OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "config.h" | 5 #include "config.h" |
6 #include "modules/fetch/FetchManager.h" | 6 #include "modules/fetch/FetchManager.h" |
7 | 7 |
8 #include "bindings/core/v8/ExceptionState.h" | 8 #include "bindings/core/v8/ExceptionState.h" |
9 #include "bindings/core/v8/ScriptPromiseResolver.h" | 9 #include "bindings/core/v8/ScriptPromiseResolver.h" |
10 #include "bindings/core/v8/ScriptState.h" | 10 #include "bindings/core/v8/ScriptState.h" |
(...skipping 201 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
212 case WebURLRequest::FetchRequestModeSameOrigin: | 212 case WebURLRequest::FetchRequestModeSameOrigin: |
213 ASSERT_NOT_REACHED(); | 213 ASSERT_NOT_REACHED(); |
214 break; | 214 break; |
215 case WebURLRequest::FetchRequestModeNoCORS: | 215 case WebURLRequest::FetchRequestModeNoCORS: |
216 m_request->setResponseTainting(FetchRequestData::OpaqueTainting); | 216 m_request->setResponseTainting(FetchRequestData::OpaqueTainting); |
217 break; | 217 break; |
218 case WebURLRequest::FetchRequestModeCORS: | 218 case WebURLRequest::FetchRequestModeCORS: |
219 case WebURLRequest::FetchRequestModeCORSWithForcedPreflight: | 219 case WebURLRequest::FetchRequestModeCORSWithForcedPreflight: |
220 m_request->setResponseTainting(FetchRequestData::CORSTainting); | 220 m_request->setResponseTainting(FetchRequestData::CORSTainting); |
221 break; | 221 break; |
222 case WebURLRequest::FetchRequestModeNavigate: | |
223 ASSERT_NOT_REACHED(); | |
Mike West
2015/10/20 07:27:04
Should this be a `RELEASE_ASSERT_NOT_REACHED()`?
shiva.jm
2015/10/21 08:34:59
Yes right, we can use RELEASE_ASSERT_NOT_REACHED()
hiroshige
2015/10/30 12:31:30
I think horo@ just suggested to use DenyCrossOrigi
horo
2015/11/02 02:19:55
I forgot about RELEASE_ASSERT_NOT_REACHED.
I think
| |
224 break; | |
222 } | 225 } |
223 } | 226 } |
224 | 227 |
225 FetchResponseData* responseData = nullptr; | 228 FetchResponseData* responseData = nullptr; |
226 CompositeDataConsumerHandle::Updater* updater = nullptr; | 229 CompositeDataConsumerHandle::Updater* updater = nullptr; |
227 if (m_request->integrity().isEmpty()) | 230 if (m_request->integrity().isEmpty()) |
228 responseData = FetchResponseData::createWithBuffer(new BodyStreamBuffer( createFetchDataConsumerHandleFromWebHandle(handle))); | 231 responseData = FetchResponseData::createWithBuffer(new BodyStreamBuffer( createFetchDataConsumerHandleFromWebHandle(handle))); |
229 else | 232 else |
230 responseData = FetchResponseData::createWithBuffer(new BodyStreamBuffer( createFetchDataConsumerHandleFromWebHandle(CompositeDataConsumerHandle::create(c reateWaitingDataConsumerHandle(), &updater)))); | 233 responseData = FetchResponseData::createWithBuffer(new BodyStreamBuffer( createFetchDataConsumerHandleFromWebHandle(CompositeDataConsumerHandle::create(c reateWaitingDataConsumerHandle(), &updater)))); |
231 responseData->setStatus(response.httpStatusCode()); | 234 responseData->setStatus(response.httpStatusCode()); |
(...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
365 // "A network error." | 368 // "A network error." |
366 performNetworkError("Refused to connect to '" + m_request->url().elidedS tring() + "' because it violates the document's Content Security Policy."); | 369 performNetworkError("Refused to connect to '" + m_request->url().elidedS tring() + "' because it violates the document's Content Security Policy."); |
367 return; | 370 return; |
368 } | 371 } |
369 | 372 |
370 // "- |request|'s url's origin is |request|'s origin and the |CORS flag| is | 373 // "- |request|'s url's origin is |request|'s origin and the |CORS flag| is |
371 // unset" | 374 // unset" |
372 // "- |request|'s url's scheme is 'data' and |request|'s same-origin data | 375 // "- |request|'s url's scheme is 'data' and |request|'s same-origin data |
373 // URL flag is set" | 376 // URL flag is set" |
374 // "- |request|'s url's scheme is 'about'" | 377 // "- |request|'s url's scheme is 'about'" |
375 // Note we don't support to call this method with |CORS flag|. | 378 // Note we don't support to call this method with |CORS flag| |
379 // "- |request|'s mode is |navigate|". | |
