Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(777)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/dom/Document.cpp

Issue 1745083002: CORS-RFC1918: Force preflights for external requests in DocumentThreadableLoader. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Test. Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-allow-origin-null.cgi ('k') | third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) 3 * (C) 1999 Antti Koivisto (koivisto@kde.org)
4 * (C) 2001 Dirk Mueller (mueller@kde.org) 4 * (C) 2001 Dirk Mueller (mueller@kde.org)
5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org) 5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org)
6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r ights reserved. 6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r ights reserved.
7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/) 7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/)
8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved. 8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved.
9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies) 9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies)
10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved. 10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved.
(...skipping 4958 matching lines...) Expand 10 before | Expand all | Expand 10 after
4969 } else { 4969 } else {
4970 m_cookieURL = m_url; 4970 m_cookieURL = m_url;
4971 setSecurityOrigin(SecurityOrigin::create(m_url)); 4971 setSecurityOrigin(SecurityOrigin::create(m_url));
4972 } 4972 }
4973 4973
4974 // Set the address space before setting up CSP, as the latter may override 4974 // Set the address space before setting up CSP, as the latter may override
4975 // the former via the 'treat-as-public-address' directive (see 4975 // the former via the 'treat-as-public-address' directive (see
4976 // https://mikewest.github.io/cors-rfc1918/#csp). 4976 // https://mikewest.github.io/cors-rfc1918/#csp).
4977 if (initializer.isHostedInReservedIPRange()) { 4977 if (initializer.isHostedInReservedIPRange()) {
4978 setAddressSpace(getSecurityOrigin()->isLocalhost() ? WebAddressSpaceLoca l : WebAddressSpacePrivate); 4978 setAddressSpace(getSecurityOrigin()->isLocalhost() ? WebAddressSpaceLoca l : WebAddressSpacePrivate);
4979 } else if (getSecurityOrigin()->isLocal()) {
4980 // "Local" security origins (like 'file://...') are treated as having
4981 // a local address space.
4982 //
4983 // TODO(mkwst): It's not entirely clear that this is a good idea.
4984 setAddressSpace(WebAddressSpaceLocal);
4979 } else { 4985 } else {
4980 setAddressSpace(WebAddressSpacePublic); 4986 setAddressSpace(WebAddressSpacePublic);
4981 } 4987 }
4982 4988
4983 if (importsController()) { 4989 if (importsController()) {
4984 // If this document is an HTML import, grab a reference to it's master d ocument's Content 4990 // If this document is an HTML import, grab a reference to it's master d ocument's Content
4985 // Security Policy. We don't call 'initContentSecurityPolicy' in this ca se, as we can't 4991 // Security Policy. We don't call 'initContentSecurityPolicy' in this ca se, as we can't
4986 // rebind the master document's policy object: its ExecutionContext need s to remain tied 4992 // rebind the master document's policy object: its ExecutionContext need s to remain tied
4987 // to the master document. 4993 // to the master document.
4988 setContentSecurityPolicy(importsController()->master()->contentSecurityP olicy()); 4994 setContentSecurityPolicy(importsController()->master()->contentSecurityP olicy());
(...skipping 990 matching lines...) Expand 10 before | Expand all | Expand 10 after
5979 #ifndef NDEBUG 5985 #ifndef NDEBUG
5980 using namespace blink; 5986 using namespace blink;
5981 void showLiveDocumentInstances() 5987 void showLiveDocumentInstances()
5982 { 5988 {
5983 Document::WeakDocumentSet& set = Document::liveDocumentSet(); 5989 Document::WeakDocumentSet& set = Document::liveDocumentSet();
5984 fprintf(stderr, "There are %u documents currently alive:\n", set.size()); 5990 fprintf(stderr, "There are %u documents currently alive:\n", set.size());
5985 for (Document* document : set) 5991 for (Document* document : set)
5986 fprintf(stderr, "- Document %p URL: %s\n", document, document->url().get String().utf8().data()); 5992 fprintf(stderr, "- Document %p URL: %s\n", document, document->url().get String().utf8().data());
5987 } 5993 }
5988 #endif 5994 #endif
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-allow-origin-null.cgi ('k') | third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698