| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. |
| 3 * Copyright (C) 2013, Intel Corporation | 3 * Copyright (C) 2013, Intel Corporation |
| 4 * | 4 * |
| 5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
| 6 * modification, are permitted provided that the following conditions are | 6 * modification, are permitted provided that the following conditions are |
| 7 * met: | 7 * met: |
| 8 * | 8 * |
| 9 * * Redistributions of source code must retain the above copyright | 9 * * Redistributions of source code must retain the above copyright |
| 10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
| (...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 75 , m_simpleRequest(true) | 75 , m_simpleRequest(true) |
| 76 , m_async(blockingBehavior == LoadAsynchronously) | 76 , m_async(blockingBehavior == LoadAsynchronously) |
| 77 , m_timeoutTimer(this, &DocumentThreadableLoader::didTimeout) | 77 , m_timeoutTimer(this, &DocumentThreadableLoader::didTimeout) |
| 78 { | 78 { |
| 79 ASSERT(document); | 79 ASSERT(document); |
| 80 ASSERT(client); | 80 ASSERT(client); |
| 81 // Setting an outgoing referer is only supported in the async code path. | 81 // Setting an outgoing referer is only supported in the async code path. |
| 82 ASSERT(m_async || request.httpReferrer().isEmpty()); | 82 ASSERT(m_async || request.httpReferrer().isEmpty()); |
| 83 | 83 |
| 84 if (m_sameOriginRequest || m_options.crossOriginRequestPolicy == AllowCrossO
riginRequests) { | 84 if (m_sameOriginRequest || m_options.crossOriginRequestPolicy == AllowCrossO
riginRequests) { |
| 85 loadRequest(request, DoSecurityCheck); | 85 loadRequest(request); |
| 86 return; | 86 return; |
| 87 } | 87 } |
| 88 | 88 |
| 89 if (m_options.crossOriginRequestPolicy == DenyCrossOriginRequests) { | 89 if (m_options.crossOriginRequestPolicy == DenyCrossOriginRequests) { |
| 90 m_client->didFail(ResourceError(errorDomainBlinkInternal, 0, request.url
().string(), "Cross origin requests are not supported.")); | 90 m_client->didFail(ResourceError(errorDomainBlinkInternal, 0, request.url
().string(), "Cross origin requests are not supported.")); |
| 91 return; | 91 return; |
| 92 } | 92 } |
| 93 | 93 |
| 94 makeCrossOriginAccessRequest(request); | 94 makeCrossOriginAccessRequest(request); |
| 95 } | 95 } |
| (...skipping 24 matching lines...) Expand all Loading... |
| 120 { | 120 { |
| 121 ASSERT(m_options.preflightPolicy != ForcePreflight); | 121 ASSERT(m_options.preflightPolicy != ForcePreflight); |
| 122 ASSERT(m_options.preflightPolicy == PreventPreflight || isSimpleCrossOriginA
ccessRequest(request.httpMethod(), request.httpHeaderFields())); | 122 ASSERT(m_options.preflightPolicy == PreventPreflight || isSimpleCrossOriginA
ccessRequest(request.httpMethod(), request.httpHeaderFields())); |
| 123 | 123 |
| 124 // Cross-origin requests are only allowed for HTTP and registered schemes. W
e would catch this when checking response headers later, but there is no reason
to send a request that's guaranteed to be denied. | 124 // Cross-origin requests are only allowed for HTTP and registered schemes. W
e would catch this when checking response headers later, but there is no reason
to send a request that's guaranteed to be denied. |
| 125 if (!SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(request.url().protoco
l())) { | 125 if (!SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(request.url().protoco
l())) { |
| 126 m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkIntern
al, 0, request.url().string(), "Cross origin requests are only supported for HTT
P.")); | 126 m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkIntern
al, 0, request.url().string(), "Cross origin requests are only supported for HTT
P.")); |
| 127 return; | 127 return; |
| 128 } | 128 } |
| 129 | 129 |
| 130 loadRequest(request, DoSecurityCheck); | 130 loadRequest(request); |
| 131 } | 131 } |
| 132 | 132 |
| 133 void DocumentThreadableLoader::makeCrossOriginAccessRequestWithPreflight(const R
esourceRequest& request) | 133 void DocumentThreadableLoader::makeCrossOriginAccessRequestWithPreflight(const R
esourceRequest& request) |
| 134 { | 134 { |
| 135 ResourceRequest preflightRequest = createAccessControlPreflightRequest(reque
st, securityOrigin()); | 135 ResourceRequest preflightRequest = createAccessControlPreflightRequest(reque
st, securityOrigin()); |
| 136 loadRequest(preflightRequest, DoSecurityCheck); | 136 loadRequest(preflightRequest); |
| 137 } | 137 } |
| 138 | 138 |
| 139 DocumentThreadableLoader::~DocumentThreadableLoader() | 139 DocumentThreadableLoader::~DocumentThreadableLoader() |
