Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(598)

Side by Side Diff: Source/core/loader/ImageLoader.cpp

Issue 137983010: (Re)organize handling of CORS access control during resource loading. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: HTMLImportLoader no longer needs a ResourceFetcher Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Source/core/html/parser/HTMLScriptRunner.cpp ('k') | Source/core/loader/TextTrackLoader.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) 3 * (C) 1999 Antti Koivisto (koivisto@kde.org)
4 * Copyright (C) 2004, 2005, 2006, 2007, 2009, 2010 Apple Inc. All rights reserv ed. 4 * Copyright (C) 2004, 2005, 2006, 2007, 2009, 2010 Apple Inc. All rights reserv ed.
5 * 5 *
6 * This library is free software; you can redistribute it and/or 6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Library General Public 7 * modify it under the terms of the GNU Library General Public
8 * License as published by the Free Software Foundation; either 8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version. 9 * version 2 of the License, or (at your option) any later version.
10 * 10 *
(...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after
153 153
154 // Do not load any image if the 'src' attribute is missing or if it is 154 // Do not load any image if the 'src' attribute is missing or if it is
155 // an empty string. 155 // an empty string.
156 ResourcePtr<ImageResource> newImage = 0; 156 ResourcePtr<ImageResource> newImage = 0;
157 if (!attr.isNull() && !stripLeadingAndTrailingHTMLSpaces(attr).isEmpty()) { 157 if (!attr.isNull() && !stripLeadingAndTrailingHTMLSpaces(attr).isEmpty()) {
158 FetchRequest request(ResourceRequest(document.completeURL(sourceURI(attr ))), element()->localName()); 158 FetchRequest request(ResourceRequest(document.completeURL(sourceURI(attr ))), element()->localName());
159 159
160 AtomicString crossOriginMode = m_element->fastGetAttribute(HTMLNames::cr ossoriginAttr); 160 AtomicString crossOriginMode = m_element->fastGetAttribute(HTMLNames::cr ossoriginAttr);
161 if (!crossOriginMode.isNull()) { 161 if (!crossOriginMode.isNull()) {
162 StoredCredentials allowCredentials = equalIgnoringCase(crossOriginMo de, "use-credentials") ? AllowStoredCredentials : DoNotAllowStoredCredentials; 162 StoredCredentials allowCredentials = equalIgnoringCase(crossOriginMo de, "use-credentials") ? AllowStoredCredentials : DoNotAllowStoredCredentials;
163 updateRequestForAccessControl(request.mutableResourceRequest(), docu ment.securityOrigin(), allowCredentials); 163 request.setCrossOriginAccessControl(document.securityOrigin(), allow Credentials);
164 } 164 }
165 165
166 if (m_loadManually) { 166 if (m_loadManually) {
167 bool autoLoadOtherImages = document.fetcher()->autoLoadImages(); 167 bool autoLoadOtherImages = document.fetcher()->autoLoadImages();
168 document.fetcher()->setAutoLoadImages(false); 168 document.fetcher()->setAutoLoadImages(false);
169 newImage = new ImageResource(request.resourceRequest()); 169 newImage = new ImageResource(request.resourceRequest());
170 newImage->setLoading(true); 170 newImage->setLoading(true);
171 document.fetcher()->m_documentResources.set(newImage->url(), newImag e.get()); 171 document.fetcher()->m_documentResources.set(newImage->url(), newImag e.get());
172 document.fetcher()->setAutoLoadImages(autoLoadOtherImages); 172 document.fetcher()->setAutoLoadImages(autoLoadOtherImages);
173 } else { 173 } else {
(...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after
257 ASSERT(m_failedLoadURL.isEmpty()); 257 ASSERT(m_failedLoadURL.isEmpty());
258 ASSERT(resource == m_image.get()); 258 ASSERT(resource == m_image.get());
259 259
