| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. |
| 3 * Copyright (C) 2013, Intel Corporation | 3 * Copyright (C) 2013, Intel Corporation |
| 4 * | 4 * |
| 5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
| 6 * modification, are permitted provided that the following conditions are | 6 * modification, are permitted provided that the following conditions are |
| 7 * met: | 7 * met: |
| 8 * | 8 * |
| 9 * * Redistributions of source code must retain the above copyright | 9 * * Redistributions of source code must retain the above copyright |
| 10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
| (...skipping 169 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 180 // recorded here. | 180 // recorded here. |
| 181 // - ThreadableLoader w/ non-GET request is only created from javascript | 181 // - ThreadableLoader w/ non-GET request is only created from javascript |
| 182 // initiated fetch. | 182 // initiated fetch. |
| 183 // - Some non-script initiated fetches such as WorkerScriptLoader also use | 183 // - Some non-script initiated fetches such as WorkerScriptLoader also use |
| 184 // ThreadableLoader, but they are guaranteed to use GET method. | 184 // ThreadableLoader, but they are guaranteed to use GET method. |
| 185 if (request.httpMethod() != HTTPNames::GET) { | 185 if (request.httpMethod() != HTTPNames::GET) { |
| 186 if (Page* page = m_document->page()) | 186 if (Page* page = m_document->page()) |
| 187 page->chromeClient().didObserveNonGetFetchFromScript(); | 187 page->chromeClient().didObserveNonGetFetchFromScript(); |
| 188 } | 188 } |
| 189 | 189 |
| 190 // If the fetch request will be handled by the ServiceWorker, the |
| 191 // FetchRequestMode of the request must be FetchRequestModeCORS or |
| 192 // FetchRequestModeCORSWithForcedPreflight. Otherwise the ServiceWorker can |
| 193 // return a opaque response which is from the other origin site and the |
| 194 // script in the page can read the content. |
| 195 // |
| 190 // We assume that ServiceWorker is skipped for sync requests and unsupported | 196 // We assume that ServiceWorker is skipped for sync requests and unsupported |
| 191 // protocol requests by content/ code. | 197 // protocol requests by content/ code. |
| 192 if (m_async && !request.skipServiceWorker() && SchemeRegistry::shouldTreatUR
LSchemeAsAllowingServiceWorkers(request.url().protocol()) && m_document->fetcher
()->isControlledByServiceWorker()) { | 198 if (m_async && !request.skipServiceWorker() && SchemeRegistry::shouldTreatUR
LSchemeAsAllowingServiceWorkers(request.url().protocol()) && m_document->fetcher
()->isControlledByServiceWorker()) { |
| 193 ResourceRequest newRequest(request); | 199 ResourceRequest newRequest(request); |
| 194 const WebURLRequest::RequestContext requestContext(request.requestContex
t()); | 200 // FetchRequestMode should be set by the caller. But the expected value |
| 195 if (requestContext != WebURLRequest::RequestContextFetch) { | 201 // of FetchRequestMode is not speced yet except for XHR. So we set here. |
| 196 // When the request context is not "fetch", | 202 // FIXME: When we support fetch API in document, this value should not |
| 197 // |crossOriginRequestPolicy| represents the fetch request mode, | 203 // be overridden here. |
| 198 // and |credentialsRequested| represents the fetch credentials mode. | 204 if (m_options.preflightPolicy == ForcePreflight) |
| 199 // So we set those flags here so that we can see the correct request | 205 newRequest.setFetchRequestMode(WebURLRequest::FetchRequestModeCORSWi
thForcedPreflight); |
| 200 // mode and credentials mode in the service worker's fetch event | 206 else |
| 201 // handler. | 207 newRequest.setFetchRequestMode(WebURLRequest::FetchRequestModeCORS); |
| 202 switch (m_options.crossOriginRequestPolicy) { | 208 |
| 203 case DenyCrossOriginRequests: | 209 m_fallbackRequestForServiceWorker = ResourceRequest(request); |
| 204 newRequest.setFetchRequestMode(WebURLRequest::FetchRequestModeSa
meOrigin); | 210 m_fallbackRequestForServiceWorker.setSkipServiceWorker(true); |
| 205 break; | |
| 206 case UseAccessControl: | |
| 207 if (m_options.preflightPolicy == ForcePreflight) | |
| 208 newRequest.setFetchRequestMode(WebURLRequest::FetchRequestMo
deCORSWithForcedPreflight); | |
| 209 else | |
| 210 newRequest.setFetchRequestMode(WebURLRequest::FetchRequestMo
deCORS); | |
| 211 break; | |
| 212 case AllowCrossOriginRequests: | |
| 213 // No-CORS requests are allowed only for those contexts. | |
| 214 RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(requestContext == WebUR
