| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. |
| 3 * Copyright (C) 2013, Intel Corporation | 3 * Copyright (C) 2013, Intel Corporation |
| 4 * | 4 * |
| 5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
| 6 * modification, are permitted provided that the following conditions are | 6 * modification, are permitted provided that the following conditions are |
| 7 * met: | 7 * met: |
| 8 * | 8 * |
| 9 * * Redistributions of source code must retain the above copyright | 9 * * Redistributions of source code must retain the above copyright |
| 10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
| (...skipping 168 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 179 // recorded here. | 179 // recorded here. |
| 180 // - ThreadableLoader w/ non-GET request is only created from javascript | 180 // - ThreadableLoader w/ non-GET request is only created from javascript |
| 181 // initiated fetch. | 181 // initiated fetch. |
| 182 // - Some non-script initiated fetches such as WorkerScriptLoader also use | 182 // - Some non-script initiated fetches such as WorkerScriptLoader also use |
| 183 // ThreadableLoader, but they are guaranteed to use GET method. | 183 // ThreadableLoader, but they are guaranteed to use GET method. |
| 184 if (request.httpMethod() != HTTPNames::GET) { | 184 if (request.httpMethod() != HTTPNames::GET) { |
| 185 if (Page* page = m_document->page()) | 185 if (Page* page = m_document->page()) |
| 186 page->chromeClient().didObserveNonGetFetchFromScript(); | 186 page->chromeClient().didObserveNonGetFetchFromScript(); |
| 187 } | 187 } |
| 188 | 188 |
| 189 // If the fetch request will be handled by the ServiceWorker, the | |
| 190 // FetchRequestMode of the request must be FetchRequestModeCORS or | |
| 191 // FetchRequestModeCORSWithForcedPreflight. Otherwise the ServiceWorker can | |
| 192 // return a opaque response which is from the other origin site and the | |
| 193 // script in the page can read the content. | |
| 194 // | |
| 195 // We assume that ServiceWorker is skipped for sync requests and unsupported | 189 // We assume that ServiceWorker is skipped for sync requests and unsupported |
| 196 // protocol requests by content/ code. | 190 // protocol requests by content/ code. |
| 197 if (m_async && !request.skipServiceWorker() && SchemeRegistry::shouldTreatUR
LSchemeAsAllowingServiceWorkers(request.url().protocol()) && m_document->fetcher
()->isControlledByServiceWorker()) { | 191 if (m_async && !request.skipServiceWorker() && SchemeRegistry::shouldTreatUR
LSchemeAsAllowingServiceWorkers(request.url().protocol()) && m_document->fetcher
()->isControlledByServiceWorker()) { |
| 198 ResourceRequest newRequest(request); | 192 ResourceRequest newRequest(request); |
| 199 // FetchRequestMode should be set by the caller. But the expected value | 193 const WebURLRequest::RequestContext requestContext(request.requestContex
t()); |
| 200 // of FetchRequestMode is not speced yet except for XHR. So we set here. | 194 if (requestContext != WebURLRequest::RequestContextFetch) { |
| 201 // FIXME: When we support fetch API in document, this value should not | 195 // When the request context is not "fetch", |
| 202 // be overridden here. | 196 // |crossOriginRequestPolicy| represents the fetch request mode, |
| 203 if (m_options.preflightPolicy == ForcePreflight) | 197 // and |credentialsRequested| represents the fetch credentials mode. |
| 204 newRequest.setFetchRequestMode(WebURLRequest::FetchRequestModeCORSWi
thForcedPreflight); | 198 // So we set those flags here so that we can see the correct request |
| 205 else | 199 // mode and credentials mode in the service worker's fetch event |
| 206 newRequest.setFetchRequestMode(WebURLRequest::FetchRequestModeCORS); | 200 // handler. |
| 207 | 201 switch (m_options.crossOriginRequestPolicy) { |
| 208 m_fallbackRequestForServiceWorker = ResourceRequest(request); | 202 case DenyCrossOriginRequests: |
| 209 m_fallbackRequestForServiceWorker.setSkipServiceWorker(true); | 203 newRequest.setFetchRequestMode(WebURLRequest::FetchRequestModeSa
meOrigin); |
| 204 break; |
| 205 case UseAccessControl: |
| 206 if (m_options.preflightPolicy == ForcePreflight) |
| 207 newRequest.setFetchRequestMode(WebURLRequest::FetchRequestMo
deCORSWithForcedPreflight); |
| 208 else |
| 209 newRequest.setFetchRequestMode(WebURLRequest::FetchRequestMo
deCORS); |
| 210 break; |
| 211 case AllowCrossOriginRequests: |
| 212 // No-CORS requests are allowed only for those contexts. |
| 213 RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(requestContext == WebUR
