Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(38)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp

Issue 1390943003: Bypass ServiceWorker when the request originates from isolated world. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: add browser test Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/test/data/extensions/api_test/service_worker/content_script_fetch/manifest.json ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved.
3 * Copyright (C) 2013, Intel Corporation 3 * Copyright (C) 2013, Intel Corporation
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are 6 * modification, are permitted provided that the following conditions are
7 * met: 7 * met:
8 * 8 *
9 * * Redistributions of source code must retain the above copyright 9 * * Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
(...skipping 164 matching lines...) Expand 10 before | Expand all | Expand 10 after
175 // recorded here. 175 // recorded here.
176 // - ThreadableLoader w/ non-GET request is only created from javascript 176 // - ThreadableLoader w/ non-GET request is only created from javascript
177 // initiated fetch. 177 // initiated fetch.
178 // - Some non-script initiated fetches such as WorkerScriptLoader also use 178 // - Some non-script initiated fetches such as WorkerScriptLoader also use
179 // ThreadableLoader, but they are guaranteed to use GET method. 179 // ThreadableLoader, but they are guaranteed to use GET method.
180 if (request.httpMethod() != "GET") { 180 if (request.httpMethod() != "GET") {
181 if (Page* page = m_document.page()) 181 if (Page* page = m_document.page())
182 page->chromeClient().didObserveNonGetFetchFromScript(); 182 page->chromeClient().didObserveNonGetFetchFromScript();
183 } 183 }
184 184
185 if (!document.securityOrigin()->isSameSchemeHostPort(securityOrigin())) {
hiroshige 2015/10/15 08:30:02 nit: Using |m_document| instead of |document| migh
hiroshige 2015/10/15 08:30:02 Just for memo: This condition is also true for fil
186 ResourceRequest newRequest(request);
187 newRequest.setSkipServiceWorker(true);
188 dispatchInitialRequest(newRequest);
189 // |this| may be dead here in async mode.
190 return;
191 }
192
185 // If the fetch request will be handled by the ServiceWorker, the 193 // If the fetch request will be handled by the ServiceWorker, the
186 // FetchRequestMode of the request must be FetchRequestModeCORS or 194 // FetchRequestMode of the request must be FetchRequestModeCORS or
187 // FetchRequestModeCORSWithForcedPreflight. Otherwise the ServiceWorker can 195 // FetchRequestModeCORSWithForcedPreflight. Otherwise the ServiceWorker can
188 // return a opaque response which is from the other origin site and the 196 // return a opaque response which is from the other origin site and the
189 // script in the page can read the content. 197 // script in the page can read the content.
190 // 198 //
191 // We assume that ServiceWorker is skipped for sync requests and non-HTTP 199 // We assume that ServiceWorker is skipped for sync requests and non-HTTP
192 // familiy requests by content/ code. 200 // familiy requests by content/ code.
193 if (m_async && !request.skipServiceWorker() && request.url().protocolIsInHTT PFamily() && m_document.fetcher()->isControlledByServiceWorker()) { 201 if (m_async && !request.skipServiceWorker() && request.url().protocolIsInHTT PFamily() && m_document.fetcher()->isControlledByServiceWorker()) {
194 ResourceRequest newRequest(request); 202 ResourceRequest newRequest(request);
(...skipping 670 matching lines...) Expand 10 before | Expand all | Expand 10 after
865 return DoNotAllowStoredCredentials; 873 return DoNotAllowStoredCredentials;
866 return m_resourceLoaderOptions.allowCredentials; 874 return m_resourceLoaderOptions.allowCredentials;
867 } 875 }
868 876
869 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const 877 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const
870 { 878 {
871 return m_securityOrigin ? m_securityOrigin.get() : m_document.securityOrigin (); 879 return m_securityOrigin ? m_securityOrigin.get() : m_document.securityOrigin ();
872 } 880 }
873 881
874 } // namespace blink 882 } // namespace blink
OLDNEW
« no previous file with comments | « chrome/test/data/extensions/api_test/service_worker/content_script_fetch/manifest.json ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698