third_party/WebKit/Source/core/fetch/ResourceLoaderOptions.h - Issue 1801513003: Cross origin requests to same origin should match

Side by Side Diff: third_party/WebKit/Source/core/fetch/ResourceLoaderOptions.h

Issue 1801513003: Cross origin requests to same origin should match Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Fixed failing CORS tests Created 4 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« third_party/WebKit/Source/core/fetch/FetchRequest.cpp ('K') | « third_party/WebKit/Source/core/fetch/FetchRequest.cpp ('k') | third_party/WebKit/Source/core/fetch/ResourceLoaderOptions.cpp » ('j') | third_party/WebKit/Source/core/fetch/ResourceLoaderOptions.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 2011 Google Inc. All rights reserved.	2 * Copyright (C) 2011 Google Inc. All rights reserved.

3 *	3 *

4 * Redistribution and use in source and binary forms, with or without	4 * Redistribution and use in source and binary forms, with or without

5 * modification, are permitted provided that the following conditions are	5 * modification, are permitted provided that the following conditions are

6 * met:	6 * met:

7 *	7 *

8 * * Redistributions of source code must retain the above copyright	8 * * Redistributions of source code must retain the above copyright

9 * notice, this list of conditions and the following disclaimer.	9 * notice, this list of conditions and the following disclaimer.

10 * * Redistributions in binary form must reproduce the above	10 * * Redistributions in binary form must reproduce the above

(...skipping 61 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
72 RequestAsynchronously	72 RequestAsynchronously

73 };	73 };

74	74

75 // A resource fetch can be marked as being CORS enabled. The loader	75 // A resource fetch can be marked as being CORS enabled. The loader

76 // must perform an access check upon seeing the response.	76 // must perform an access check upon seeing the response.

77 enum CORSEnabled {	77 enum CORSEnabled {

78 NotCORSEnabled,	78 NotCORSEnabled,

79 IsCORSEnabled	79 IsCORSEnabled

80 };	80 };

81	81

	82 enum SameOrigin {

	83 NotSameOrigin,

	84 IsSameOrigin

	85 };

	86

82 struct ResourceLoaderOptions {	87 struct ResourceLoaderOptions {

83 USING_FAST_MALLOC(ResourceLoaderOptions);	88 USING_FAST_MALLOC(ResourceLoaderOptions);

84 public:	89 public:

85 ResourceLoaderOptions()	90 ResourceLoaderOptions()

86 : dataBufferingPolicy(BufferData)	91 : dataBufferingPolicy(BufferData)

87 , allowCredentials(DoNotAllowStoredCredentials)	92 , allowCredentials(DoNotAllowStoredCredentials)

88 , credentialsRequested(ClientDidNotRequestCredentials)	93 , credentialsRequested(ClientDidNotRequestCredentials)

89 , contentSecurityPolicyOption(CheckContentSecurityPolicy)	94 , contentSecurityPolicyOption(CheckContentSecurityPolicy)

90 , requestInitiatorContext(DocumentContext)	95 , requestInitiatorContext(DocumentContext)

91 , synchronousPolicy(RequestAsynchronously)	96 , synchronousPolicy(RequestAsynchronously)

92 , corsEnabled(NotCORSEnabled)	97 , corsEnabled(NotCORSEnabled)

	98 , sameOrigin(NotSameOrigin)
	Nate Chapin 2016/03/17 22:58:18 This will make non-CORS loads always be marked Not This will make non-CORS loads always be marked NotSameOrigin. That seems strange? Yoav Weiss 2016/03/18 07:53:14 True. Maybe a third value is needed Show quoted text On 2016/03/17 22:58:18, Nate Chapin wrote: > This will make non-CORS loads always be marked NotSameOrigin. That seems > strange? True. Maybe a third value is needed
93 {	99 {

94 }	100 }

95	101

96 ResourceLoaderOptions(	102 ResourceLoaderOptions(

97 DataBufferingPolicy dataBufferingPolicy,	103 DataBufferingPolicy dataBufferingPolicy,

98 StoredCredentials allowCredentials,	104 StoredCredentials allowCredentials,

99 CredentialRequest credentialsRequested,	105 CredentialRequest credentialsRequested,

100 ContentSecurityPolicyDisposition contentSecurityPolicyOption,	106 ContentSecurityPolicyDisposition contentSecurityPolicyOption,

