Reland of Set the request mode and the credentials mode of FetchEvent in the service worker correct…

third_party/WebKit/Source/modules/fetch/FetchManager.cpp

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "modules/fetch/FetchManager.h"
 
 #include "bindings/core/v8/ExceptionState.h"
 #include "bindings/core/v8/ScriptPromiseResolver.h"
 #include "bindings/core/v8/ScriptState.h"
 #include "bindings/core/v8/V8ThrowException.h"
@@ skipping 205 matching lines @@
         performNetworkError("Blob not found.");
         return;
     }
 
     if (response.url().protocolIs("blob") && response.httpStatusCode() == 405) {
         performNetworkError("Only 'GET' method is allowed for blob URLs.");
         return;
     }
 
     m_responseHttpStatusCode = response.httpStatusCode();
+    FetchRequestData::Tainting tainting = m_request->responseTainting();
 
     if (response.url().protocolIsData()) {
         if (m_request->url() == response.url()) {
             // A direct request to data.
-            m_request->setResponseTainting(FetchRequestData::BasicTainting);
+            tainting = FetchRequestData::BasicTainting;
         } else {
             // A redirect to data: scheme occured.
             // Redirects to data URLs are rejected by the spec because
             // same-origin data-URL flag is unset, except for no-cors mode.
             // TODO(hiroshige): currently redirects to data URLs in no-cors
             // mode is also rejected by Chromium side.
             switch (m_request->mode()) {
             case WebURLRequest::FetchRequestModeNoCORS:
-                m_request->setResponseTainting(FetchRequestData::OpaqueTainting);
+                tainting = FetchRequestData::OpaqueTainting;
                 break;
             case WebURLRequest::FetchRequestModeSameOrigin:
             case WebURLRequest::FetchRequestModeCORS:
             case WebURLRequest::FetchRequestModeCORSWithForcedPreflight:
             case WebURLRequest::FetchRequestModeNavigate:
                 performNetworkError("Fetch API cannot load " + m_request->url().getString() + ". Redirects to data: URL are allowed only when mode is \"no-cors\".");
                 return;
             }
         }
     } else if (!SecurityOrigin::create(response.url())->isSameSchemeHostPort(m_request->origin().get())) {
         // Recompute the tainting if the request was redirected to a different
         // origin.
         switch (m_request->mode()) {
         case WebURLRequest::FetchRequestModeSameOrigin:
             ASSERT_NOT_REACHED();
             break;
         case WebURLRequest::FetchRequestModeNoCORS:
-            m_request->setResponseTainting(FetchRequestData::OpaqueTainting);
+            tainting = FetchRequestData::OpaqueTainting;
             break;
         case WebURLRequest::FetchRequestModeCORS:
         case WebURLRequest::FetchRequestModeCORSWithForcedPreflight:
-            m_request->setResponseTainting(FetchRequestData::CORSTainting);
+            tainting = FetchRequestData::CORSTainting;
             break;
         case WebURLRequest::FetchRequestModeNavigate:
             RELEASE_ASSERT_NOT_REACHED();
             break;
         }
     }
+    if (response.wasFetchedViaServiceWorker()) {
+        switch (response.serviceWorkerResponseType()) {

[tyoshino (SeeGerritForStatus), 2016/03/07 14:48:22]

it looks good to just honor the tainting of the response created in the
ServiceWorker for now.

is this likely to change in the future e.g. with foreign fetch?

i.e. is there any possibility we need to choose the stronger tainting from one
set for the fetch() in the controlled page and one set for the response from the
ServiceWorker?

[horo, 2016/03/08 03:11:02]

+CC:mek@

According to
https://github.com/slightlyoff/ServiceWorker/blob/master/foreign_fetch_explai...
So I think the response will be opaque-tainted here.

[tyoshino (SeeGerritForStatus), 2016/03/08 05:30:05]

Great! Thanks for the explanation.

