Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/workers/WorkerScriptLoader.cpp

Issue 1749153002: CORS-RFC1918: Teach ResourceRequest about "external" requests (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Jochen's feedback. Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/workers/WorkerScriptLoader.h ('k') | third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2009 Apple Inc. All Rights Reserved. 2 * Copyright (C) 2009 Apple Inc. All Rights Reserved.
3 * Copyright (C) 2009, 2011 Google Inc. All Rights Reserved. 3 * Copyright (C) 2009, 2011 Google Inc. All Rights Reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
7 * are met: 7 * are met:
8 * 1. Redistributions of source code must retain the above copyright 8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright 10 * 2. Redistributions in binary form must reproduce the above copyright
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
59 // called from DocumentThreadableLoader::notifyFinished() when the frame 59 // called from DocumentThreadableLoader::notifyFinished() when the frame
60 // will be destroyed. 60 // will be destroyed.
61 if (m_needToCancel) 61 if (m_needToCancel)
62 cancel(); 62 cancel();
63 } 63 }
64 64
65 void WorkerScriptLoader::loadSynchronously(ExecutionContext& executionContext, c onst KURL& url, CrossOriginRequestPolicy crossOriginRequestPolicy) 65 void WorkerScriptLoader::loadSynchronously(ExecutionContext& executionContext, c onst KURL& url, CrossOriginRequestPolicy crossOriginRequestPolicy)
66 { 66 {
67 m_url = url; 67 m_url = url;
68 68
69 ResourceRequest request(createResourceRequest()); 69 ResourceRequest request(createResourceRequest(executionContext));
70 ASSERT_WITH_SECURITY_IMPLICATION(executionContext.isWorkerGlobalScope()); 70 ASSERT_WITH_SECURITY_IMPLICATION(executionContext.isWorkerGlobalScope());
71 71
72 ThreadableLoaderOptions options; 72 ThreadableLoaderOptions options;
73 options.crossOriginRequestPolicy = crossOriginRequestPolicy; 73 options.crossOriginRequestPolicy = crossOriginRequestPolicy;
74 // FIXME: Should we add EnforceScriptSrcDirective here? 74 // FIXME: Should we add EnforceScriptSrcDirective here?
75 options.contentSecurityPolicyEnforcement = DoNotEnforceContentSecurityPolicy ; 75 options.contentSecurityPolicyEnforcement = DoNotEnforceContentSecurityPolicy ;
76 76
77 ResourceLoaderOptions resourceLoaderOptions; 77 ResourceLoaderOptions resourceLoaderOptions;
78 resourceLoaderOptions.allowCredentials = AllowStoredCredentials; 78 resourceLoaderOptions.allowCredentials = AllowStoredCredentials;
79 79
80 WorkerThreadableLoader::loadResourceSynchronously(toWorkerGlobalScope(execut ionContext), request, *this, options, resourceLoaderOptions); 80 WorkerThreadableLoader::loadResourceSynchronously(toWorkerGlobalScope(execut ionContext), request, *this, options, resourceLoaderOptions);
81 } 81 }
82 82
83 void WorkerScriptLoader::loadAsynchronously(ExecutionContext& executionContext, const KURL& url, CrossOriginRequestPolicy crossOriginRequestPolicy, PassOwnPtr<C losure> responseCallback, PassOwnPtr<Closure> finishedCallback) 83 void WorkerScriptLoader::loadAsynchronously(ExecutionContext& executionContext, const KURL& url, CrossOriginRequestPolicy crossOriginRequestPolicy, PassOwnPtr<C losure> responseCallback, PassOwnPtr<Closure> finishedCallback)
84 { 84 {
85 ASSERT(responseCallback || finishedCallback); 85 ASSERT(responseCallback || finishedCallback);
86 m_responseCallback = responseCallback; 86 m_responseCallback = responseCallback;
87 m_finishedCallback = finishedCallback; 87 m_finishedCallback = finishedCallback;
88 m_url = url; 88 m_url = url;
89 89
90 ResourceRequest request(createResourceRequest()); 90 ResourceRequest request(createResourceRequest(executionContext));
91 ThreadableLoaderOptions options; 91 ThreadableLoaderOptions options;
92 options.crossOriginRequestPolicy = crossOriginRequestPolicy; 92 options.crossOriginRequestPolicy = crossOriginRequestPolicy;
93 93
94 ResourceLoaderOptions resourceLoaderOptions; 94 ResourceLoaderOptions resourceLoaderOptions;
95 resourceLoaderOptions.allowCredentials = AllowStoredCredentials; 95 resourceLoaderOptions.allowCredentials = AllowStoredCredentials;
96 96
97 // During create, callbacks may happen which could remove the last reference 97 // During create, callbacks may happen which could remove the last reference
98 // to this object, while some of the callchain assumes that the client and 98 // to this object, while some of the callchain assumes that the client and
99 // loader wouldn't be deleted within callbacks. 99 // loader wouldn't be deleted within callbacks.
