Set credentials mode "same-origin" when crossOrigin=anonymous is set.

third_party/WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp

 /*
  * Copyright (C) 2008 Apple Inc. All Rights Reserved.
  * Copyright (C) 2009 Torch Mobile, Inc. http://www.torchmobile.com/
  * Copyright (C) 2010 Google Inc. All Rights Reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
@@ skipping 18 matching lines @@
 #include "core/html/parser/HTMLPreloadScanner.h"
 
 #include "core/HTMLNames.h"
 #include "core/InputTypeNames.h"
 #include "core/css/MediaList.h"
 #include "core/css/MediaQueryEvaluator.h"
 #include "core/css/MediaValuesCached.h"
 #include "core/css/parser/SizesAttributeParser.h"
 #include "core/dom/Document.h"
 #include "core/frame/Settings.h"
+#include "core/html/CrossOriginAttribute.h"
 #include "core/html/HTMLImageElement.h"
 #include "core/html/HTMLMetaElement.h"
 #include "core/html/LinkRelAttribute.h"
 #include "core/html/parser/HTMLParserIdioms.h"
 #include "core/html/parser/HTMLSrcsetParser.h"
 #include "core/html/parser/HTMLTokenizer.h"
 #include "platform/RuntimeEnabledFeatures.h"
 #include "platform/TraceEvent.h"
 #include "wtf/MainThread.h"
 
@@ skipping 63 matching lines @@
 public:
     StartTagScanner(const StringImpl* tagImpl, PassRefPtrWillBeRawPtr<MediaValues> mediaValues)
         : m_tagImpl(tagImpl)
         , m_linkIsStyleSheet(false)
         , m_linkIsPreconnect(false)
         , m_linkIsImport(false)
         , m_matchedMediaAttribute(true)
         , m_inputIsImage(false)
         , m_sourceSize(0)
         , m_sourceSizeSet(false)
-        , m_isCORSEnabled(false)
         , m_defer(FetchRequest::NoDefer)
-        , m_allowCredentials(DoNotAllowStoredCredentials)
+        , m_crossOrigin(CrossOriginAttributeNotSet)
         , m_mediaValues(mediaValues)
         , m_referrerPolicySet(false)
         , m_referrerPolicy(ReferrerPolicyDefault)
     {
         ASSERT(m_mediaValues->isCached());
         if (match(m_tagImpl, imgTag)
             || match(m_tagImpl, sourceTag)) {
             m_sourceSize = SizesAttributeParser(m_mediaValues, String()).length();
             return;
         }
@@ skipping 58 matching lines @@
             sourceSize = pictureData.sourceSize;
         }
         if (sourceSizeSet) {
             resourceWidth.width = sourceSize;
             resourceWidth.isSet = true;
         }
 
         // The element's 'referrerpolicy' attribute (if present) takes precedence over the document's referrer policy.
         ReferrerPolicy referrerPolicy = (m_referrerPolicy != ReferrerPolicyDefault && RuntimeEnabledFeatures::referrerPolicyAttributeEnabled()) ? m_referrerPolicy : documentReferrerPolicy;
         OwnPtr<PreloadRequest> request = PreloadRequest::create(initiatorFor(m_tagImpl), position, m_urlToLoad, predictedBaseURL, resourceType(), referrerPolicy, resourceWidth, clientHintsPreferences, requestType);
-        if (isCORSEnabled())
-            request->setCrossOriginEnabled(allowStoredCredentials());
+        request->setCrossOrigin(m_crossOrigin);
         request->setCharset(charset());
         request->setDefer(m_defer);
         return request.release();
     }
 
 private:
     template<typename NameType>
     void processScriptAttribute(const NameType& attributeName, const String& attributeValue)
     {
         // FIXME - Don't set crossorigin multiple times.
         if (match(attributeName, srcAttr))
             setUrlToLoad(attributeValue, DisallowURLReplacement);
         else if (match(attributeName, crossoriginAttr))
-            setCrossOriginAllowed(attributeValue);
+            setCrossOrigin(attributeValue);
         else if (match(attributeName, asyncAttr))
             setDefer(FetchRequest::LazyLoad);
         else if (match(attributeName, deferAttr))
             setDefer(FetchRequest::LazyLoad);
     }
 
