OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "config.h" | 5 #include "config.h" |
6 #include "modules/fetch/FetchManager.h" | 6 #include "modules/fetch/FetchManager.h" |
7 | 7 |
8 #include "bindings/core/v8/ExceptionState.h" | 8 #include "bindings/core/v8/ExceptionState.h" |
9 #include "bindings/core/v8/ScriptPromiseResolver.h" | 9 #include "bindings/core/v8/ScriptPromiseResolver.h" |
10 #include "bindings/core/v8/ScriptState.h" | 10 #include "bindings/core/v8/ScriptState.h" |
(...skipping 217 matching lines...) Loading... |
228 // same-origin data-URL flag is unset, except for no-cors mode. | 228 // same-origin data-URL flag is unset, except for no-cors mode. |
229 // TODO(hiroshige): currently redirects to data URLs in no-cors | 229 // TODO(hiroshige): currently redirects to data URLs in no-cors |
230 // mode is also rejected by Chromium side. | 230 // mode is also rejected by Chromium side. |
231 switch (m_request->mode()) { | 231 switch (m_request->mode()) { |
232 case WebURLRequest::FetchRequestModeNoCORS: | 232 case WebURLRequest::FetchRequestModeNoCORS: |
233 m_request->setResponseTainting(FetchRequestData::OpaqueTainting)
; | 233 m_request->setResponseTainting(FetchRequestData::OpaqueTainting)
; |
234 break; | 234 break; |
235 case WebURLRequest::FetchRequestModeSameOrigin: | 235 case WebURLRequest::FetchRequestModeSameOrigin: |
236 case WebURLRequest::FetchRequestModeCORS: | 236 case WebURLRequest::FetchRequestModeCORS: |
237 case WebURLRequest::FetchRequestModeCORSWithForcedPreflight: | 237 case WebURLRequest::FetchRequestModeCORSWithForcedPreflight: |
| 238 case WebURLRequest::FetchRequestModeNavigate: |
238 performNetworkError("Fetch API cannot load " + m_request->url().
string() + ". Redirects to data: URL are allowed only when mode is \"no-cors\"."
); | 239 performNetworkError("Fetch API cannot load " + m_request->url().
string() + ". Redirects to data: URL are allowed only when mode is \"no-cors\"."
); |
239 return; | 240 return; |
240 } | 241 } |
241 } | 242 } |
242 } else if (!SecurityOrigin::create(response.url())->isSameSchemeHostPort(m_r
equest->origin().get())) { | 243 } else if (!SecurityOrigin::create(response.url())->isSameSchemeHostPort(m_r
equest->origin().get())) { |
243 // Recompute the tainting if the request was redirected to a different | 244 // Recompute the tainting if the request was redirected to a different |
244 // origin. | 245 // origin. |
245 switch (m_request->mode()) { | 246 switch (m_request->mode()) { |
246 case WebURLRequest::FetchRequestModeSameOrigin: | 247 case WebURLRequest::FetchRequestModeSameOrigin: |
247 ASSERT_NOT_REACHED(); | 248 ASSERT_NOT_REACHED(); |
248 break; | 249 break; |
249 case WebURLRequest::FetchRequestModeNoCORS: | 250 case WebURLRequest::FetchRequestModeNoCORS: |
250 m_request->setResponseTainting(FetchRequestData::OpaqueTainting); | 251 m_request->setResponseTainting(FetchRequestData::OpaqueTainting); |
251 break; | 252 break; |
252 case WebURLRequest::FetchRequestModeCORS: | 253 case WebURLRequest::FetchRequestModeCORS: |
253 case WebURLRequest::FetchRequestModeCORSWithForcedPreflight: | 254 case WebURLRequest::FetchRequestModeCORSWithForcedPreflight: |
254 m_request->setResponseTainting(FetchRequestData::CORSTainting); | 255 m_request->setResponseTainting(FetchRequestData::CORSTainting); |
255 break; | 256 break; |
| 257 case WebURLRequest::FetchRequestModeNavigate: |