| 140 { | 140 { |
| 141 } | 141 } |
| 142 | 142 |
| 143 void DocumentThreadableLoader::cancel() | 143 void DocumentThreadableLoader::cancel() |
| 144 { | 144 { |
| 145 cancelWithError(ResourceError()); | 145 cancelWithError(ResourceError()); |
| 146 } | 146 } |
| (...skipping 213 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 360 | 360 |
| 361 void DocumentThreadableLoader::preflightSuccess() | 361 void DocumentThreadableLoader::preflightSuccess() |
| 362 { | 362 { |
| 363 OwnPtr<ResourceRequest> actualRequest; | 363 OwnPtr<ResourceRequest> actualRequest; |
| 364 actualRequest.swap(m_actualRequest); | 364 actualRequest.swap(m_actualRequest); |
| 365 | 365 |
| 366 actualRequest->setHTTPOrigin(securityOrigin()->toAtomicString()); | 366 actualRequest->setHTTPOrigin(securityOrigin()->toAtomicString()); |
| 367 | 367 |
| 368 clearResource(); | 368 clearResource(); |
| 369 | 369 |
| 370 // It should be ok to skip the security check since we already asked about t
he preflight request. | 370 loadRequest(*actualRequest); |
| 371 loadRequest(*actualRequest, SkipSecurityCheck); | |
| 372 } | 371 } |
| 373 | 372 |
| 374 void DocumentThreadableLoader::preflightFailure(const String& url, const String&
errorDescription) | 373 void DocumentThreadableLoader::preflightFailure(const String& url, const String&
errorDescription) |
| 375 { | 374 { |
| 376 ResourceError error(errorDomainBlinkInternal, 0, url, errorDescription); | 375 ResourceError error(errorDomainBlinkInternal, 0, url, errorDescription); |
| 377 m_actualRequest = nullptr; // Prevent didFinishLoading() from bypassing acce
ss check. | 376 m_actualRequest = nullptr; // Prevent didFinishLoading() from bypassing acce
ss check. |
| 378 m_client->didFailAccessControlCheck(error); | 377 m_client->didFailAccessControlCheck(error); |
| 379 } | 378 } |
| 380 | 379 |
| 381 void DocumentThreadableLoader::loadRequest(const ResourceRequest& request, Secur
ityCheckPolicy securityCheck) | 380 void DocumentThreadableLoader::loadRequest(const ResourceRequest& request) |
| 382 { | 381 { |
| 383 // Any credential should have been removed from the cross-site requests. | 382 // Any credential should have been removed from the cross-site requests. |
| 384 const KURL& requestURL = request.url(); | 383 const KURL& requestURL = request.url(); |
| 385 m_options.securityCheck = securityCheck; | |
| 386 ASSERT(m_sameOriginRequest || requestURL.user().isEmpty()); | 384 ASSERT(m_sameOriginRequest || requestURL.user().isEmpty()); |
| 387 ASSERT(m_sameOriginRequest || requestURL.pass().isEmpty()); | 385 ASSERT(m_sameOriginRequest || requestURL.pass().isEmpty()); |
| 388 | 386 |
| 389 ThreadableLoaderOptions options = m_options; | 387 ThreadableLoaderOptions options = m_options; |
| 390 if (m_async) { | 388 if (m_async) { |
| 391 options.crossOriginCredentialPolicy = DoNotAskClientForCrossOriginCreden
tials; | |
| 392 if (m_actualRequest) { | 389 if (m_actualRequest) { |
| 393 options.sniffContent = DoNotSniffContent; | 390 options.sniffContent = DoNotSniffContent; |
| 394 options.dataBufferingPolicy = BufferData; | 391 options.dataBufferingPolicy = BufferData; |
| 395 } | 392 } |
| 396 | 393 |
| 397 if (m_options.timeoutMilliseconds > 0) | 394 if (m_options.timeoutMilliseconds > 0) |
| 398 m_timeoutTimer.startOneShot(m_options.timeoutMilliseconds / 1000.0); | 395 m_timeoutTimer.startOneShot(m_options.timeoutMilliseconds / 1000.0); |
| 399 | 396 |
| 400 FetchRequest newRequest(request, m_options.initiator, options); | 397 FetchRequest newRequest(request, m_options.initiator, options); |
| 401 ASSERT(!resource()); | 398 ASSERT(!resource()); |
| (...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 458 return true; | 455 return true; |
| 459 return m_document->contentSecurityPolicy()->allowConnectToSource(url); | 456 return m_document->contentSecurityPolicy()->allowConnectToSource(url); |
| 460 } | 457 } |
| 461 | 458 |
| 462 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const | 459 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const |
| 463 { | 460 { |
| 464 return m_options.securityOrigin ? m_options.securityOrigin.get() : m_documen
t->securityOrigin(); | 461 return m_options.securityOrigin ? m_options.securityOrigin.get() : m_documen
t->securityOrigin(); |
| 465 } | 462 } |
| 466 | 463 |
| 467 } // namespace WebCore | 464 } // namespace WebCore |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 167293003:
Remove unused ResourceLoaderOptions functionality. (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master