Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(490)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/html/parser/PreloadRequest.cpp

Issue 1487343002: Set credentials mode "same-origin" when crossOrigin=anonymous is set. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: move #include "core/fetch/ResourceFetcher.h" to CSSImageValue.cpp Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp ('K') | « third_party/WebKit/Source/core/html/parser/PreloadRequest.h ('k') | third_party/WebKit/Source/core/loader/ImageLoader.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "config.h" 5 #include "config.h"
6 #include "core/html/parser/PreloadRequest.h" 6 #include "core/html/parser/PreloadRequest.h"
7 7
8 #include "core/dom/Document.h" 8 #include "core/dom/Document.h"
9 #include "core/fetch/FetchInitiatorInfo.h" 9 #include "core/fetch/FetchInitiatorInfo.h"
10 #include "platform/CrossOriginAttributeValue.h"
10 11
11 namespace blink { 12 namespace blink {
12 13
13 bool PreloadRequest::isSafeToSendToAnotherThread() const 14 bool PreloadRequest::isSafeToSendToAnotherThread() const
14 { 15 {
15 return m_initiatorName.isSafeToSendToAnotherThread() 16 return m_initiatorName.isSafeToSendToAnotherThread()
16 && m_charset.isSafeToSendToAnotherThread() 17 && m_charset.isSafeToSendToAnotherThread()
17 && m_resourceURL.isSafeToSendToAnotherThread() 18 && m_resourceURL.isSafeToSendToAnotherThread()
18 && m_baseURL.isSafeToSendToAnotherThread(); 19 && m_baseURL.isSafeToSendToAnotherThread();
19 } 20 }
(...skipping 10 matching lines...) Expand all
30 ASSERT(isMainThread()); 31 ASSERT(isMainThread());
31 FetchInitiatorInfo initiatorInfo; 32 FetchInitiatorInfo initiatorInfo;
32 initiatorInfo.name = AtomicString(m_initiatorName); 33 initiatorInfo.name = AtomicString(m_initiatorName);
33 initiatorInfo.position = m_initiatorPosition; 34 initiatorInfo.position = m_initiatorPosition;
34 ResourceRequest resourceRequest(completeURL(document)); 35 ResourceRequest resourceRequest(completeURL(document));
35 resourceRequest.setHTTPReferrer(SecurityPolicy::generateReferrer(m_referrerP olicy, resourceRequest.url(), document->outgoingReferrer())); 36 resourceRequest.setHTTPReferrer(SecurityPolicy::generateReferrer(m_referrerP olicy, resourceRequest.url(), document->outgoingReferrer()));
36 FetchRequest request(resourceRequest, initiatorInfo); 37 FetchRequest request(resourceRequest, initiatorInfo);
37 38
38 if (m_resourceType == Resource::ImportResource) { 39 if (m_resourceType == Resource::ImportResource) {
39 SecurityOrigin* securityOrigin = document->contextDocument()->securityOr igin(); 40 SecurityOrigin* securityOrigin = document->contextDocument()->securityOr igin();
40 bool sameOrigin = securityOrigin->canRequest(request.url()); 41 request.setCrossOriginAccessControl(securityOrigin, CrossOriginAttribute Anonymous);
41 request.setCrossOriginAccessControl(securityOrigin,
42 sameOrigin ? AllowStoredCredentials : DoNotAllowStoredCredentials,
43 ClientDidNotRequestCredentials);
44 } 42 }
45 43 if (m_crossOrigin != CrossOriginAttributeNotSet)
46 if (m_isCORSEnabled) 44 request.setCrossOriginAccessControl(document->securityOrigin(), m_crossO rigin);
47 request.setCrossOriginAccessControl(document->securityOrigin(), m_allowC redentials);
48
49 request.setDefer(m_defer); 45 request.setDefer(m_defer);
50 request.setResourceWidth(m_resourceWidth); 46 request.setResourceWidth(m_resourceWidth);
51 request.clientHintsPreferences().updateFrom(m_clientHintsPreferences); 47 request.clientHintsPreferences().updateFrom(m_clientHintsPreferences);
52 48
53 return request; 49 return request;
54 } 50 }
55 51
56 } 52 }
OLDNEW
« third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp ('K') | « third_party/WebKit/Source/core/html/parser/PreloadRequest.h ('k') | third_party/WebKit/Source/core/loader/ImageLoader.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698