| 258 RELEASE_ASSERT_NOT_REACHED(); |
| 259 break; |
256 } | 260 } |
257 } | 261 } |
258 | 262 |
259 FetchResponseData* responseData = nullptr; | 263 FetchResponseData* responseData = nullptr; |
260 CompositeDataConsumerHandle::Updater* updater = nullptr; | 264 CompositeDataConsumerHandle::Updater* updater = nullptr; |
261 if (m_request->integrity().isEmpty()) | 265 if (m_request->integrity().isEmpty()) |
262 responseData = FetchResponseData::createWithBuffer(new BodyStreamBuffer(
createFetchDataConsumerHandleFromWebHandle(handle))); | 266 responseData = FetchResponseData::createWithBuffer(new BodyStreamBuffer(
createFetchDataConsumerHandleFromWebHandle(handle))); |
263 else | 267 else |
264 responseData = FetchResponseData::createWithBuffer(new BodyStreamBuffer(
createFetchDataConsumerHandleFromWebHandle(CompositeDataConsumerHandle::create(c
reateWaitingDataConsumerHandle(), &updater)))); | 268 responseData = FetchResponseData::createWithBuffer(new BodyStreamBuffer(
createFetchDataConsumerHandleFromWebHandle(CompositeDataConsumerHandle::create(c
reateWaitingDataConsumerHandle(), &updater)))); |
265 responseData->setStatus(response.httpStatusCode()); | 269 responseData->setStatus(response.httpStatusCode()); |
(...skipping 143 matching lines...) Loading... |
409 // "A network error." | 413 // "A network error." |
410 performNetworkError("Refused to connect to '" + m_request->url().elidedS
tring() + "' because it violates the document's Content Security Policy."); | 414 performNetworkError("Refused to connect to '" + m_request->url().elidedS
tring() + "' because it violates the document's Content Security Policy."); |
411 return; | 415 return; |
412 } | 416 } |
413 | 417 |
414 // "- |request|'s url's origin is |request|'s origin and the |CORS flag| is | 418 // "- |request|'s url's origin is |request|'s origin and the |CORS flag| is |
415 // unset" | 419 // unset" |
416 // "- |request|'s url's scheme is 'data' and |request|'s same-origin data | 420 // "- |request|'s url's scheme is 'data' and |request|'s same-origin data |
417 // URL flag is set" | 421 // URL flag is set" |
418 // "- |request|'s url's scheme is 'about'" | 422 // "- |request|'s url's scheme is 'about'" |
419 // Note we don't support to call this method with |CORS flag|. | 423 // Note we don't support to call this method with |CORS flag| |
| 424 // "- |request|'s mode is |navigate|". |
420 if ((SecurityOrigin::create(m_request->url())->isSameSchemeHostPortAndSubori
gin(m_request->origin().get())) | 425 if ((SecurityOrigin::create(m_request->url())->isSameSchemeHostPortAndSubori
gin(m_request->origin().get())) |
421 || (m_request->url().protocolIsData() && m_request->sameOriginDataURLFla
g()) | 426 || (m_request->url().protocolIsData() && m_request->sameOriginDataURLFla
g()) |
422 || (m_request->url().protocolIsAbout())) { | 427 || (m_request->url().protocolIsAbout()) |
| 428 || (m_request->mode() == WebURLRequest::FetchRequestModeNavigate)) { |
423 // "The result of performing a basic fetch using request." | 429 // "The result of performing a basic fetch using request." |
424 performBasicFetch(); | 430 performBasicFetch(); |
425 return; | 431 return; |
426 } | 432 } |
427 | 433 |
428 // "- |request|'s mode is |same-origin|" | 434 // "- |request|'s mode is |same-origin|" |
