1373 return options; |
1377 } | 1374 } |
1378 | 1375 |
1379 } | 1376 } |
OLD | NEW |