Set the request mode and the credentials mode of FetchEvent in the service worker correctly.

Set the request mode and the credentials mode of FetchEvent in the service worker correctly.

Currently the request mode and the credentials mode of FetchEvent.request are
not correctly set.

1. The credentials mode of no-cors resource request must be 'include', but
   currently 'same-origin'. (https://crbug.com/576534)
  ex: <img src="img.png"> <script src="test.js">

2. When fetch() is called in the page, the FetchEvent.request.mode is always
   'cors' and the FetchEvent.request.credentials is always 'same-origin' in the
   service worker. (https://crbug.com/543895)

3. When an audio element fetches a request, the FetchEvent.request.mode is
   always 'cors' and the FetchEvent.request.credentials is always 'same-origin'
   in the service worker.
Expected:
 - <audio>
   mode: no-cors, credentials: include
 - <audio crossOrigin='anonymous'>
   mode: cors, credentials: same-origin
 - <audio crossOrigin='use-credentials'>
   mode: cors, credentials: include

This CL includes many changes in LayoutTests/http/tests/fetch/. It is because
the credentials mode for script tag is changed from 'same-origin' to 'include'.
And fetch's SW-thorough tests are using script tags.

I will add browser_tests to check the modes which are set in
 - MimeHandlerViewContainer for <embed src="test.pdf">
 - ManifestFetcher for <link rel="manifest" href="manifest.json">
 - PepperURLLoaderHost for PPAPI's pp::URLLoader.
https://codereview.chromium.org/1665453003/

BUG=576534, 543895
Committed: https://crrev.com/aac099cc134c503accc16f5b2345023acff04b9e
Cr-Commit-Position: refs/heads/master@{#375403}

[horo, 2016-02-03 08:06:29]

Description was changed from

==========
Set the request mode and the credentials mode of FetchEvent in the service
worker.

Currently the request mode and the credentials mode of FetchEvent.request is not
correctly set.

1. The credentials mode of no-cors resources must be 'include', but currently
'same-origin'. (crbug.com/576534)
 ex: <img src="img.png">

2. When fetch() is called in the page, the FetchEvent.request.mode is always
'cors' and the FetchEvent.request.credentials is always 'same-origin' in the
service worker. (crbug.com/543895)

3. When an audio element fetches a request, the FetchEvent.request.mode is
always 'cors' and the FetchEvent.request.credentials is always 'same-origin' in
the service worker.
Expected:
 - <audio>
   mode: no-cors, credentials: include
 - <audio crossOrigin='use-credentials'>
   mode: cors, credentials: same-origin
 - <audio crossOrigin='anonymous'>
   mode: cors, credentials: include

This CL includes many changes in LayoutTests/http/tests/fetch/.
It is because the credentials mode for "script" is changed from 'same-origin' to
'include'.

BUG=576534,543895
==========

to

==========
Set the request mode and the credentials mode of FetchEvent in the service
worker.

Currently the request mode and the credentials mode of FetchEvent.request are
not correctly set.

1. The credentials mode of no-cors resources must be 'include', but currently
   'same-origin'. (crbug.com/576534)
 ex: <img src="img.png">

2. When fetch() is called in the page, the FetchEvent.request.mode is always
   'cors' and the FetchEvent.request.credentials is always 'same-origin' in the
   service worker. (crbug.com/543895)

3. When an audio element fetches a request, the FetchEvent.request.mode is
   always 'cors' and the FetchEvent.request.credentials is always 'same-origin'
   in the service worker.
Expected:
 - <audio>
   mode: no-cors, credentials: include
 - <audio crossOrigin='use-credentials'>
   mode: cors, credentials: same-origin
 - <audio crossOrigin='anonymous'>
   mode: cors, credentials: include

This CL includes many changes in LayoutTests/http/tests/fetch/. It is because
the credentials mode for "script" is changed from 'same-origin' to 'include'.

BUG=576534,543895
==========

[horo, 2016-02-03 08:07:47]

Description was changed from

==========
Set the request mode and the credentials mode of FetchEvent in the service
worker.

Currently the request mode and the credentials mode of FetchEvent.request are
not correctly set.

