Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(510)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/modules/fetch/FetchManager.cpp

Issue 1391583002: Introduce "navigate" mode in Requests (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/Source/core/loader/FrameLoadRequest.h ('k') | third_party/WebKit/Source/modules/fetch/Request.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/modules/fetch/FetchManager.cpp
diff --git a/third_party/WebKit/Source/modules/fetch/FetchManager.cpp b/third_party/WebKit/Source/modules/fetch/FetchManager.cpp
index e742559726563a778b8a69ab133559dde66750f8..5c309bf192aac36b29354f6efb09a1189941cfcc 100644
--- a/third_party/WebKit/Source/modules/fetch/FetchManager.cpp
+++ b/third_party/WebKit/Source/modules/fetch/FetchManager.cpp
@@ -235,6 +235,7 @@ void FetchManager::Loader::didReceiveResponse(unsigned long, const ResourceRespo
case WebURLRequest::FetchRequestModeSameOrigin:
case WebURLRequest::FetchRequestModeCORS:
case WebURLRequest::FetchRequestModeCORSWithForcedPreflight:
+ case WebURLRequest::FetchRequestModeNavigate:
performNetworkError("Fetch API cannot load " + m_request->url().string() + ". Redirects to data: URL are allowed only when mode is \"no-cors\".");
return;
}
@@ -253,6 +254,9 @@ void FetchManager::Loader::didReceiveResponse(unsigned long, const ResourceRespo
case WebURLRequest::FetchRequestModeCORSWithForcedPreflight:
m_request->setResponseTainting(FetchRequestData::CORSTainting);
break;
+ case WebURLRequest::FetchRequestModeNavigate:
+ RELEASE_ASSERT_NOT_REACHED();
+ break;
}
}
@@ -416,10 +420,12 @@ void FetchManager::Loader::start()
// "- |request|'s url's scheme is 'data' and |request|'s same-origin data
// URL flag is set"
// "- |request|'s url's scheme is 'about'"
- // Note we don't support to call this method with |CORS flag|.
+ // Note we don't support to call this method with |CORS flag|
+ // "- |request|'s mode is |navigate|".
if ((SecurityOrigin::create(m_request->url())->isSameSchemeHostPortAndSuborigin(m_request->origin().get()))
|| (m_request->url().protocolIsData() && m_request->sameOriginDataURLFlag())
- || (m_request->url().protocolIsAbout())) {
+ || (m_request->url().protocolIsAbout())
+ || (m_request->mode() == WebURLRequest::FetchRequestModeNavigate)) {
// "The result of performing a basic fetch using request."
performBasicFetch();
return;
@@ -593,6 +599,11 @@ void FetchManager::Loader::performHTTPFetch(bool corsFlag, bool corsPreflightFla
case WebURLRequest::FetchRequestModeCORSWithForcedPreflight:
threadableLoaderOptions.crossOriginRequestPolicy = UseAccessControl;
break;
+ case WebURLRequest::FetchRequestModeNavigate:
+ // Using DenyCrossOriginRequests here to reduce the security risk.
+ // "navigate" request is only available in ServiceWorker.
+ threadableLoaderOptions.crossOriginRequestPolicy = DenyCrossOriginRequests;
+ break;
}
InspectorInstrumentation::willStartFetch(executionContext(), this);
m_loader = ThreadableLoader::create(*executionContext(), this, request, threadableLoaderOptions, resourceLoaderOptions);
« no previous file with comments | « third_party/WebKit/Source/core/loader/FrameLoadRequest.h ('k') | third_party/WebKit/Source/modules/fetch/Request.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698