+        case WebServiceWorkerResponseTypeBasic:
+        case WebServiceWorkerResponseTypeDefault:
+            tainting = FetchRequestData::BasicTainting;
+            break;
+        case WebServiceWorkerResponseTypeCORS:
+            tainting = FetchRequestData::CORSTainting;
+            break;
+        case WebServiceWorkerResponseTypeOpaque:
+            tainting = FetchRequestData::OpaqueTainting;
+            break;
+        case WebServiceWorkerResponseTypeOpaqueRedirect:
+            // ServiceWorker can't respond to the request from fetch() with an opaque redirect response.

[tyoshino (SeeGerritForStatus), 2016/03/07 14:48:22]

let's wrap comments to fit 80 col

[horo, 2016/03/08 03:11:02]

Done.

+        case WebServiceWorkerResponseTypeError:
+            // When ServiceWorker respond to the request from fetch() with an error response, FetchManager::Loader::didFail() must be called instead.

[tyoshino (SeeGerritForStatus), 2016/03/07 14:48:22]

let's wrap comments to fit 80 col

[horo, 2016/03/08 03:11:02]

Done.

+            RELEASE_ASSERT_NOT_REACHED();
+            break;
+        }
+    }
 
     FetchResponseData* responseData = nullptr;
     CompositeDataConsumerHandle::Updater* updater = nullptr;
     if (m_request->integrity().isEmpty())
         responseData = FetchResponseData::createWithBuffer(new BodyStreamBuffer(createFetchDataConsumerHandleFromWebHandle(handle)));
     else
         responseData = FetchResponseData::createWithBuffer(new BodyStreamBuffer(createFetchDataConsumerHandleFromWebHandle(CompositeDataConsumerHandle::create(createWaitingDataConsumerHandle(), &updater))));
     responseData->setStatus(response.httpStatusCode());
     responseData->setStatusMessage(response.httpStatusText());
     for (auto& it : response.httpHeaderFields())
@@ skipping 17 matching lines @@
                 performNetworkError("Invalid Location header.");
                 return;
             }
             ASSERT(m_request->redirect() == WebURLRequest::FetchRedirectModeManual);
             taintedResponse = responseData->createOpaqueRedirectFilteredResponse();
         }
         // When the location header doesn't exist, we don't treat the response
         // as a redirect response, and execute tainting.
     }
     if (!taintedResponse) {
-        switch (m_request->responseTainting()) {
+        switch (tainting) {
         case FetchRequestData::BasicTainting:
             taintedResponse = responseData->createBasicFilteredResponse();
             break;
         case FetchRequestData::CORSTainting:
             taintedResponse = responseData->createCORSFilteredResponse();
             break;
         case FetchRequestData::OpaqueTainting:
             taintedResponse = responseData->createOpaqueFilteredResponse();
             break;
         }
@@ skipping 209 matching lines @@
     ASSERT(SchemeRegistry::shouldTreatURLSchemeAsSupportingFetchAPI(m_request->url().protocol()) || (m_request->url().protocolIs("blob") && !corsFlag && !corsPreflightFlag));
     // CORS preflight fetch procedure is implemented inside DocumentThreadableLoader.
 
     // "1. Let |HTTPRequest| be a copy of |request|, except that |HTTPRequest|'s
     //  body is a tee of |request|'s body."
     // We use ResourceRequest class for HTTPRequest.
     // FIXME: Support body.
     ResourceRequest request(m_request->url());
     request.setRequestContext(m_request->context());
     request.setHTTPMethod(m_request->method());
+    request.setFetchRequestMode(m_request->mode());
+    request.setFetchCredentialsMode(m_request->credentials());
     const Vector<OwnPtr<FetchHeaderList::Header>>& list = m_request->headerList()->list();
     for (size_t i = 0; i < list.size(); ++i) {
         request.addHTTPHeaderField(AtomicString(list[i]->first), AtomicString(list[i]->second));
     }
 
     if (m_request->method() != HTTPNames::GET && m_request->method() != HTTPNames::HEAD) {
         if (m_request->buffer()) {
             request.setHTTPBody(m_request->buffer()->drainAsFormData());
         }
     }
@@ skipping 176 matching lines @@
     loader->dispose();
 }
 
 DEFINE_TRACE(FetchManager)
 {
     visitor->trace(m_loaders);
     ContextLifecycleObserver::trace(visitor);
 }
 
 } // namespace blink