1. The credentials mode of no-cors resources must be 'include', but currently
   'same-origin'. (crbug.com/576534)
 ex: <img src="img.png">

2. When fetch() is called in the page, the FetchEvent.request.mode is always
   'cors' and the FetchEvent.request.credentials is always 'same-origin' in the
   service worker. (crbug.com/543895)

3. When an audio element fetches a request, the FetchEvent.request.mode is
   always 'cors' and the FetchEvent.request.credentials is always 'same-origin'
   in the service worker.
Expected:
 - <audio>
   mode: no-cors, credentials: include
 - <audio crossOrigin='use-credentials'>
   mode: cors, credentials: same-origin
 - <audio crossOrigin='anonymous'>
   mode: cors, credentials: include

This CL includes many changes in LayoutTests/http/tests/fetch/. It is because
the credentials mode for "script" is changed from 'same-origin' to 'include'.

BUG=576534,543895
==========

to

==========
Set the request mode and the credentials mode of FetchEvent in the service
worker.

Currently the request mode and the credentials mode of FetchEvent.request are
not correctly set.

1. The credentials mode of no-cors resources must be 'include', but currently
   'same-origin'. (crbug.com/576534)
 ex: <img src="img.png">

2. When fetch() is called in the page, the FetchEvent.request.mode is always
   'cors' and the FetchEvent.request.credentials is always 'same-origin' in the
   service worker. (crbug.com/543895)

3. When an audio element fetches a request, the FetchEvent.request.mode is
   always 'cors' and the FetchEvent.request.credentials is always 'same-origin'
   in the service worker.
Expected:
 - <audio>
   mode: no-cors, credentials: include
 - <audio crossOrigin='anonymous'>
   mode: cors, credentials: same-origin
 - <audio crossOrigin='use-credentials'>
   mode: cors, credentials: include

This CL includes many changes in LayoutTests/http/tests/fetch/. It is because
the credentials mode for "script" is changed from 'same-origin' to 'include'.

BUG=576534,543895
==========

[horo, 2016-02-03 08:35:11]

Description was changed from

==========
Set the request mode and the credentials mode of FetchEvent in the service
worker.

Currently the request mode and the credentials mode of FetchEvent.request are
not correctly set.

1. The credentials mode of no-cors resources must be 'include', but currently
   'same-origin'. (crbug.com/576534)
 ex: <img src="img.png">

2. When fetch() is called in the page, the FetchEvent.request.mode is always
   'cors' and the FetchEvent.request.credentials is always 'same-origin' in the
   service worker. (crbug.com/543895)

3. When an audio element fetches a request, the FetchEvent.request.mode is
   always 'cors' and the FetchEvent.request.credentials is always 'same-origin'
   in the service worker.
Expected:
 - <audio>
   mode: no-cors, credentials: include
 - <audio crossOrigin='anonymous'>
   mode: cors, credentials: same-origin
 - <audio crossOrigin='use-credentials'>
   mode: cors, credentials: include

This CL includes many changes in LayoutTests/http/tests/fetch/. It is because
the credentials mode for "script" is changed from 'same-origin' to 'include'.

BUG=576534,543895
==========

to

==========
Set the request mode and the credentials mode of FetchEvent in the service
worker correctly.

Currently the request mode and the credentials mode of FetchEvent.request are
not correctly set.

1. The credentials mode of no-cors resources must be 'include', but currently
   'same-origin'. (crbug.com/576534)
 ex: <img src="img.png">

2. When fetch() is called in the page, the FetchEvent.request.mode is always
   'cors' and the FetchEvent.request.credentials is always 'same-origin' in the
   service worker. (crbug.com/543895)

3. When an audio element fetches a request, the FetchEvent.request.mode is
   always 'cors' and the FetchEvent.request.credentials is always 'same-origin'
   in the service worker.
Expected:
 - <audio>
   mode: no-cors, credentials: include
 - <audio crossOrigin='anonymous'>
   mode: cors, credentials: same-origin
 - <audio crossOrigin='use-credentials'>
   mode: cors, credentials: include

This CL includes many changes in LayoutTests/http/tests/fetch/. It is because
the credentials mode for "script" is changed from 'same-origin' to 'include'.

BUG=576534,543895
==========

[horo, 2016-02-03 08:35:48]

Description was changed from

==========
Set the request mode and the credentials mode of FetchEvent in the service
worker correctly.

Currently the request mode and the credentials mode of FetchEvent.request are
not correctly set.

