(Re)organize handling of CORS access control during resource loading.

Source/core/fetch/ResourceLoader.cpp

 /*
  * Copyright (C) 2006, 2007, 2010, 2011 Apple Inc. All rights reserved.
  *           (C) 2007 Graham Dennis (graham.dennis@gmail.com)
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1.  Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
@@ skipping 275 matching lines @@
     m_resource->setSerializedCachedMetadata(data, length);
 }
 
 void ResourceLoader::didSendData(blink::WebURLLoader*, unsigned long long bytesSent, unsigned long long totalBytesToBeSent)
 {
     ASSERT(m_state == Initialized);
     RefPtr<ResourceLoader> protect(this);
     m_resource->didSendData(bytesSent, totalBytesToBeSent);
 }
 
+bool ResourceLoader::responseNeedsAccessControlCheck() const
+{
+    // If the fetch was (potentially) CORS enabled, an access control check of the response is required.
+    return m_options.corsEnabled == IsCORSEnabled;
+}
+
 void ResourceLoader::didReceiveResponse(blink::WebURLLoader*, const blink::WebURLResponse& response)
 {
     ASSERT(!response.isNull());
     ASSERT(m_state == Initialized);
 
     bool isMultipartPayload = response.isMultipartPayload();
     bool isValidStateTransition = (m_connectionState == ConnectionStateStarted || m_connectionState == ConnectionStateReceivedResponse);
     // In the case of multipart loads, calls to didReceiveData & didReceiveResponse can be interleaved.
     RELEASE_ASSERT(isMultipartPayload || isValidStateTransition);
     m_connectionState = ConnectionStateReceivedResponse;
 
+    const ResourceResponse& resourceResponse = response.toResourceResponse();
+
+    if (responseNeedsAccessControlCheck()) {
+        m_resource->setResponse(resourceResponse);
+        if (!m_host->canAccessResource(m_resource, response.url())) {
+            cancel();
+            return;
+        }
+    }
+
     // Reference the object in this method since the additional processing can do
     // anything including removing the last reference to this object.
     RefPtr<ResourceLoader> protect(this);
-    m_resource->responseReceived(response.toResourceResponse());
+    m_resource->responseReceived(resourceResponse);
     if (m_state == Terminated)
         return;
 
-    m_host->didReceiveResponse(m_resource, response.toResourceResponse());
+    m_host->didReceiveResponse(m_resource, resourceResponse);
 
     if (response.toResourceResponse().isMultipart()) {
         // We don't count multiParts in a ResourceFetcher's request count
         m_requestCountTracker.clear();
         if (!m_resource->isImage()) {
             cancel();
             return;
         }
     } else if (isMultipartPayload) {
         // Since a subresource loader does not load multipart sections progressively, data was delivered to the loader all at once.
@@ skipping 108 matching lines @@
     didReceiveResponse(0, responseOut);
     if (m_state == Terminated)
         return;
     RefPtr<ResourceLoadInfo> resourceLoadInfo = responseOut.toResourceResponse().resourceLoadInfo();
     m_host->didReceiveData(m_resource, dataOut.data(), dataOut.size(), resourceLoadInfo ? resourceLoadInfo->encodedDataLength : -1);
     m_resource->setResourceBuffer(dataOut);
     didFinishLoading(0, monotonicallyIncreasingTime());
 }
 
 }