Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(778)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/modules/fetch/FetchManager.cpp

Issue 1391583002: Introduce "navigate" mode in Requests (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« third_party/WebKit/LayoutTests/http/tests/fetch/script-tests/request.js ('K') | « third_party/WebKit/LayoutTests/http/tests/fetch/script-tests/request.js ('k') | third_party/WebKit/Source/modules/fetch/Request.cpp » ('j') | third_party/WebKit/Source/modules/fetch/Request.cpp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/modules/fetch/FetchManager.cpp
diff --git a/third_party/WebKit/Source/modules/fetch/FetchManager.cpp b/third_party/WebKit/Source/modules/fetch/FetchManager.cpp
index 9f61e5eca5799afac76dbdea89ae6320f6355cbc..08551368babc153edeee94a37b49f7b828cf8e6d 100644
--- a/third_party/WebKit/Source/modules/fetch/FetchManager.cpp
+++ b/third_party/WebKit/Source/modules/fetch/FetchManager.cpp
@@ -219,6 +219,9 @@ void FetchManager::Loader::didReceiveResponse(unsigned long, const ResourceRespo
case WebURLRequest::FetchRequestModeCORSWithForcedPreflight:
m_request->setResponseTainting(FetchRequestData::CORSTainting);
break;
+ case WebURLRequest::FetchRequestModeNavigate:
+ ASSERT_NOT_REACHED();
Mike West 2015/10/20 07:27:04 Should this be a `RELEASE_ASSERT_NOT_REACHED()`?
shiva.jm 2015/10/21 08:34:59 Yes right, we can use RELEASE_ASSERT_NOT_REACHED()
hiroshige 2015/10/30 12:31:30 I think horo@ just suggested to use DenyCrossOrigi
horo 2015/11/02 02:19:55 I forgot about RELEASE_ASSERT_NOT_REACHED. I think
+ break;
}
}
@@ -372,10 +375,12 @@ void FetchManager::Loader::start()
// "- |request|'s url's scheme is 'data' and |request|'s same-origin data
// URL flag is set"
// "- |request|'s url's scheme is 'about'"
- // Note we don't support to call this method with |CORS flag|.
+ // Note we don't support to call this method with |CORS flag|
+ // "- |request|'s mode is |navigate|".
if ((SecurityOrigin::create(m_request->url())->isSameSchemeHostPortAndSuborigin(m_request->origin().get()))
|| (m_request->url().protocolIsData() && m_request->sameOriginDataURLFlag())
- || (m_request->url().protocolIsAbout())) {
+ || (m_request->url().protocolIsAbout())
+ || (m_request->mode() == WebURLRequest::FetchRequestModeNavigate)) {
// "The result of performing a basic fetch using request."
performBasicFetch();
return;
@@ -545,6 +550,11 @@ void FetchManager::Loader::performHTTPFetch(bool corsFlag, bool corsPreflightFla
case WebURLRequest::FetchRequestModeCORSWithForcedPreflight:
threadableLoaderOptions.crossOriginRequestPolicy = UseAccessControl;
break;
+ case WebURLRequest::FetchRequestModeNavigate:
+ // Using DenyCrossOriginRequests here to reduce the security risk
+ // "navigate" request is only available in ServiceWorker.
+ threadableLoaderOptions.crossOriginRequestPolicy = DenyCrossOriginRequests;
+ break;
}
InspectorInstrumentation::willStartFetch(executionContext(), this);
m_loader = ThreadableLoader::create(*executionContext(), this, request, threadableLoaderOptions, resourceLoaderOptions);
« third_party/WebKit/LayoutTests/http/tests/fetch/script-tests/request.js ('K') | « third_party/WebKit/LayoutTests/http/tests/fetch/script-tests/request.js ('k') | third_party/WebKit/Source/modules/fetch/Request.cpp » ('j') | third_party/WebKit/Source/modules/fetch/Request.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698