1. The credentials mode of no-cors resources must be 'include', but currently
   'same-origin'. (crbug.com/576534)
 ex: <img src="img.png">

2. When fetch() is called in the page, the FetchEvent.request.mode is always
   'cors' and the FetchEvent.request.credentials is always 'same-origin' in the
   service worker. (crbug.com/543895)

3. When an audio element fetches a request, the FetchEvent.request.mode is
   always 'cors' and the FetchEvent.request.credentials is always 'same-origin'
   in the service worker.
Expected:
 - <audio>
   mode: no-cors, credentials: include
 - <audio crossOrigin='anonymous'>
   mode: cors, credentials: same-origin
 - <audio crossOrigin='use-credentials'>
   mode: cors, credentials: include

This CL includes many changes in LayoutTests/http/tests/fetch/. It is because
the credentials mode for "script" is changed from 'same-origin' to 'include'.

BUG=576534,543895
==========

to

==========
Set the request mode and the credentials mode of FetchEvent in the service
worker correctly.

Currently the request mode and the credentials mode of FetchEvent.request are
not correctly set.

1. The credentials mode of no-cors resources must be 'include', but currently
   'same-origin'. (https://crbug.com/576534)
 ex: <img src="img.png">

2. When fetch() is called in the page, the FetchEvent.request.mode is always
   'cors' and the FetchEvent.request.credentials is always 'same-origin' in the
   service worker. (https://crbug.com/543895)

3. When an audio element fetches a request, the FetchEvent.request.mode is
   always 'cors' and the FetchEvent.request.credentials is always 'same-origin'
   in the service worker.
Expected:
 - <audio>
   mode: no-cors, credentials: include
 - <audio crossOrigin='anonymous'>
   mode: cors, credentials: same-origin
 - <audio crossOrigin='use-credentials'>
   mode: cors, credentials: include

This CL includes many changes in LayoutTests/http/tests/fetch/. It is because
the credentials mode for "script" is changed from 'same-origin' to 'include'.

BUG=576534,543895
==========

[horo, 2016-02-03 08:36:42]

Description was changed from

==========
Set the request mode and the credentials mode of FetchEvent in the service
worker correctly.

Currently the request mode and the credentials mode of FetchEvent.request are
not correctly set.

1. The credentials mode of no-cors resources must be 'include', but currently
   'same-origin'. (https://crbug.com/576534)
 ex: <img src="img.png">

2. When fetch() is called in the page, the FetchEvent.request.mode is always
   'cors' and the FetchEvent.request.credentials is always 'same-origin' in the
   service worker. (https://crbug.com/543895)

3. When an audio element fetches a request, the FetchEvent.request.mode is
   always 'cors' and the FetchEvent.request.credentials is always 'same-origin'
   in the service worker.
Expected:
 - <audio>
   mode: no-cors, credentials: include
 - <audio crossOrigin='anonymous'>
   mode: cors, credentials: same-origin
 - <audio crossOrigin='use-credentials'>
   mode: cors, credentials: include

This CL includes many changes in LayoutTests/http/tests/fetch/. It is because
the credentials mode for "script" is changed from 'same-origin' to 'include'.

BUG=576534,543895
==========

to

==========
Set the request mode and the credentials mode of FetchEvent in the service
worker correctly.

Currently the request mode and the credentials mode of FetchEvent.request are
not correctly set.

1. The credentials mode of no-cors resource request must be 'include', but
   currently 'same-origin'. (https://crbug.com/576534)
 ex: <img src="img.png">

2. When fetch() is called in the page, the FetchEvent.request.mode is always
   'cors' and the FetchEvent.request.credentials is always 'same-origin' in the
   service worker. (https://crbug.com/543895)

3. When an audio element fetches a request, the FetchEvent.request.mode is
   always 'cors' and the FetchEvent.request.credentials is always 'same-origin'
   in the service worker.
Expected:
 - <audio>
   mode: no-cors, credentials: include
 - <audio crossOrigin='anonymous'>
   mode: cors, credentials: same-origin
 - <audio crossOrigin='use-credentials'>
   mode: cors, credentials: include

This CL includes many changes in LayoutTests/http/tests/fetch/. It is because
the credentials mode for "script" is changed from 'same-origin' to 'include'.

BUG=576534,543895
==========

[horo, 2016-02-03 08:51:45]

Description was changed from

==========
Set the request mode and the credentials mode of FetchEvent in the service
worker correctly.

Currently the request mode and the credentials mode of FetchEvent.request are
not correctly set.

