third_party/WebKit/Source/core/fetch/FetchRequest.cpp - Issue 1801513003: Cross origin requests to same origin should match

Side by Side Diff: third_party/WebKit/Source/core/fetch/FetchRequest.cpp

Issue 1801513003: Cross origin requests to same origin should match Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Fixed failing CORS tests Created 4 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « third_party/WebKit/Source/core/dom/ScriptLoader.cpp ('k') | third_party/WebKit/Source/core/fetch/ResourceLoaderOptions.h » ('j') | third_party/WebKit/Source/core/fetch/ResourceLoaderOptions.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 2012 Google, Inc. All rights reserved.	2 * Copyright (C) 2012 Google, Inc. All rights reserved.

3 *	3 *

4 * Redistribution and use in source and binary forms, with or without	4 * Redistribution and use in source and binary forms, with or without

5 * modification, are permitted provided that the following conditions	5 * modification, are permitted provided that the following conditions

6 * are met:	6 * are met:

7 * 1. Redistributions of source code must retain the above copyright	7 * 1. Redistributions of source code must retain the above copyright

8 * notice, this list of conditions and the following disclaimer.	8 * notice, this list of conditions and the following disclaimer.

9 * 2. Redistributions in binary form must reproduce the above copyright	9 * 2. Redistributions in binary form must reproduce the above copyright

10 * notice, this list of conditions and the following disclaimer in the	10 * notice, this list of conditions and the following disclaimer in the

(...skipping 55 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
66 {	66 {

67 m_options.initiatorInfo = initiator;	67 m_options.initiatorInfo = initiator;

68 }	68 }

69	69

70 FetchRequest::~FetchRequest()	70 FetchRequest::~FetchRequest()

71 {	71 {

72 }	72 }

73	73

74 void FetchRequest::setCrossOriginAccessControl(SecurityOrigin* origin, CrossOrig inAttributeValue crossOrigin)	74 void FetchRequest::setCrossOriginAccessControl(SecurityOrigin* origin, CrossOrig inAttributeValue crossOrigin)

75 {	75 {

76 ASSERT(crossOrigin != CrossOriginAttributeNotSet);

77 const bool useCredentials = crossOrigin == CrossOriginAttributeUseCredential s;	76 const bool useCredentials = crossOrigin == CrossOriginAttributeUseCredential s;

78 const bool isSameOriginRequest = origin && origin->canRequestNoSuborigin(m_r esourceRequest.url());	77 const bool isSameOriginRequest = origin && origin->canRequestNoSuborigin(m_r esourceRequest.url());

	78 const CORSEnabled corsEnabled = (crossOrigin != CrossOriginAttributeNotSet) ? IsCORSEnabled : NotCORSEnabled;

79	79

80 // Currently FetchRequestMode and FetchCredentialsMode are only used when th e request goes to Service Worker.

81 m_resourceRequest.setFetchRequestMode(WebURLRequest::FetchRequestModeCORS);

82 m_resourceRequest.setFetchCredentialsMode(useCredentials ? WebURLRequest::Fe tchCredentialsModeInclude : WebURLRequest::FetchCredentialsModeSameOrigin);

83	80

84 m_options.allowCredentials = (isSameOriginRequest \|\| useCredentials) ? Allow StoredCredentials : DoNotAllowStoredCredentials;	81 m_options.sameOrigin = isSameOriginRequest ? IsSameOrigin : NotSameOrigin;
	Nate Chapin 2016/03/17 22:58:18 Instead of having this sameOrigin property, why no Instead of having this sameOrigin property, why not check canRequestNoSuborigin() when needed? Yoav Weiss 2016/03/18 07:53:14 Because we don't necessarily have the securityOrig Show quoted text On 2016/03/17 22:58:18, Nate Chapin wrote: > Instead of having this sameOrigin property, why not check > canRequestNoSuborigin() when needed? Because we don't necessarily have the securityOrigin nor the URL in canReuseRequest right now. But I guess we could set the origin here and pipe the URL in from the callers.
85 m_options.corsEnabled = IsCORSEnabled;	82 m_options.corsEnabled = corsEnabled;

86 m_options.securityOrigin = origin;	83 if (corsEnabled) {

87 m_options.credentialsRequested = useCredentials ? ClientRequestedCredentials : ClientDidNotRequestCredentials;	84 // Currently FetchRequestMode and FetchCredentialsMode are only used whe n the request goes to Service Worker.

88	85 m_resourceRequest.setFetchRequestMode(WebURLRequest::FetchRequestModeCOR S);

89 updateRequestForAccessControl(m_resourceRequest, origin, m_options.allowCred entials);	86 m_resourceRequest.setFetchCredentialsMode(useCredentials ? WebURLRequest ::FetchCredentialsModeInclude : WebURLRequest::FetchCredentialsModeSameOrigin);

	87 m_options.allowCredentials = (isSameOriginRequest \|\| useCredentials) ? A llowStoredCredentials : DoNotAllowStoredCredentials;

	88 m_options.securityOrigin = origin;

	89 m_options.credentialsRequested = useCredentials ? ClientRequestedCredent ials : ClientDidNotRequestCredentials;

	90 updateRequestForAccessControl(m_resourceRequest, origin, m_options.allow Credentials);

	91 }

90 }	92 }

91	93

92

93 void FetchRequest::setResourceWidth(ResourceWidth resourceWidth)	94 void FetchRequest::setResourceWidth(ResourceWidth resourceWidth)

94 {	95 {

95 if (resourceWidth.isSet) {	96 if (resourceWidth.isSet) {

96 m_resourceWidth.width = resourceWidth.width;	97 m_resourceWidth.width = resourceWidth.width;

97 m_resourceWidth.isSet = true;	98 m_resourceWidth.isSet = true;

98 }	99 }

99 }	100 }

100	101

101 } // namespace blink	102 } // namespace blink

OLD	NEW