LRequest::RequestContextAudio || requestContext == WebURLRequest::RequestContext
Video || requestContext == WebURLRequest::RequestContextObject || requestContext
== WebURLRequest::RequestContextFavicon || requestContext == WebURLRequest::Req
uestContextImage || requestContext == WebURLRequest::RequestContextScript); | |
| 215 newRequest.setFetchRequestMode(WebURLRequest::FetchRequestModeNo
CORS); | |
| 216 break; | |
| 217 } | |
| 218 if (m_resourceLoaderOptions.allowCredentials == AllowStoredCredentia
ls) | |
| 219 newRequest.setFetchCredentialsMode(WebURLRequest::FetchCredentia
lsModeInclude); | |
| 220 else | |
| 221 newRequest.setFetchCredentialsMode(WebURLRequest::FetchCredentia
lsModeSameOrigin); | |
| 222 } | |
| 223 if (newRequest.fetchRequestMode() == WebURLRequest::FetchRequestModeCORS
|| newRequest.fetchRequestMode() == WebURLRequest::FetchRequestModeCORSWithForc
edPreflight) { | |
| 224 m_fallbackRequestForServiceWorker = ResourceRequest(request); | |
| 225 m_fallbackRequestForServiceWorker.setSkipServiceWorker(true); | |
| 226 } | |
| 227 | 211 |
| 228 loadRequest(newRequest, m_resourceLoaderOptions); | 212 loadRequest(newRequest, m_resourceLoaderOptions); |
| 229 // |this| may be dead here. | 213 // |this| may be dead here. |
| 230 return; | 214 return; |
| 231 } | 215 } |
| 232 | 216 |
| 233 dispatchInitialRequest(request); | 217 dispatchInitialRequest(request); |
| 234 // |this| may be dead here in async mode. | 218 // |this| may be dead here in async mode. |
| 235 } | 219 } |
| 236 | 220 |
| (...skipping 376 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 613 ASSERT(m_client); | 597 ASSERT(m_client); |
| 614 | 598 |
| 615 if (!m_actualRequest.isNull()) { | 599 if (!m_actualRequest.isNull()) { |
| 616 reportResponseReceived(identifier, response); | 600 reportResponseReceived(identifier, response); |
| 617 handlePreflightResponse(response); | 601 handlePreflightResponse(response); |
| 618 // |this| may be dead here in async mode. | 602 // |this| may be dead here in async mode. |
| 619 return; | 603 return; |
| 620 } | 604 } |
| 621 | 605 |
| 622 if (response.wasFetchedViaServiceWorker()) { | 606 if (response.wasFetchedViaServiceWorker()) { |
| 607 // It's still possible to reach here with null m_fallbackRequestForServi
ceWorker |
| 608 // if the request was for main resource loading (i.e. for SharedWorker),
for which |
| 609 // we create DocumentLoader before the controller ServiceWorker is set. |
| 610 ASSERT(!m_fallbackRequestForServiceWorker.isNull() || m_requestContext =
= WebURLRequest::RequestContextSharedWorker); |
| 623 if (response.wasFallbackRequiredByServiceWorker()) { | 611 if (response.wasFallbackRequiredByServiceWorker()) { |
| 624 // At this point we must have m_fallbackRequestForServiceWorker. | 612 // At this point we must have m_fallbackRequestForServiceWorker. |
| 625 // (For SharedWorker the request won't be CORS or CORS-with-prefligh
t, | 613 // (For SharedWorker the request won't be CORS or CORS-with-prefligh
t, |
| 626 // therefore fallback-to-network is handled in the browser process | 614 // therefore fallback-to-network is handled in the browser process |
| 627 // when the ServiceWorker does not call respondWith().) | 615 // when the ServiceWorker does not call respondWith().) |
| 628 ASSERT(!m_fallbackRequestForServiceWorker.isNull()); | 616 ASSERT(!m_fallbackRequestForServiceWorker.isNull()); |
| 629 reportResponseReceived(identifier, response); | 617 reportResponseReceived(identifier, response); |
| 630 loadFallbackRequestForServiceWorker(); | 618 loadFallbackRequestForServiceWorker(); |
| 631 // |this| may be dead here in async mode. | 619 // |this| may be dead here in async mode. |
| 632 return; | 620 return; |
| (...skipping 296 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 929 return m_securityOrigin ? m_securityOrigin.get() : document().securityOrigin
(); | 917 return m_securityOrigin ? m_securityOrigin.get() : document().securityOrigin
(); |
| 930 } | 918 } |
| 931 | 919 |
| 932 Document& DocumentThreadableLoader::document() const | 920 Document& DocumentThreadableLoader::document() const |
| 933 { | 921 { |
| 934 ASSERT(m_document); | 922 ASSERT(m_document); |
| 935 return *m_document; | 923 return *m_document; |
| 936 } | 924 } |
| 937 | 925 |
| 938 } // namespace blink | 926 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1738753002:
Revert of Set the request mode and the credentials mode of FetchEvent in the service worker correctly. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master