LRequest::RequestContextAudio || requestContext == WebURLRequest::RequestContext
Video || requestContext == WebURLRequest::RequestContextObject || requestContext
== WebURLRequest::RequestContextFavicon || requestContext == WebURLRequest::Req
uestContextImage || requestContext == WebURLRequest::RequestContextScript); |
| 214 newRequest.setFetchRequestMode(WebURLRequest::FetchRequestModeNo
CORS); |
| 215 break; |
| 216 } |
| 217 if (m_resourceLoaderOptions.allowCredentials == AllowStoredCredentia
ls) |
| 218 newRequest.setFetchCredentialsMode(WebURLRequest::FetchCredentia
lsModeInclude); |
| 219 else |
| 220 newRequest.setFetchCredentialsMode(WebURLRequest::FetchCredentia
lsModeSameOrigin); |
| 221 } |
| 222 if (newRequest.fetchRequestMode() == WebURLRequest::FetchRequestModeCORS
|| newRequest.fetchRequestMode() == WebURLRequest::FetchRequestModeCORSWithForc
edPreflight) { |
| 223 m_fallbackRequestForServiceWorker = ResourceRequest(request); |
| 224 m_fallbackRequestForServiceWorker.setSkipServiceWorker(true); |
| 225 } |
| 210 | 226 |
| 211 loadRequest(newRequest, m_resourceLoaderOptions); | 227 loadRequest(newRequest, m_resourceLoaderOptions); |
| 212 // |this| may be dead here. | 228 // |this| may be dead here. |
| 213 return; | 229 return; |
| 214 } | 230 } |
| 215 | 231 |
| 216 dispatchInitialRequest(request); | 232 dispatchInitialRequest(request); |
| 217 // |this| may be dead here in async mode. | 233 // |this| may be dead here in async mode. |
| 218 } | 234 } |
| 219 | 235 |
| (...skipping 378 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 598 ASSERT(m_client); | 614 ASSERT(m_client); |
| 599 | 615 |
| 600 if (!m_actualRequest.isNull()) { | 616 if (!m_actualRequest.isNull()) { |
| 601 reportResponseReceived(identifier, response); | 617 reportResponseReceived(identifier, response); |
| 602 handlePreflightResponse(response); | 618 handlePreflightResponse(response); |
| 603 // |this| may be dead here in async mode. | 619 // |this| may be dead here in async mode. |
| 604 return; | 620 return; |
| 605 } | 621 } |
| 606 | 622 |
| 607 if (response.wasFetchedViaServiceWorker()) { | 623 if (response.wasFetchedViaServiceWorker()) { |
| 608 // It's still possible to reach here with null m_fallbackRequestForServi
ceWorker | |
| 609 // if the request was for main resource loading (i.e. for SharedWorker),
for which | |
| 610 // we create DocumentLoader before the controller ServiceWorker is set. | |
| 611 ASSERT(!m_fallbackRequestForServiceWorker.isNull() || m_requestContext =
= WebURLRequest::RequestContextSharedWorker); | |
| 612 if (response.wasFallbackRequiredByServiceWorker()) { | 624 if (response.wasFallbackRequiredByServiceWorker()) { |
| 613 // At this point we must have m_fallbackRequestForServiceWorker. | 625 // At this point we must have m_fallbackRequestForServiceWorker. |
| 614 // (For SharedWorker the request won't be CORS or CORS-with-prefligh
t, | 626 // (For SharedWorker the request won't be CORS or CORS-with-prefligh
t, |
| 615 // therefore fallback-to-network is handled in the browser process | 627 // therefore fallback-to-network is handled in the browser process |
| 616 // when the ServiceWorker does not call respondWith().) | 628 // when the ServiceWorker does not call respondWith().) |
| 617 ASSERT(!m_fallbackRequestForServiceWorker.isNull()); | 629 ASSERT(!m_fallbackRequestForServiceWorker.isNull()); |
| 618 reportResponseReceived(identifier, response); | 630 reportResponseReceived(identifier, response); |
| 619 loadFallbackRequestForServiceWorker(); | 631 loadFallbackRequestForServiceWorker(); |
| 620 // |this| may be dead here in async mode. | 632 // |this| may be dead here in async mode. |
| 621 return; | 633 return; |
| (...skipping 297 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 919 return m_securityOrigin ? m_securityOrigin.get() : document().securityOrigin
(); | 931 return m_securityOrigin ? m_securityOrigin.get() : document().securityOrigin
(); |
| 920 } | 932 } |
| 921 | 933 |
| 922 Document& DocumentThreadableLoader::document() const | 934 Document& DocumentThreadableLoader::document() const |
| 923 { | 935 { |
| 924 ASSERT(m_document); | 936 ASSERT(m_document); |
| 925 return *m_document; | 937 return *m_document; |
| 926 } | 938 } |
| 927 | 939 |
| 928 } // namespace blink | 940 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1762893002:
Reland of Set the request mode and the credentials mode of FetchEvent in the service worker correct… (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master