1. The credentials mode of no-cors resource request must be 'include', but
   currently 'same-origin'. (https://crbug.com/576534)
 ex: <img src="img.png">

2. When fetch() is called in the page, the FetchEvent.request.mode is always
   'cors' and the FetchEvent.request.credentials is always 'same-origin' in the
   service worker. (https://crbug.com/543895)

3. When an audio element fetches a request, the FetchEvent.request.mode is
   always 'cors' and the FetchEvent.request.credentials is always 'same-origin'
   in the service worker.
Expected:
 - <audio>
   mode: no-cors, credentials: include
 - <audio crossOrigin='anonymous'>
   mode: cors, credentials: same-origin
 - <audio crossOrigin='use-credentials'>
   mode: cors, credentials: include

This CL includes many changes in LayoutTests/http/tests/fetch/. It is because
the credentials mode for "script" is changed from 'same-origin' to 'include'.

BUG=576534,543895
==========

to

==========
Set the request mode and the credentials mode of FetchEvent in the service
worker correctly.

Currently the request mode and the credentials mode of FetchEvent.request are
not correctly set.

1. The credentials mode of no-cors resource request must be 'include', but
   currently 'same-origin'. (https://crbug.com/576534)
 ex: <img src="img.png">

2. When fetch() is called in the page, the FetchEvent.request.mode is always
   'cors' and the FetchEvent.request.credentials is always 'same-origin' in the
   service worker. (https://crbug.com/543895)

3. When an audio element fetches a request, the FetchEvent.request.mode is
   always 'cors' and the FetchEvent.request.credentials is always 'same-origin'
   in the service worker.
Expected:
 - <audio>
   mode: no-cors, credentials: include
 - <audio crossOrigin='anonymous'>
   mode: cors, credentials: same-origin
 - <audio crossOrigin='use-credentials'>
   mode: cors, credentials: include

This CL includes many changes in LayoutTests/http/tests/fetch/. It is because
the credentials mode for "script" is changed from 'same-origin' to 'include'.

I will add browser_tests to check the modes which are set in
 - MimeHandlerViewContainer for <embed src="test.pdf">
 - ManifestFetcher for <link rel="manifest" href="manifest.json">
 - PepperURLLoaderHost for PPAPI's pp::URLLoader.
https://codereview.chromium.org/1665453003/


BUG=576534,543895
==========

[horo, 2016-02-03 08:53:30]

Description was changed from

==========
Set the request mode and the credentials mode of FetchEvent in the service
worker correctly.

Currently the request mode and the credentials mode of FetchEvent.request are
not correctly set.

1. The credentials mode of no-cors resource request must be 'include', but
   currently 'same-origin'. (https://crbug.com/576534)
 ex: <img src="img.png">

2. When fetch() is called in the page, the FetchEvent.request.mode is always
   'cors' and the FetchEvent.request.credentials is always 'same-origin' in the
   service worker. (https://crbug.com/543895)

3. When an audio element fetches a request, the FetchEvent.request.mode is
   always 'cors' and the FetchEvent.request.credentials is always 'same-origin'
   in the service worker.
Expected:
 - <audio>
   mode: no-cors, credentials: include
 - <audio crossOrigin='anonymous'>
   mode: cors, credentials: same-origin
 - <audio crossOrigin='use-credentials'>
   mode: cors, credentials: include

This CL includes many changes in LayoutTests/http/tests/fetch/. It is because
the credentials mode for "script" is changed from 'same-origin' to 'include'.

I will add browser_tests to check the modes which are set in
 - MimeHandlerViewContainer for <embed src="test.pdf">
 - ManifestFetcher for <link rel="manifest" href="manifest.json">
 - PepperURLLoaderHost for PPAPI's pp::URLLoader.
https://codereview.chromium.org/1665453003/


BUG=576534,543895
==========

to

==========
Set the request mode and the credentials mode of FetchEvent in the service
worker correctly.

Currently the request mode and the credentials mode of FetchEvent.request are
not correctly set.

1. The credentials mode of no-cors resource request must be 'include', but
   currently 'same-origin'. (https://crbug.com/576534)
 ex: <img src="img.png">

2. When fetch() is called in the page, the FetchEvent.request.mode is always
   'cors' and the FetchEvent.request.credentials is always 'same-origin' in the
   service worker. (https://crbug.com/543895)

3. When an audio element fetches a request, the FetchEvent.request.mode is
   always 'cors' and the FetchEvent.request.credentials is always 'same-origin'
   in the service worker.
Expected:
 - <audio>
   mode: no-cors, credentials: include
 - <audio crossOrigin='anonymous'>
   mode: cors, credentials: same-origin
 - <audio crossOrigin='use-credentials'>
   mode: cors, credentials: include

This CL includes many changes in LayoutTests/http/tests/fetch/. It is because
the credentials mode for script tag is changed from 'same-origin' to 'include'.