101 RequestInitiatorContext requestInitiatorContext)	107 RequestInitiatorContext requestInitiatorContext)

102 : dataBufferingPolicy(dataBufferingPolicy)	108 : dataBufferingPolicy(dataBufferingPolicy)

103 , allowCredentials(allowCredentials)	109 , allowCredentials(allowCredentials)

104 , credentialsRequested(credentialsRequested)	110 , credentialsRequested(credentialsRequested)

105 , contentSecurityPolicyOption(contentSecurityPolicyOption)	111 , contentSecurityPolicyOption(contentSecurityPolicyOption)

106 , requestInitiatorContext(requestInitiatorContext)	112 , requestInitiatorContext(requestInitiatorContext)

107 , synchronousPolicy(RequestAsynchronously)	113 , synchronousPolicy(RequestAsynchronously)

108 , corsEnabled(NotCORSEnabled)	114 , corsEnabled(NotCORSEnabled)

	115 , sameOrigin(NotSameOrigin)

109 {	116 {

110 }	117 }

111	118

112 // Answers the question "can a separate request with these	119 // Answers the question "can a separate request with these

113 // different options be re-used" (e.g. preload request)	120 // different options be re-used" (e.g. preload request)

114 // The safe (but possibly slow) answer is always false.	121 // The safe (but possibly slow) answer is always false.

115 bool canReuseRequest(const ResourceLoaderOptions& other) const	122 bool canReuseRequest(const ResourceLoaderOptions& other) const;

116 {

117 // dataBufferingPolicy differences are believed to be safe for re-use.

118 // FIXME: check allowCredentials.

119 // FIXME: check credentialsRequested.

120 // FIXME: check contentSecurityPolicyOption.

121 // initiatorInfo is purely informational and should be benign for re-use .

122 // requestInitiatorContext is benign (indicates document vs. worker)

123 // synchronousPolicy (safe to re-use an async XHR response for sync, etc .)

124 return corsEnabled == other.corsEnabled;

125 // securityOrigin has more complicated checks which callers are responsi ble for.

126 }

127	123

128 // When adding members, CrossThreadResourceLoaderOptionsData should be	124 // When adding members, CrossThreadResourceLoaderOptionsData should be

129 // updated.	125 // updated.

130 DataBufferingPolicy dataBufferingPolicy;	126 DataBufferingPolicy dataBufferingPolicy;

131 StoredCredentials allowCredentials; // Whether HTTP credentials and cookies are sent with the request.	127 StoredCredentials allowCredentials; // Whether HTTP credentials and cookies are sent with the request.

132 CredentialRequest credentialsRequested; // Whether the client (e.g. XHR) wan ted credentials in the first place.	128 CredentialRequest credentialsRequested; // Whether the client (e.g. XHR) wan ted credentials in the first place.

133 ContentSecurityPolicyDisposition contentSecurityPolicyOption;	129 ContentSecurityPolicyDisposition contentSecurityPolicyOption;

134 FetchInitiatorInfo initiatorInfo;	130 FetchInitiatorInfo initiatorInfo;

135 RequestInitiatorContext requestInitiatorContext;	131 RequestInitiatorContext requestInitiatorContext;

136 SynchronousPolicy synchronousPolicy;	132 SynchronousPolicy synchronousPolicy;

137 CORSEnabled corsEnabled; // If the resource is loaded out-of-origin, whether or not to use CORS.	133 CORSEnabled corsEnabled; // If the resource is loaded out-of-origin, whether or not to use CORS.

138 RefPtr<SecurityOrigin> securityOrigin;	134 RefPtr<SecurityOrigin> securityOrigin;

	135 SameOrigin sameOrigin;

139 };	136 };

140	137

141 // Encode AtomicString (in FetchInitiatorInfo) as String to cross threads.	138 // Encode AtomicString (in FetchInitiatorInfo) as String to cross threads.

