Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(60)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/fetch/ResourceLoader.cpp

Issue 146853003: Correctly handle CORS access checks over cache-validating responses. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 6 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « LayoutTests/http/tests/security/script-crossorigin-loads-cross-origin-conditional-expected.txt ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2006, 2007, 2010, 2011 Apple Inc. All rights reserved. 2 * Copyright (C) 2006, 2007, 2010, 2011 Apple Inc. All rights reserved.
3 * (C) 2007 Graham Dennis (graham.dennis@gmail.com) 3 * (C) 2007 Graham Dennis (graham.dennis@gmail.com)
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
(...skipping 295 matching lines...) Expand 10 before | Expand all | Expand 10 after
306 306
307 bool isMultipartPayload = response.isMultipartPayload(); 307 bool isMultipartPayload = response.isMultipartPayload();
308 bool isValidStateTransition = (m_connectionState == ConnectionStateStarted | | m_connectionState == ConnectionStateReceivedResponse); 308 bool isValidStateTransition = (m_connectionState == ConnectionStateStarted | | m_connectionState == ConnectionStateReceivedResponse);
309 // In the case of multipart loads, calls to didReceiveData & didReceiveRespo nse can be interleaved. 309 // In the case of multipart loads, calls to didReceiveData & didReceiveRespo nse can be interleaved.
310 RELEASE_ASSERT(isMultipartPayload || isValidStateTransition); 310 RELEASE_ASSERT(isMultipartPayload || isValidStateTransition);
311 m_connectionState = ConnectionStateReceivedResponse; 311 m_connectionState = ConnectionStateReceivedResponse;
312 312
313 const ResourceResponse& resourceResponse = response.toResourceResponse(); 313 const ResourceResponse& resourceResponse = response.toResourceResponse();
314 314
315 if (responseNeedsAccessControlCheck()) { 315 if (responseNeedsAccessControlCheck()) {
316 m_resource->setResponse(resourceResponse); 316 // If the response successfully validated a cached resource, perform
317 if (!m_host->canAccessResource(m_resource, response.url())) { 317 // the access control with respect to it. Need to do this right here
318 // before the resource switches clients over to that validated resource.
319 Resource* resource = m_resource;
320 if (resource->isCacheValidator() && resourceResponse.httpStatusCode() == 304)
321 resource = m_resource->resourceToRevalidate();
322 else
323 m_resource->setResponse(resourceResponse);
324 if (!m_host->canAccessResource(resource, response.url())) {
318 cancel(); 325 cancel();
319 return; 326 return;
320 } 327 }
321 } 328 }
322 329
323 // Reference the object in this method since the additional processing can d o 330 // Reference the object in this method since the additional processing can d o
324 // anything including removing the last reference to this object. 331 // anything including removing the last reference to this object.
325 RefPtr<ResourceLoader> protect(this); 332 RefPtr<ResourceLoader> protect(this);
326 m_resource->responseReceived(resourceResponse); 333 m_resource->responseReceived(resourceResponse);
327 if (m_state == Terminated) 334 if (m_state == Terminated)
(...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after
449 didReceiveResponse(0, responseOut); 456 didReceiveResponse(0, responseOut);
450 if (m_state == Terminated) 457 if (m_state == Terminated)
451 return; 458 return;
452 RefPtr<ResourceLoadInfo> resourceLoadInfo = responseOut.toResourceResponse() .resourceLoadInfo(); 459 RefPtr<ResourceLoadInfo> resourceLoadInfo = responseOut.toResourceResponse() .resourceLoadInfo();
453 m_host->didReceiveData(m_resource, dataOut.data(), dataOut.size(), resourceL oadInfo ? resourceLoadInfo->encodedDataLength : -1); 460 m_host->didReceiveData(m_resource, dataOut.data(), dataOut.size(), resourceL oadInfo ? resourceLoadInfo->encodedDataLength : -1);
454 m_resource->setResourceBuffer(dataOut); 461 m_resource->setResourceBuffer(dataOut);
455 didFinishLoading(0, monotonicallyIncreasingTime()); 462 didFinishLoading(0, monotonicallyIncreasingTime());
456 } 463 }
457 464
458 } 465 }
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/security/script-crossorigin-loads-cross-origin-conditional-expected.txt ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698