100 // (E.g. see crbug.com/524694 for why we can't easily remove this protect) 100 // (E.g. see crbug.com/524694 for why we can't easily remove this protect)
101 RefPtr<WorkerScriptLoader> protect(this); 101 RefPtr<WorkerScriptLoader> protect(this);
102 m_needToCancel = true; 102 m_needToCancel = true;
103 m_threadableLoader = ThreadableLoader::create(executionContext, this, option s, resourceLoaderOptions); 103 m_threadableLoader = ThreadableLoader::create(executionContext, this, option s, resourceLoaderOptions);
104 m_threadableLoader->start(request); 104 m_threadableLoader->start(request);
105 if (m_failed) 105 if (m_failed)
106 notifyFinished(); 106 notifyFinished();
107 } 107 }
108 108
109 const KURL& WorkerScriptLoader::responseURL() const 109 const KURL& WorkerScriptLoader::responseURL() const
110 { 110 {
111 ASSERT(!failed()); 111 ASSERT(!failed());
112 return m_responseURL; 112 return m_responseURL;
113 } 113 }
114 114
115 ResourceRequest WorkerScriptLoader::createResourceRequest() 115 ResourceRequest WorkerScriptLoader::createResourceRequest(ExecutionContext& exec utionContext)
116 { 116 {
117 ResourceRequest request(m_url); 117 ResourceRequest request(m_url);
118 request.setHTTPMethod(HTTPNames::GET); 118 request.setHTTPMethod(HTTPNames::GET);
119 request.setRequestContext(m_requestContext); 119 request.setRequestContext(m_requestContext);
120 request.setExternalRequestStateFromRequestorAddressSpace(executionContext.se curityContext().addressSpace());
120 return request; 121 return request;
121 } 122 }
122 123
123 void WorkerScriptLoader::didReceiveResponse(unsigned long identifier, const Reso urceResponse& response, PassOwnPtr<WebDataConsumerHandle> handle) 124 void WorkerScriptLoader::didReceiveResponse(unsigned long identifier, const Reso urceResponse& response, PassOwnPtr<WebDataConsumerHandle> handle)
124 { 125 {
125 ASSERT_UNUSED(handle, !handle); 126 ASSERT_UNUSED(handle, !handle);
126 if (response.httpStatusCode() / 100 != 2 && response.httpStatusCode()) { 127 if (response.httpStatusCode() / 100 != 2 && response.httpStatusCode()) {
127 notifyError(); 128 notifyError();
128 return; 129 return;
129 } 130 }
(...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after
224 // document (which is implemented in WorkerMessagingProxy, and 225 // document (which is implemented in WorkerMessagingProxy, and
225 // m_contentSecurityPolicy should be left as nullptr to inherit the policy). 226 // m_contentSecurityPolicy should be left as nullptr to inherit the policy).
226 if (!response.url().protocolIs("blob") && !response.url().protocolIs("file") && !response.url().protocolIs("filesystem")) { 227 if (!response.url().protocolIs("blob") && !response.url().protocolIs("file") && !response.url().protocolIs("filesystem")) {
227 m_contentSecurityPolicy = ContentSecurityPolicy::create(); 228 m_contentSecurityPolicy = ContentSecurityPolicy::create();
228 m_contentSecurityPolicy->setOverrideURLForSelf(response.url()); 229 m_contentSecurityPolicy->setOverrideURLForSelf(response.url());
229 m_contentSecurityPolicy->didReceiveHeaders(ContentSecurityPolicyResponse Headers(response)); 230 m_contentSecurityPolicy->didReceiveHeaders(ContentSecurityPolicyResponse Headers(response));
230 } 231 }
231 } 232 }
232 233
233 } // namespace blink 234 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/workers/WorkerScriptLoader.h ('k') | third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698