I will add browser_tests to check the modes which are set in
 - MimeHandlerViewContainer for <embed src="test.pdf">
 - ManifestFetcher for <link rel="manifest" href="manifest.json">
 - PepperURLLoaderHost for PPAPI's pp::URLLoader.
https://codereview.chromium.org/1665453003/


BUG=576534,543895
==========

[horo, 2016-02-04 04:15:12]

Description was changed from

==========
Set the request mode and the credentials mode of FetchEvent in the service
worker correctly.

Currently the request mode and the credentials mode of FetchEvent.request are
not correctly set.

1. The credentials mode of no-cors resource request must be 'include', but
   currently 'same-origin'. (https://crbug.com/576534)
 ex: <img src="img.png">

2. When fetch() is called in the page, the FetchEvent.request.mode is always
   'cors' and the FetchEvent.request.credentials is always 'same-origin' in the
   service worker. (https://crbug.com/543895)

3. When an audio element fetches a request, the FetchEvent.request.mode is
   always 'cors' and the FetchEvent.request.credentials is always 'same-origin'
   in the service worker.
Expected:
 - <audio>
   mode: no-cors, credentials: include
 - <audio crossOrigin='anonymous'>
   mode: cors, credentials: same-origin
 - <audio crossOrigin='use-credentials'>
   mode: cors, credentials: include

This CL includes many changes in LayoutTests/http/tests/fetch/. It is because
the credentials mode for script tag is changed from 'same-origin' to 'include'.

I will add browser_tests to check the modes which are set in
 - MimeHandlerViewContainer for <embed src="test.pdf">
 - ManifestFetcher for <link rel="manifest" href="manifest.json">
 - PepperURLLoaderHost for PPAPI's pp::URLLoader.
https://codereview.chromium.org/1665453003/


BUG=576534,543895
==========

to

==========
Set the request mode and the credentials mode of FetchEvent in the service
worker correctly.

Currently the request mode and the credentials mode of FetchEvent.request are
not correctly set.

1. The credentials mode of no-cors resource request must be 'include', but
   currently 'same-origin'. (https://crbug.com/576534)
  ex: <img src="img.png"> <script src="test.js">

2. When fetch() is called in the page, the FetchEvent.request.mode is always
   'cors' and the FetchEvent.request.credentials is always 'same-origin' in the
   service worker. (https://crbug.com/543895)

3. When an audio element fetches a request, the FetchEvent.request.mode is
   always 'cors' and the FetchEvent.request.credentials is always 'same-origin'
   in the service worker.
Expected:
 - <audio>
   mode: no-cors, credentials: include
 - <audio crossOrigin='anonymous'>
   mode: cors, credentials: same-origin
 - <audio crossOrigin='use-credentials'>
   mode: cors, credentials: include

This CL includes many changes in LayoutTests/http/tests/fetch/. It is because
the credentials mode for script tag is changed from 'same-origin' to 'include'.

I will add browser_tests to check the modes which are set in
 - MimeHandlerViewContainer for <embed src="test.pdf">
 - ManifestFetcher for <link rel="manifest" href="manifest.json">
 - PepperURLLoaderHost for PPAPI's pp::URLLoader.
https://codereview.chromium.org/1665453003/


BUG=576534,543895
==========

[horo, 2016-02-04 04:16:46]

horo@chromium.org changed reviewers:
+ tyoshino@chromium.org

[horo, 2016-02-04 04:16:47]

tyoshino@
Could you please review this?

[tyoshino (SeeGerritForStatus), 2016-02-04 14:45:26]

https://codereview.chromium.org/1665533003/diff/1/third_party/WebKit/Source/c...
File third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp (left):

https://codereview.chromium.org/1665533003/diff/1/third_party/WebKit/Source/c...
third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp:599:
ASSERT(!m_fallbackRequestForServiceWorker.isNull() || m_requestContext ==
WebURLRequest::RequestContextSharedWorker);
Did this become removable as a result of the changes in this CL? Or being
cleaned up using this opportunity?

