Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1025)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/core/loader/ImageLoader.cpp

Issue 137983010: (Re)organize handling of CORS access control during resource loading. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: HTMLImportLoader no longer needs a ResourceFetcher Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « Source/core/html/parser/HTMLScriptRunner.cpp ('k') | Source/core/loader/TextTrackLoader.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/loader/ImageLoader.cpp
diff --git a/Source/core/loader/ImageLoader.cpp b/Source/core/loader/ImageLoader.cpp
index 8659c5ad118de1f2e5344eb2615a7ea8b9740f65..5e26d16d5239550beba27d1f41686afef7884de6 100644
--- a/Source/core/loader/ImageLoader.cpp
+++ b/Source/core/loader/ImageLoader.cpp
@@ -160,7 +160,7 @@ void ImageLoader::updateFromElement()
AtomicString crossOriginMode = m_element->fastGetAttribute(HTMLNames::crossoriginAttr);
if (!crossOriginMode.isNull()) {
StoredCredentials allowCredentials = equalIgnoringCase(crossOriginMode, "use-credentials") ? AllowStoredCredentials : DoNotAllowStoredCredentials;
- updateRequestForAccessControl(request.mutableResourceRequest(), document.securityOrigin(), allowCredentials);
+ request.setCrossOriginAccessControl(document.securityOrigin(), allowCredentials);
}
if (m_loadManually) {
@@ -264,26 +264,18 @@ void ImageLoader::notifyFinished(Resource* resource)
if (!m_hasPendingLoadEvent)
return;
- if (m_element->fastHasAttribute(HTMLNames::crossoriginAttr)
- && !m_element->document().securityOrigin()->canRequest(image()->response().url())
- && !resource->passesAccessControlCheck(m_element->document().securityOrigin())) {
-
- setImageWithoutConsideringPendingLoadEvent(0);
+ if (resource->errorOccurred()) {
+ loadEventSender().cancelEvent(this);
+ m_hasPendingLoadEvent = false;
m_hasPendingErrorEvent = true;
errorEventSender().dispatchEventSoon(this);
- DEFINE_STATIC_LOCAL(String, consoleMessage, ("Cross-origin image load denied by Cross-Origin Resource Sharing policy."));
- m_element->document().addConsoleMessage(SecurityMessageSource, ErrorMessageLevel, consoleMessage);
-
- ASSERT(!m_hasPendingLoadEvent);
-
// Only consider updating the protection ref-count of the Element immediately before returning
// from this function as doing so might result in the destruction of this ImageLoader.
updatedHasPendingEvent();
return;
}
-
if (resource->wasCanceled()) {
m_hasPendingLoadEvent = false;
// Only consider updating the protection ref-count of the Element immediately before returning
@@ -291,18 +283,6 @@ void ImageLoader::notifyFinished(Resource* resource)
updatedHasPendingEvent();
return;
}
- if (resource->errorOccurred()) {
- loadEventSender().cancelEvent(this);
- m_hasPendingLoadEvent = false;
-
- m_hasPendingErrorEvent = true;
- errorEventSender().dispatchEventSoon(this);
-
- // Only consider updating the protection ref-count of the Element immediately before returning
- // from this function as doing so might result in the destruction of this ImageLoader.
- updatedHasPendingEvent();
- return;
- }
loadEventSender().dispatchEventSoon(this);
}
« no previous file with comments | « Source/core/html/parser/HTMLScriptRunner.cpp ('k') | Source/core/loader/TextTrackLoader.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698