third_party/WebKit/Source/core/html/parser/PreloadRequest.cpp - Issue 1487343002: Set credentials mode "same-origin" when crossOrigin=anonymous is set.

Side by Side Diff: third_party/WebKit/Source/core/html/parser/PreloadRequest.cpp

Issue 1487343002: Set credentials mode "same-origin" when crossOrigin=anonymous is set. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: rebase Created 5 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « third_party/WebKit/Source/core/html/parser/PreloadRequest.h ('k') | third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2015 The Chromium Authors. All rights reserved.	1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "config.h"	5 #include "config.h"

6 #include "core/html/parser/PreloadRequest.h"	6 #include "core/html/parser/PreloadRequest.h"

7	7

8 #include "core/dom/Document.h"	8 #include "core/dom/Document.h"

9 #include "core/fetch/FetchInitiatorInfo.h"	9 #include "core/fetch/FetchInitiatorInfo.h"

	10 #include "platform/CrossOriginAttributeValue.h"

10	11

11 namespace blink {	12 namespace blink {

12	13

13 bool PreloadRequest::isSafeToSendToAnotherThread() const	14 bool PreloadRequest::isSafeToSendToAnotherThread() const

14 {	15 {

15 return m_initiatorName.isSafeToSendToAnotherThread()	16 return m_initiatorName.isSafeToSendToAnotherThread()

16 && m_charset.isSafeToSendToAnotherThread()	17 && m_charset.isSafeToSendToAnotherThread()

17 && m_resourceURL.isSafeToSendToAnotherThread()	18 && m_resourceURL.isSafeToSendToAnotherThread()

18 && m_baseURL.isSafeToSendToAnotherThread();	19 && m_baseURL.isSafeToSendToAnotherThread();

19 }	20 }

(...skipping 10 matching lines...) Expand all Loading...
30 ASSERT(isMainThread());	31 ASSERT(isMainThread());

31 FetchInitiatorInfo initiatorInfo;	32 FetchInitiatorInfo initiatorInfo;

32 initiatorInfo.name = AtomicString(m_initiatorName);	33 initiatorInfo.name = AtomicString(m_initiatorName);

33 initiatorInfo.position = m_initiatorPosition;	34 initiatorInfo.position = m_initiatorPosition;

34 ResourceRequest resourceRequest(completeURL(document));	35 ResourceRequest resourceRequest(completeURL(document));

35 resourceRequest.setHTTPReferrer(SecurityPolicy::generateReferrer(m_referrerP olicy, resourceRequest.url(), document->outgoingReferrer()));	36 resourceRequest.setHTTPReferrer(SecurityPolicy::generateReferrer(m_referrerP olicy, resourceRequest.url(), document->outgoingReferrer()));

36 FetchRequest request(resourceRequest, initiatorInfo);	37 FetchRequest request(resourceRequest, initiatorInfo);

37	38

38 if (m_resourceType == Resource::ImportResource) {	39 if (m_resourceType == Resource::ImportResource) {

39 SecurityOrigin* securityOrigin = document->contextDocument()->securityOr igin();	40 SecurityOrigin* securityOrigin = document->contextDocument()->securityOr igin();

40 bool sameOrigin = securityOrigin->canRequest(request.url());	41 request.setCrossOriginAccessControl(securityOrigin, CrossOriginAttribute Anonymous);

41 request.setCrossOriginAccessControl(securityOrigin,

42 sameOrigin ? AllowStoredCredentials : DoNotAllowStoredCredentials,

43 ClientDidNotRequestCredentials);

44 }	42 }

45	43 if (m_crossOrigin != CrossOriginAttributeNotSet)

46 if (m_isCORSEnabled)	44 request.setCrossOriginAccessControl(document->securityOrigin(), m_crossO rigin);

47 request.setCrossOriginAccessControl(document->securityOrigin(), m_allowC redentials);

48

49 request.setDefer(m_defer);	45 request.setDefer(m_defer);

50 request.setResourceWidth(m_resourceWidth);	46 request.setResourceWidth(m_resourceWidth);

51 request.clientHintsPreferences().updateFrom(m_clientHintsPreferences);	47 request.clientHintsPreferences().updateFrom(m_clientHintsPreferences);

52	48

53 return request;	49 return request;

54 }	50 }

55	51

56 }	52 }

OLD	NEW