[horo, 2016-02-05 02:28:20]

https://codereview.chromium.org/1665533003/diff/1/third_party/WebKit/Source/c...
File third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp (left):

https://codereview.chromium.org/1665533003/diff/1/third_party/WebKit/Source/c...
third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp:599:
ASSERT(!m_fallbackRequestForServiceWorker.isNull() || m_requestContext ==
WebURLRequest::RequestContextSharedWorker);
On 2016/02/04 14:45:26, tyoshino wrote:
> Did this become removable as a result of the changes in this CL? Or being
> cleaned up using this opportunity?

m_fallbackRequestForServiceWorker is set only when the request mode is not CORS.
(See line 218)
So we have to remove this ASSERT.

[horo, 2016-02-05 05:32:35]

On 2016/02/05 02:28:20, horo wrote:
>
https://codereview.chromium.org/1665533003/diff/1/third_party/WebKit/Source/c...
> File third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp
(left):
> 
>
https://codereview.chromium.org/1665533003/diff/1/third_party/WebKit/Source/c...
> third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp:599:
> ASSERT(!m_fallbackRequestForServiceWorker.isNull() || m_requestContext ==
> WebURLRequest::RequestContextSharedWorker);
> On 2016/02/04 14:45:26, tyoshino wrote:
> > Did this become removable as a result of the changes in this CL? Or being
> > cleaned up using this opportunity?
> 
> m_fallbackRequestForServiceWorker is set only when the request mode is not
CORS.
> (See line 218)
> So we have to remove this ASSERT.

Wrong:
m_fallbackRequestForServiceWorker is set only when the request mode is not CORS.

Correct:
m_fallbackRequestForServiceWorker is set only when the request mode is CORS.

[tyoshino (SeeGerritForStatus), 2016-02-05 07:13:38]

lgtm

CL description:

> This CL includes many changes in LayoutTests/http/tests/fetch/. It is because
> the credentials mode for script tag is changed from 'same-origin' to
'include'.

Not only the script tag?

[horo, 2016-02-05 09:18:30]

Description was changed from

==========
Set the request mode and the credentials mode of FetchEvent in the service
worker correctly.

Currently the request mode and the credentials mode of FetchEvent.request are
not correctly set.

1. The credentials mode of no-cors resource request must be 'include', but
   currently 'same-origin'. (https://crbug.com/576534)
  ex: <img src="img.png"> <script src="test.js">

2. When fetch() is called in the page, the FetchEvent.request.mode is always
   'cors' and the FetchEvent.request.credentials is always 'same-origin' in the
   service worker. (https://crbug.com/543895)

3. When an audio element fetches a request, the FetchEvent.request.mode is
   always 'cors' and the FetchEvent.request.credentials is always 'same-origin'
   in the service worker.
Expected:
 - <audio>
   mode: no-cors, credentials: include
 - <audio crossOrigin='anonymous'>
   mode: cors, credentials: same-origin
 - <audio crossOrigin='use-credentials'>
   mode: cors, credentials: include

This CL includes many changes in LayoutTests/http/tests/fetch/. It is because
the credentials mode for script tag is changed from 'same-origin' to 'include'.

I will add browser_tests to check the modes which are set in
 - MimeHandlerViewContainer for <embed src="test.pdf">
 - ManifestFetcher for <link rel="manifest" href="manifest.json">
 - PepperURLLoaderHost for PPAPI's pp::URLLoader.
https://codereview.chromium.org/1665453003/


BUG=576534,543895
==========

to

==========
Set the request mode and the credentials mode of FetchEvent in the service
worker correctly.

Currently the request mode and the credentials mode of FetchEvent.request are
not correctly set.

1. The credentials mode of no-cors resource request must be 'include', but
   currently 'same-origin'. (https://crbug.com/576534)
  ex: <img src="img.png"> <script src="test.js">

2. When fetch() is called in the page, the FetchEvent.request.mode is always
   'cors' and the FetchEvent.request.credentials is always 'same-origin' in the
   service worker. (https://crbug.com/543895)

3. When an audio element fetches a request, the FetchEvent.request.mode is
   always 'cors' and the FetchEvent.request.credentials is always 'same-origin'
   in the service worker.
Expected:
 - <audio>
   mode: no-cors, credentials: include
 - <audio crossOrigin='anonymous'>
   mode: cors, credentials: same-origin
 - <audio crossOrigin='use-credentials'>
   mode: cors, credentials: include

This CL includes many changes in LayoutTests/http/tests/fetch/. It is because
the credentials mode for script tag is changed from 'same-origin' to 'include'.
And fetch's SW-thorough tests are using script tags.