     template<typename NameType>
     void processImgAttribute(const NameType& attributeName, const String& attributeValue)
     {
         if (match(attributeName, srcAttr) && m_imgSrcUrl.isNull()) {
             m_imgSrcUrl = attributeValue;
             setUrlToLoad(bestFitSourceForImageAttributes(m_mediaValues->devicePixelRatio(), m_sourceSize, attributeValue, m_srcsetImageCandidate), AllowURLReplacement);
         } else if (match(attributeName, crossoriginAttr)) {
-            setCrossOriginAllowed(attributeValue);
+            setCrossOrigin(attributeValue);
         } else if (match(attributeName, srcsetAttr) && m_srcsetImageCandidate.isEmpty()) {
             m_srcsetAttributeValue = attributeValue;
             m_srcsetImageCandidate = bestFitSourceForSrcsetAttribute(m_mediaValues->devicePixelRatio(), m_sourceSize, attributeValue);
             setUrlToLoad(bestFitSourceForImageAttributes(m_mediaValues->devicePixelRatio(), m_sourceSize, m_imgSrcUrl, m_srcsetImageCandidate), AllowURLReplacement);
         } else if (match(attributeName, sizesAttr) && !m_sourceSizeSet) {
             m_sourceSize = SizesAttributeParser(m_mediaValues, attributeValue).length();
             m_sourceSizeSet = true;
             if (!m_srcsetImageCandidate.isEmpty()) {
                 m_srcsetImageCandidate = bestFitSourceForSrcsetAttribute(m_mediaValues->devicePixelRatio(), m_sourceSize, m_srcsetAttributeValue);
                 setUrlToLoad(bestFitSourceForImageAttributes(m_mediaValues->devicePixelRatio(), m_sourceSize, m_imgSrcUrl, m_srcsetImageCandidate), AllowURLReplacement);
@@ skipping 11 matching lines @@
         if (match(attributeName, hrefAttr)) {
             setUrlToLoad(attributeValue, DisallowURLReplacement);
         } else if (match(attributeName, relAttr)) {
             LinkRelAttribute rel(attributeValue);
             m_linkIsStyleSheet = rel.isStyleSheet() && !rel.isAlternate() && rel.iconType() == InvalidIcon && !rel.isDNSPrefetch();
             m_linkIsPreconnect = rel.isPreconnect();
             m_linkIsImport = rel.isImport();
         } else if (match(attributeName, mediaAttr)) {
             m_matchedMediaAttribute = mediaAttributeMatches(*m_mediaValues, attributeValue);
         } else if (match(attributeName, crossoriginAttr)) {
-            setCrossOriginAllowed(attributeValue);
+            setCrossOrigin(attributeValue);
         }
     }
 
     template<typename NameType>
     void processInputAttribute(const NameType& attributeName, const String& attributeValue)
     {
         // FIXME - Don't set type multiple times.
         if (match(attributeName, srcAttr))
             setUrlToLoad(attributeValue, DisallowURLReplacement);
         else if (match(attributeName, typeAttr))
@@ skipping 89 matching lines @@
     bool shouldPreload() const
     {
         if (m_urlToLoad.isEmpty())
             return false;
         if (match(m_tagImpl, linkTag) && !m_linkIsStyleSheet && !m_linkIsImport)
             return false;
         if (match(m_tagImpl, inputTag) && !m_inputIsImage)
             return false;
         return true;
     }
-
-    bool isCORSEnabled() const
+    void setCrossOrigin(const String& corsSetting)
     {
-        return m_isCORSEnabled;
-    }
-
-    StoredCredentials allowStoredCredentials() const
-    {
-        return m_allowCredentials;
-    }
-
-    void setCrossOriginAllowed(const String& corsSetting)
-    {
-        m_isCORSEnabled = true;
-        if (!corsSetting.isNull() && equalIgnoringCase(stripLeadingAndTrailingHTMLSpaces(corsSetting), "use-credentials"))
-            m_allowCredentials = AllowStoredCredentials;
-        else
-            m_allowCredentials = DoNotAllowStoredCredentials;
+        m_crossOrigin = crossOriginAttributeValue(corsSetting);
     }
 
     void setDefer(FetchRequest::DeferOption defer)
     {
         m_defer = defer;
     }
 
     bool defer() const
     {
         return m_defer;
     }
 
     const StringImpl* m_tagImpl;
     String m_urlToLoad;
     ImageCandidate m_srcsetImageCandidate;
     String m_charset;
     bool m_linkIsStyleSheet;
     bool m_linkIsPreconnect;
     bool m_linkIsImport;
     bool m_matchedMediaAttribute;
     bool m_inputIsImage;
     String m_imgSrcUrl;
     String m_srcsetAttributeValue;
     float m_sourceSize;
     bool m_sourceSizeSet;
-    bool m_isCORSEnabled;
     FetchRequest::DeferOption m_defer;
-    StoredCredentials m_allowCredentials;
+    CrossOriginAttributeValue m_crossOrigin;
     RefPtrWillBeMember<MediaValues> m_mediaValues;
     bool m_referrerPolicySet;
     ReferrerPolicy m_referrerPolicy;
 };
 
 TokenPreloadScanner::TokenPreloadScanner(const KURL& documentURL, PassOwnPtr<CachedDocumentParameters> documentParameters)
     : m_documentURL(documentURL)
     , m_inStyle(false)
     , m_inPicture(false)
     , m_isAppCacheEnabled(false)
@@ skipping 240 matching lines @@
     else
         mediaValues = MediaValuesCached::create(*document);
     ASSERT(mediaValues->isSafeToSendToAnotherThread());
     defaultViewportMinWidth = document->viewportDefaultMinWidth();
     viewportMetaZeroValuesQuirk = document->settings() && document->settings()->viewportMetaZeroValuesQuirk();
     viewportMetaEnabled = document->settings() && document->settings()->viewportMetaEnabled();
     referrerPolicy = ReferrerPolicyDefault;
 }
 
 }