Index: third_party/WebKit/Source/modules/fetch/FetchManager.cpp |
diff --git a/third_party/WebKit/Source/modules/fetch/FetchManager.cpp b/third_party/WebKit/Source/modules/fetch/FetchManager.cpp |
index 9f61e5eca5799afac76dbdea89ae6320f6355cbc..08551368babc153edeee94a37b49f7b828cf8e6d 100644 |
--- a/third_party/WebKit/Source/modules/fetch/FetchManager.cpp |
+++ b/third_party/WebKit/Source/modules/fetch/FetchManager.cpp |
@@ -219,6 +219,9 @@ void FetchManager::Loader::didReceiveResponse(unsigned long, const ResourceRespo |
case WebURLRequest::FetchRequestModeCORSWithForcedPreflight: |
m_request->setResponseTainting(FetchRequestData::CORSTainting); |
break; |
+ case WebURLRequest::FetchRequestModeNavigate: |
+ ASSERT_NOT_REACHED(); |
Mike West
2015/10/20 07:27:04
Should this be a `RELEASE_ASSERT_NOT_REACHED()`?
shiva.jm
2015/10/21 08:34:59
Yes right, we can use RELEASE_ASSERT_NOT_REACHED()
hiroshige
2015/10/30 12:31:30
I think horo@ just suggested to use DenyCrossOrigi
horo
2015/11/02 02:19:55
I forgot about RELEASE_ASSERT_NOT_REACHED.
I think
|
+ break; |
} |
} |
@@ -372,10 +375,12 @@ void FetchManager::Loader::start() |
// "- |request|'s url's scheme is 'data' and |request|'s same-origin data |
// URL flag is set" |
// "- |request|'s url's scheme is 'about'" |
- // Note we don't support to call this method with |CORS flag|. |
+ // Note we don't support to call this method with |CORS flag| |
+ // "- |request|'s mode is |navigate|". |
if ((SecurityOrigin::create(m_request->url())->isSameSchemeHostPortAndSuborigin(m_request->origin().get())) |
|| (m_request->url().protocolIsData() && m_request->sameOriginDataURLFlag()) |
- || (m_request->url().protocolIsAbout())) { |
+ || (m_request->url().protocolIsAbout()) |
+ || (m_request->mode() == WebURLRequest::FetchRequestModeNavigate)) { |
// "The result of performing a basic fetch using request." |
performBasicFetch(); |
return; |
@@ -545,6 +550,11 @@ void FetchManager::Loader::performHTTPFetch(bool corsFlag, bool corsPreflightFla |
case WebURLRequest::FetchRequestModeCORSWithForcedPreflight: |
threadableLoaderOptions.crossOriginRequestPolicy = UseAccessControl; |
break; |
+ case WebURLRequest::FetchRequestModeNavigate: |
+ // Using DenyCrossOriginRequests here to reduce the security risk |
+ // "navigate" request is only available in ServiceWorker. |
+ threadableLoaderOptions.crossOriginRequestPolicy = DenyCrossOriginRequests; |
+ break; |
} |
InspectorInstrumentation::willStartFetch(executionContext(), this); |
m_loader = ThreadableLoader::create(*executionContext(), this, request, threadableLoaderOptions, resourceLoaderOptions); |