I will add browser_tests to check the modes which are set in
 - MimeHandlerViewContainer for <embed src="test.pdf">
 - ManifestFetcher for <link rel="manifest" href="manifest.json">
 - PepperURLLoaderHost for PPAPI's pp::URLLoader.
https://codereview.chromium.org/1665453003/


BUG=576534,543895
==========

[horo, 2016-02-05 09:18:50]

On 2016/02/05 07:13:38, tyoshino wrote:
> lgtm
> 
> CL description:
> 
> > This CL includes many changes in LayoutTests/http/tests/fetch/. It is
because
> > the credentials mode for script tag is changed from 'same-origin' to
> 'include'.
> 
> Not only the script tag?

Added:
"And fetch's SW-thorough tests are using script tags."

[horo, 2016-02-05 09:20:56]

horo@chromium.org changed reviewers:
+ mkwst@chromium.org

[horo, 2016-02-05 09:20:56]

mkwst@

Could you please review third_party/WebKit/Source/core/loader/* and 
third_party/WebKit/Source/platform/network/ResourceRequest.cpp?

[Mike West, 2016-02-12 09:26:31]

On 2016/02/05 at 09:20:56, horo wrote:
> mkwst@
> 
> Could you please review third_party/WebKit/Source/core/loader/* and 
third_party/WebKit/Source/platform/network/ResourceRequest.cpp?

LGTM. Sorry, this got buried in my inbox. :(

[horo, 2016-02-15 01:46:19]

The CQ bit was checked by horo@chromium.org

[commit-bot: I haz the power, 2016-02-15 01:46:36]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1665533003/1
View timeline at
 https://chromium-cq-status.appspot.com/patch-timeline/1665533003/1

[commit-bot: I haz the power, 2016-02-15 03:08:53]

Description was changed from

==========
Set the request mode and the credentials mode of FetchEvent in the service
worker correctly.

Currently the request mode and the credentials mode of FetchEvent.request are
not correctly set.

1. The credentials mode of no-cors resource request must be 'include', but
   currently 'same-origin'. (https://crbug.com/576534)
  ex: <img src="img.png"> <script src="test.js">

2. When fetch() is called in the page, the FetchEvent.request.mode is always
   'cors' and the FetchEvent.request.credentials is always 'same-origin' in the
   service worker. (https://crbug.com/543895)

3. When an audio element fetches a request, the FetchEvent.request.mode is
   always 'cors' and the FetchEvent.request.credentials is always 'same-origin'
   in the service worker.
Expected:
 - <audio>
   mode: no-cors, credentials: include
 - <audio crossOrigin='anonymous'>
   mode: cors, credentials: same-origin
 - <audio crossOrigin='use-credentials'>
   mode: cors, credentials: include

This CL includes many changes in LayoutTests/http/tests/fetch/. It is because
the credentials mode for script tag is changed from 'same-origin' to 'include'.
And fetch's SW-thorough tests are using script tags.

I will add browser_tests to check the modes which are set in
 - MimeHandlerViewContainer for <embed src="test.pdf">
 - ManifestFetcher for <link rel="manifest" href="manifest.json">
 - PepperURLLoaderHost for PPAPI's pp::URLLoader.
https://codereview.chromium.org/1665453003/


BUG=576534,543895
==========

to

==========
Set the request mode and the credentials mode of FetchEvent in the service
worker correctly.

Currently the request mode and the credentials mode of FetchEvent.request are
not correctly set.

1. The credentials mode of no-cors resource request must be 'include', but
   currently 'same-origin'. (https://crbug.com/576534)
  ex: <img src="img.png"> <script src="test.js">

2. When fetch() is called in the page, the FetchEvent.request.mode is always
   'cors' and the FetchEvent.request.credentials is always 'same-origin' in the
   service worker. (https://crbug.com/543895)

3. When an audio element fetches a request, the FetchEvent.request.mode is
   always 'cors' and the FetchEvent.request.credentials is always 'same-origin'
   in the service worker.
Expected:
 - <audio>
   mode: no-cors, credentials: include
 - <audio crossOrigin='anonymous'>
   mode: cors, credentials: same-origin
 - <audio crossOrigin='use-credentials'>
   mode: cors, credentials: include

This CL includes many changes in LayoutTests/http/tests/fetch/. It is because
the credentials mode for script tag is changed from 'same-origin' to 'include'.
And fetch's SW-thorough tests are using script tags.

