Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(15)

Side by Side Diff: third_party/WebKit/Source/core/dom/ScriptLoader.cpp

Issue 1801513003: Cross origin requests to same origin should match Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fixed failing CORS tests Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) 3 * (C) 1999 Antti Koivisto (koivisto@kde.org)
4 * (C) 2001 Dirk Mueller (mueller@kde.org) 4 * (C) 2001 Dirk Mueller (mueller@kde.org)
5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserv ed. 5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserv ed.
6 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org> 6 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org>
7 * 7 *
8 * This library is free software; you can redistribute it and/or 8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Library General Public 9 * modify it under the terms of the GNU Library General Public
10 * License as published by the Free Software Foundation; either 10 * License as published by the Free Software Foundation; either
(...skipping 274 matching lines...) Expand 10 before | Expand all | Expand 10 after
285 285
286 RefPtrWillBeRawPtr<Document> elementDocument(m_element->document()); 286 RefPtrWillBeRawPtr<Document> elementDocument(m_element->document());
287 if (!m_element->inDocument() || m_element->document() != elementDocument) 287 if (!m_element->inDocument() || m_element->document() != elementDocument)
288 return false; 288 return false;
289 289
290 ASSERT(!m_resource); 290 ASSERT(!m_resource);
291 if (!stripLeadingAndTrailingHTMLSpaces(sourceUrl).isEmpty()) { 291 if (!stripLeadingAndTrailingHTMLSpaces(sourceUrl).isEmpty()) {
292 FetchRequest request(ResourceRequest(elementDocument->completeURL(source Url)), m_element->localName()); 292 FetchRequest request(ResourceRequest(elementDocument->completeURL(source Url)), m_element->localName());
293 293
294 CrossOriginAttributeValue crossOrigin = crossOriginAttributeValue(m_elem ent->fastGetAttribute(HTMLNames::crossoriginAttr)); 294 CrossOriginAttributeValue crossOrigin = crossOriginAttributeValue(m_elem ent->fastGetAttribute(HTMLNames::crossoriginAttr));
295 if (crossOrigin != CrossOriginAttributeNotSet) 295 request.setCrossOriginAccessControl(elementDocument->getSecurityOrigin() , crossOrigin);
296 request.setCrossOriginAccessControl(elementDocument->getSecurityOrig in(), crossOrigin);
297 request.setCharset(scriptCharset()); 296 request.setCharset(scriptCharset());
298 297
299 // Skip fetch-related CSP checks if the script element has a valid nonce , or if dynamically 298 // Skip fetch-related CSP checks if the script element has a valid nonce , or if dynamically
300 // injected script is whitelisted and this script is not parser-inserted . 299 // injected script is whitelisted and this script is not parser-inserted .
301 bool scriptPassesCSP = elementDocument->contentSecurityPolicy()->allowSc riptWithNonce(m_element->fastGetAttribute(HTMLNames::nonceAttr)) || (!isParserIn serted() && elementDocument->contentSecurityPolicy()->allowDynamic()); 300 bool scriptPassesCSP = elementDocument->contentSecurityPolicy()->allowSc riptWithNonce(m_element->fastGetAttribute(HTMLNames::nonceAttr)) || (!isParserIn serted() && elementDocument->contentSecurityPolicy()->allowDynamic());
302 301
303 if (scriptPassesCSP) 302 if (scriptPassesCSP)
304 request.setContentSecurityCheck(DoNotCheckContentSecurityPolicy); 303 request.setContentSecurityCheck(DoNotCheckContentSecurityPolicy);
305 request.setDefer(defer); 304 request.setDefer(defer);
306 305
(...skipping 206 matching lines...) Expand 10 before | Expand all | Expand 10 after
513 if (isHTMLScriptLoader(element)) 512 if (isHTMLScriptLoader(element))
514 return toHTMLScriptElement(element)->loader(); 513 return toHTMLScriptElement(element)->loader();
515 514
516 if (isSVGScriptLoader(element)) 515 if (isSVGScriptLoader(element))
517 return toSVGScriptElement(element)->loader(); 516 return toSVGScriptElement(element)->loader();
518 517
519 return 0; 518 return 0;
520 } 519 }
521 520
522 } // namespace blink 521 } // namespace blink
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698