142 struct CrossThreadResourceLoaderOptionsData {	139 struct CrossThreadResourceLoaderOptionsData {

143 DISALLOW_NEW();	140 DISALLOW_NEW();

144 explicit CrossThreadResourceLoaderOptionsData(const ResourceLoaderOptions& o ptions)	141 explicit CrossThreadResourceLoaderOptionsData(const ResourceLoaderOptions& o ptions)

145 : dataBufferingPolicy(options.dataBufferingPolicy)	142 : dataBufferingPolicy(options.dataBufferingPolicy)

146 , allowCredentials(options.allowCredentials)	143 , allowCredentials(options.allowCredentials)

147 , credentialsRequested(options.credentialsRequested)	144 , credentialsRequested(options.credentialsRequested)

148 , contentSecurityPolicyOption(options.contentSecurityPolicyOption)	145 , contentSecurityPolicyOption(options.contentSecurityPolicyOption)

149 , initiatorInfo(options.initiatorInfo)	146 , initiatorInfo(options.initiatorInfo)

150 , requestInitiatorContext(options.requestInitiatorContext)	147 , requestInitiatorContext(options.requestInitiatorContext)

151 , synchronousPolicy(options.synchronousPolicy)	148 , synchronousPolicy(options.synchronousPolicy)

152 , corsEnabled(options.corsEnabled)	149 , corsEnabled(options.corsEnabled)

153 , securityOrigin(options.securityOrigin ? options.securityOrigin->isolat edCopy() : nullptr) { }	150 , securityOrigin(options.securityOrigin ? options.securityOrigin->isolat edCopy() : nullptr)

	151 , sameOrigin(options.sameOrigin) { }

154	152

155 operator ResourceLoaderOptions() const	153 operator ResourceLoaderOptions() const

156 {	154 {

157 ResourceLoaderOptions options;	155 ResourceLoaderOptions options;

158 options.dataBufferingPolicy = dataBufferingPolicy;	156 options.dataBufferingPolicy = dataBufferingPolicy;

159 options.allowCredentials = allowCredentials;	157 options.allowCredentials = allowCredentials;

160 options.credentialsRequested = credentialsRequested;	158 options.credentialsRequested = credentialsRequested;

161 options.contentSecurityPolicyOption = contentSecurityPolicyOption;	159 options.contentSecurityPolicyOption = contentSecurityPolicyOption;

162 options.initiatorInfo = initiatorInfo;	160 options.initiatorInfo = initiatorInfo;

163 options.requestInitiatorContext = requestInitiatorContext;	161 options.requestInitiatorContext = requestInitiatorContext;

164 options.synchronousPolicy = synchronousPolicy;	162 options.synchronousPolicy = synchronousPolicy;

165 options.corsEnabled = corsEnabled;	163 options.corsEnabled = corsEnabled;

166 options.securityOrigin = securityOrigin;	164 options.securityOrigin = securityOrigin;

	165 options.sameOrigin = sameOrigin;

167 return options;	166 return options;

168 }	167 }

169	168

170 DataBufferingPolicy dataBufferingPolicy;	169 DataBufferingPolicy dataBufferingPolicy;

171 StoredCredentials allowCredentials;	170 StoredCredentials allowCredentials;

172 CredentialRequest credentialsRequested;	171 CredentialRequest credentialsRequested;

173 ContentSecurityPolicyDisposition contentSecurityPolicyOption;	172 ContentSecurityPolicyDisposition contentSecurityPolicyOption;

174 CrossThreadFetchInitiatorInfoData initiatorInfo;	173 CrossThreadFetchInitiatorInfoData initiatorInfo;

175 RequestInitiatorContext requestInitiatorContext;	174 RequestInitiatorContext requestInitiatorContext;

176 SynchronousPolicy synchronousPolicy;	175 SynchronousPolicy synchronousPolicy;

177 CORSEnabled corsEnabled;	176 CORSEnabled corsEnabled;

178 RefPtr<SecurityOrigin> securityOrigin;	177 RefPtr<SecurityOrigin> securityOrigin;

	178 SameOrigin sameOrigin;

179 };	179 };

180	180

181 template <>	181 template <>

182 struct CrossThreadCopier<ResourceLoaderOptions> {	182 struct CrossThreadCopier<ResourceLoaderOptions> {

183 using Type = CrossThreadResourceLoaderOptionsData;	183 using Type = CrossThreadResourceLoaderOptionsData;

184 static Type copy(const ResourceLoaderOptions& options)	184 static Type copy(const ResourceLoaderOptions& options)

185 {	185 {

186 return CrossThreadResourceLoaderOptionsData(options);	186 return CrossThreadResourceLoaderOptionsData(options);

187 }	187 }

188 };	188 };

189	189

190 } // namespace blink	190 } // namespace blink

191	191

192 #endif // ResourceLoaderOptions_h	192 #endif // ResourceLoaderOptions_h

OLD	NEW