260 m_imageComplete = true; 260 m_imageComplete = true;
261 if (!hasPendingBeforeLoadEvent()) 261 if (!hasPendingBeforeLoadEvent())
262 updateRenderer(); 262 updateRenderer();
263 263
264 if (!m_hasPendingLoadEvent) 264 if (!m_hasPendingLoadEvent)
265 return; 265 return;
266 266
267 if (m_element->fastHasAttribute(HTMLNames::crossoriginAttr) 267 if (resource->errorOccurred()) {
268 && !m_element->document().securityOrigin()->canRequest(image()->response ().url()) 268 loadEventSender().cancelEvent(this);
269 && !resource->passesAccessControlCheck(m_element->document().securityOri gin())) { 269 m_hasPendingLoadEvent = false;
270
271 setImageWithoutConsideringPendingLoadEvent(0);
272 270
273 m_hasPendingErrorEvent = true; 271 m_hasPendingErrorEvent = true;
274 errorEventSender().dispatchEventSoon(this); 272 errorEventSender().dispatchEventSoon(this);
275 273
276 DEFINE_STATIC_LOCAL(String, consoleMessage, ("Cross-origin image load de nied by Cross-Origin Resource Sharing policy."));
277 m_element->document().addConsoleMessage(SecurityMessageSource, ErrorMess ageLevel, consoleMessage);
278
279 ASSERT(!m_hasPendingLoadEvent);
280
281 // Only consider updating the protection ref-count of the Element immedi ately before returning 274 // Only consider updating the protection ref-count of the Element immedi ately before returning
282 // from this function as doing so might result in the destruction of thi s ImageLoader. 275 // from this function as doing so might result in the destruction of thi s ImageLoader.
283 updatedHasPendingEvent(); 276 updatedHasPendingEvent();
284 return; 277 return;
285 } 278 }
286
287 if (resource->wasCanceled()) { 279 if (resource->wasCanceled()) {
288 m_hasPendingLoadEvent = false; 280 m_hasPendingLoadEvent = false;
289 // Only consider updating the protection ref-count of the Element immedi ately before returning 281 // Only consider updating the protection ref-count of the Element immedi ately before returning
290 // from this function as doing so might result in the destruction of thi s ImageLoader. 282 // from this function as doing so might result in the destruction of thi s ImageLoader.
291 updatedHasPendingEvent(); 283 updatedHasPendingEvent();
292 return; 284 return;
293 } 285 }
294 if (resource->errorOccurred()) {
295 loadEventSender().cancelEvent(this);
296 m_hasPendingLoadEvent = false;
297
298 m_hasPendingErrorEvent = true;
299 errorEventSender().dispatchEventSoon(this);
300
301 // Only consider updating the protection ref-count of the Element immedi ately before returning
302 // from this function as doing so might result in the destruction of thi s ImageLoader.
303 updatedHasPendingEvent();
304 return;
305 }
306 loadEventSender().dispatchEventSoon(this); 286 loadEventSender().dispatchEventSoon(this);
307 } 287 }
308 288
309 RenderImageResource* ImageLoader::renderImageResource() 289 RenderImageResource* ImageLoader::renderImageResource()
310 { 290 {
311 RenderObject* renderer = m_element->renderer(); 291 RenderObject* renderer = m_element->renderer();
312 292
313 if (!renderer) 293 if (!renderer)
314 return 0; 294 return 0;
315 295
(...skipping 170 matching lines...) Expand 10 before | Expand all | Expand 10 after
486 handle->notifyImageSourceChanged(); 466 handle->notifyImageSourceChanged();
487 } 467 }
488 } 468 }
489 469
490 inline void ImageLoader::clearFailedLoadURL() 470 inline void ImageLoader::clearFailedLoadURL()
491 { 471 {
492 m_failedLoadURL = AtomicString(); 472 m_failedLoadURL = AtomicString();
493 } 473 }
494 474
495 } 475 }
OLDNEW
« no previous file with comments | « Source/core/html/parser/HTMLScriptRunner.cpp ('k') | Source/core/loader/TextTrackLoader.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698