I will add browser_tests to check the modes which are set in
 - MimeHandlerViewContainer for <embed src="test.pdf">
 - ManifestFetcher for <link rel="manifest" href="manifest.json">
 - PepperURLLoaderHost for PPAPI's pp::URLLoader.
https://codereview.chromium.org/1665453003/


BUG=576534,543895
==========

[commit-bot: I haz the power, 2016-02-15 03:08:53]

Committed patchset #1 (id:1)

[commit-bot: I haz the power, 2016-02-16 22:48:39]

Description was changed from

==========
Set the request mode and the credentials mode of FetchEvent in the service
worker correctly.

Currently the request mode and the credentials mode of FetchEvent.request are
not correctly set.

1. The credentials mode of no-cors resource request must be 'include', but
   currently 'same-origin'. (https://crbug.com/576534)
  ex: <img src="img.png"> <script src="test.js">

2. When fetch() is called in the page, the FetchEvent.request.mode is always
   'cors' and the FetchEvent.request.credentials is always 'same-origin' in the
   service worker. (https://crbug.com/543895)

3. When an audio element fetches a request, the FetchEvent.request.mode is
   always 'cors' and the FetchEvent.request.credentials is always 'same-origin'
   in the service worker.
Expected:
 - <audio>
   mode: no-cors, credentials: include
 - <audio crossOrigin='anonymous'>
   mode: cors, credentials: same-origin
 - <audio crossOrigin='use-credentials'>
   mode: cors, credentials: include

This CL includes many changes in LayoutTests/http/tests/fetch/. It is because
the credentials mode for script tag is changed from 'same-origin' to 'include'.
And fetch's SW-thorough tests are using script tags.

I will add browser_tests to check the modes which are set in
 - MimeHandlerViewContainer for <embed src="test.pdf">
 - ManifestFetcher for <link rel="manifest" href="manifest.json">
 - PepperURLLoaderHost for PPAPI's pp::URLLoader.
https://codereview.chromium.org/1665453003/


BUG=576534,543895
==========

to

==========
Set the request mode and the credentials mode of FetchEvent in the service
worker correctly.

Currently the request mode and the credentials mode of FetchEvent.request are
not correctly set.

1. The credentials mode of no-cors resource request must be 'include', but
   currently 'same-origin'. (https://crbug.com/576534)
  ex: <img src="img.png"> <script src="test.js">

2. When fetch() is called in the page, the FetchEvent.request.mode is always
   'cors' and the FetchEvent.request.credentials is always 'same-origin' in the
   service worker. (https://crbug.com/543895)

3. When an audio element fetches a request, the FetchEvent.request.mode is
   always 'cors' and the FetchEvent.request.credentials is always 'same-origin'
   in the service worker.
Expected:
 - <audio>
   mode: no-cors, credentials: include
 - <audio crossOrigin='anonymous'>
   mode: cors, credentials: same-origin
 - <audio crossOrigin='use-credentials'>
   mode: cors, credentials: include

This CL includes many changes in LayoutTests/http/tests/fetch/. It is because
the credentials mode for script tag is changed from 'same-origin' to 'include'.
And fetch's SW-thorough tests are using script tags.

I will add browser_tests to check the modes which are set in
 - MimeHandlerViewContainer for <embed src="test.pdf">
 - ManifestFetcher for <link rel="manifest" href="manifest.json">
 - PepperURLLoaderHost for PPAPI's pp::URLLoader.
https://codereview.chromium.org/1665453003/

BUG=576534,543895

Committed: https://crrev.com/aac099cc134c503accc16f5b2345023acff04b9e
Cr-Commit-Position: refs/heads/master@{#375403}
==========

[commit-bot: I haz the power, 2016-02-16 22:48:41]

Patchset 1 (id:??) landed as
https://crrev.com/aac099cc134c503accc16f5b2345023acff04b9e
Cr-Commit-Position: refs/heads/master@{#375403}

[horo, 2016-02-25 08:13:17]

A revert of this CL (patchset #1 id:1) has been created in
https://codereview.chromium.org/1738753002/ by horo@chromium.org.

The reason for reverting is: This change introduced a security bug.
crbug.com/589740.