376 if ((SecurityOrigin::create(m_request->url())->isSameSchemeHostPortAndSubori gin(m_request->origin().get())) | 380 if ((SecurityOrigin::create(m_request->url())->isSameSchemeHostPortAndSubori gin(m_request->origin().get())) |
377 || (m_request->url().protocolIsData() && m_request->sameOriginDataURLFla g()) | 381 || (m_request->url().protocolIsData() && m_request->sameOriginDataURLFla g()) |
378 || (m_request->url().protocolIsAbout())) { | 382 || (m_request->url().protocolIsAbout()) |
383 || (m_request->mode() == WebURLRequest::FetchRequestModeNavigate)) { | |
379 // "The result of performing a basic fetch using request." | 384 // "The result of performing a basic fetch using request." |
380 performBasicFetch(); | 385 performBasicFetch(); |
381 return; | 386 return; |
382 } | 387 } |
383 | 388 |
384 // "- |request|'s mode is |same-origin|" | 389 // "- |request|'s mode is |same-origin|" |
385 if (m_request->mode() == WebURLRequest::FetchRequestModeSameOrigin) { | 390 if (m_request->mode() == WebURLRequest::FetchRequestModeSameOrigin) { |
386 // "A network error." | 391 // "A network error." |
387 performNetworkError("Fetch API cannot load " + m_request->url().string() + ". Request mode is \"same-origin\" but the URL\'s origin is not same as the r equest origin " + m_request->origin()->toString() + "."); | 392 performNetworkError("Fetch API cannot load " + m_request->url().string() + ". Request mode is \"same-origin\" but the URL\'s origin is not same as the r equest origin " + m_request->origin()->toString() + "."); |
388 return; | 393 return; |
(...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
538 case WebURLRequest::FetchRequestModeSameOrigin: | 543 case WebURLRequest::FetchRequestModeSameOrigin: |
539 threadableLoaderOptions.crossOriginRequestPolicy = DenyCrossOriginReques ts; | 544 threadableLoaderOptions.crossOriginRequestPolicy = DenyCrossOriginReques ts; |
540 break; | 545 break; |
541 case WebURLRequest::FetchRequestModeNoCORS: | 546 case WebURLRequest::FetchRequestModeNoCORS: |
542 threadableLoaderOptions.crossOriginRequestPolicy = AllowCrossOriginReque sts; | 547 threadableLoaderOptions.crossOriginRequestPolicy = AllowCrossOriginReque sts; |
543 break; | 548 break; |
544 case WebURLRequest::FetchRequestModeCORS: | 549 case WebURLRequest::FetchRequestModeCORS: |
545 case WebURLRequest::FetchRequestModeCORSWithForcedPreflight: | 550 case WebURLRequest::FetchRequestModeCORSWithForcedPreflight: |
546 threadableLoaderOptions.crossOriginRequestPolicy = UseAccessControl; | 551 threadableLoaderOptions.crossOriginRequestPolicy = UseAccessControl; |
547 break; | 552 break; |
553 case WebURLRequest::FetchRequestModeNavigate: | |
554 // Using DenyCrossOriginRequests here to reduce the security risk | |
555 // "navigate" request is only available in ServiceWorker. | |
556 threadableLoaderOptions.crossOriginRequestPolicy = DenyCrossOriginReques ts; | |
557 break; | |
548 } | 558 } |
549 InspectorInstrumentation::willStartFetch(executionContext(), this); | 559 InspectorInstrumentation::willStartFetch(executionContext(), this); |
550 m_loader = ThreadableLoader::create(*executionContext(), this, request, thre adableLoaderOptions, resourceLoaderOptions); | 560 m_loader = ThreadableLoader::create(*executionContext(), this, request, thre adableLoaderOptions, resourceLoaderOptions); |
551 if (!m_loader) | 561 if (!m_loader) |
552 performNetworkError("Can't create ThreadableLoader"); | 562 performNetworkError("Can't create ThreadableLoader"); |
553 } | 563 } |
554 | 564 |
555 void FetchManager::Loader::failed(const String& message) | 565 void FetchManager::Loader::failed(const String& message) |
556 { | 566 { |
557 if (m_failed || m_finished) | 567 if (m_failed || m_finished) |
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
617 loader->dispose(); | 627 loader->dispose(); |
618 } | 628 } |
619 | 629 |
620 DEFINE_TRACE(FetchManager) | 630 DEFINE_TRACE(FetchManager) |
621 { | 631 { |
622 visitor->trace(m_executionContext); | 632 visitor->trace(m_executionContext); |
623 visitor->trace(m_loaders); | 633 visitor->trace(m_loaders); |
624 } | 634 } |
625 | 635 |
626 } // namespace blink | 636 } // namespace blink |
OLD | NEW |