| Index: third_party/WebKit/Source/core/dom/ScriptLoader.cpp
|
| diff --git a/third_party/WebKit/Source/core/dom/ScriptLoader.cpp b/third_party/WebKit/Source/core/dom/ScriptLoader.cpp
|
| index a7b90c6739fafc8dca761bb50c11c5a5d3962981..aca2cfcd1c2d3c133e15b89fa989e1d6749ee2fe 100644
|
| --- a/third_party/WebKit/Source/core/dom/ScriptLoader.cpp
|
| +++ b/third_party/WebKit/Source/core/dom/ScriptLoader.cpp
|
| @@ -43,6 +43,7 @@
|
| #include "core/frame/SubresourceIntegrity.h"
|
| #include "core/frame/UseCounter.h"
|
| #include "core/frame/csp/ContentSecurityPolicy.h"
|
| +#include "core/html/CrossOriginAttribute.h"
|
| #include "core/html/HTMLScriptElement.h"
|
| #include "core/html/imports/HTMLImport.h"
|
| #include "core/html/parser/HTMLParserIdioms.h"
|
| @@ -290,9 +291,9 @@ bool ScriptLoader::fetchScript(const String& sourceUrl, FetchRequest::DeferOptio
|
| if (!stripLeadingAndTrailingHTMLSpaces(sourceUrl).isEmpty()) {
|
| FetchRequest request(ResourceRequest(elementDocument->completeURL(sourceUrl)), m_element->localName());
|
|
|
| - AtomicString crossOriginMode = m_element->fastGetAttribute(HTMLNames::crossoriginAttr);
|
| - if (!crossOriginMode.isNull())
|
| - request.setCrossOriginAccessControl(elementDocument->securityOrigin(), crossOriginMode);
|
| + CrossOriginAttributeValue crossOrigin = crossOriginAttributeValue(m_element->fastGetAttribute(HTMLNames::crossoriginAttr));
|
| + if (crossOrigin != CrossOriginAttributeNotSet)
|
| + request.setCrossOriginAccessControl(elementDocument->securityOrigin(), crossOrigin);
|
| request.setCharset(scriptCharset());
|
|
|
| bool scriptPassesCSP = elementDocument->contentSecurityPolicy()->allowScriptWithNonce(m_element->fastGetAttribute(HTMLNames::nonceAttr));
|
|
|
Chromium Code Reviews
Issue 1487343002:
Set credentials mode "same-origin" when crossOrigin=anonymous is set. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master