429 if (m_request->mode() == WebURLRequest::FetchRequestModeSameOrigin) { | 435 if (m_request->mode() == WebURLRequest::FetchRequestModeSameOrigin) { |
430 // "A network error." | 436 // "A network error." |
431 performNetworkError("Fetch API cannot load " + m_request->url().string()
+ ". Request mode is \"same-origin\" but the URL\'s origin is not same as the r
equest origin " + m_request->origin()->toString() + "."); | 437 performNetworkError("Fetch API cannot load " + m_request->url().string()
+ ". Request mode is \"same-origin\" but the URL\'s origin is not same as the r
equest origin " + m_request->origin()->toString() + "."); |
432 return; | 438 return; |
(...skipping 153 matching lines...) Loading... |
586 case WebURLRequest::FetchRequestModeSameOrigin: | 592 case WebURLRequest::FetchRequestModeSameOrigin: |
587 threadableLoaderOptions.crossOriginRequestPolicy = DenyCrossOriginReques
ts; | 593 threadableLoaderOptions.crossOriginRequestPolicy = DenyCrossOriginReques
ts; |
588 break; | 594 break; |
589 case WebURLRequest::FetchRequestModeNoCORS: | 595 case WebURLRequest::FetchRequestModeNoCORS: |
590 threadableLoaderOptions.crossOriginRequestPolicy = AllowCrossOriginReque
sts; | 596 threadableLoaderOptions.crossOriginRequestPolicy = AllowCrossOriginReque
sts; |
591 break; | 597 break; |
592 case WebURLRequest::FetchRequestModeCORS: | 598 case WebURLRequest::FetchRequestModeCORS: |
593 case WebURLRequest::FetchRequestModeCORSWithForcedPreflight: | 599 case WebURLRequest::FetchRequestModeCORSWithForcedPreflight: |
594 threadableLoaderOptions.crossOriginRequestPolicy = UseAccessControl; | 600 threadableLoaderOptions.crossOriginRequestPolicy = UseAccessControl; |
595 break; | 601 break; |
| 602 case WebURLRequest::FetchRequestModeNavigate: |
| 603 // Using DenyCrossOriginRequests here to reduce the security risk. |
| 604 // "navigate" request is only available in ServiceWorker. |
| 605 threadableLoaderOptions.crossOriginRequestPolicy = DenyCrossOriginReques
ts; |
| 606 break; |
596 } | 607 } |
597 InspectorInstrumentation::willStartFetch(executionContext(), this); | 608 InspectorInstrumentation::willStartFetch(executionContext(), this); |
598 m_loader = ThreadableLoader::create(*executionContext(), this, request, thre
adableLoaderOptions, resourceLoaderOptions); | 609 m_loader = ThreadableLoader::create(*executionContext(), this, request, thre
adableLoaderOptions, resourceLoaderOptions); |
599 if (!m_loader) | 610 if (!m_loader) |
600 performNetworkError("Can't create ThreadableLoader"); | 611 performNetworkError("Can't create ThreadableLoader"); |
601 } | 612 } |
602 | 613 |
603 // performDataFetch() is almost the same as performHTTPFetch(), except for: | 614 // performDataFetch() is almost the same as performHTTPFetch(), except for: |
604 // - We set AllowCrossOriginRequests to allow requests to data: URLs in | 615 // - We set AllowCrossOriginRequests to allow requests to data: URLs in |
605 // 'same-origin' mode. | 616 // 'same-origin' mode. |
(...skipping 94 matching lines...) Loading... |
700 loader->dispose(); | 711 loader->dispose(); |
701 } | 712 } |
702 | 713 |
703 DEFINE_TRACE(FetchManager) | 714 DEFINE_TRACE(FetchManager) |
704 { | 715 { |
705 visitor->trace(m_executionContext); | 716 visitor->trace(m_executionContext); |
706 visitor->trace(m_loaders); | 717 visitor->trace(m_loaders); |
707 } | 718 } |
708 | 719 |
709 } // namespace blink | 720 } // namespace blink |
OLD | NEW |