Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(883)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/modules/fetch/Request.cpp

Issue 1844053003: CREDENTIAL: Rework the integration with Fetch (1/2) (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: clear attachedcredentials Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/Source/modules/fetch/Request.h ('k') | third_party/WebKit/Source/modules/fetch/RequestInit.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/modules/fetch/Request.cpp
diff --git a/third_party/WebKit/Source/modules/fetch/Request.cpp b/third_party/WebKit/Source/modules/fetch/Request.cpp
index 1bbbb2c5e93cc3819b3ababe1f911d4f2faff0ce..54ddc5f9c1b5540c19eafb54c963f94dc017bedd 100644
--- a/third_party/WebKit/Source/modules/fetch/Request.cpp
+++ b/third_party/WebKit/Source/modules/fetch/Request.cpp
@@ -42,6 +42,7 @@ FetchRequestData* createCopyOfFetchRequestDataForFetch(ScriptState* scriptState,
request->setReferrer(original->referrer());
request->setMode(original->mode());
request->setCredentials(original->credentials());
+ request->setAttachedCredential(original->attachedCredential());
request->setRedirect(original->redirect());
request->setIntegrity(original->integrity());
// FIXME: Set cache mode.
@@ -216,6 +217,14 @@ Request* Request::createRequestWithRequestOrString(ScriptState* scriptState, Req
request->setCredentials(WebURLRequest::FetchCredentialsModeSameOrigin);
} else if (init.credentials == "include") {
request->setCredentials(WebURLRequest::FetchCredentialsModeInclude);
+ } else if (init.credentials == "password") {
+ if (!init.attachedCredential.get()) {
+ exceptionState.throwTypeError("Cannot construct a Request with a credential mode of 'password' without a PasswordCredential.");
+ return nullptr;
+ }
+ request->setCredentials(WebURLRequest::FetchCredentialsModePassword);
+ request->setAttachedCredential(init.attachedCredential);
+ request->setRedirect(WebURLRequest::FetchRedirectModeManual);
} else {
if (!inputRequest)
request->setCredentials(WebURLRequest::FetchCredentialsModeOmit);
@@ -305,13 +314,25 @@ Request* Request::createRequestWithRequestOrString(ScriptState* scriptState, Req
// "If either |init|'s body member is present or |temporaryBody| is
// non-null, and |request|'s method is `GET` or `HEAD`, throw a TypeError.
- if (init.body || temporaryBody) {
+ if (init.body || temporaryBody || request->credentials() == WebURLRequest::FetchCredentialsModePassword) {
if (request->method() == HTTPNames::GET || request->method() == HTTPNames::HEAD) {
exceptionState.throwTypeError("Request with GET/HEAD method cannot have body.");
return nullptr;
}
}
+ // TODO(mkwst): See the comment in RequestInit about serializing the attached credential
+ // prior to hitting the Service Worker machinery.
+ if (request->credentials() == WebURLRequest::FetchCredentialsModePassword) {
+ r->getHeaders()->append(HTTPNames::Content_Type, init.contentType, exceptionState);
+
+ // TODO(mkwst): This should be a registrable-domain match.
+ if (!origin->canRequest(r->url())) {
+ exceptionState.throwTypeError("Credentials may only be submitted to same-origin endpoints.");
+ return nullptr;
+ }
+ }
+
// "If |init|'s body member is present, run these substeps:"
if (init.body) {
// Perform the following steps:
@@ -334,22 +355,6 @@ Request* Request::createRequestWithRequestOrString(ScriptState* scriptState, Req
if (temporaryBody)
r->m_request->setBuffer(temporaryBody);
- // https://w3c.github.io/webappsec-credential-management/#monkey-patching-fetch-3
- // "If |init|'s body member is a 'Credential' object:"
- if (init.isCredentialRequest) {
- // "1. If |r|'s url is not the same as |r|'s client’s origin, throw a TypeError."
- if (!origin->canRequest(r->url())) {
- exceptionState.throwTypeError("Credentials may only be submitted to same-origin endpoints.");
- return nullptr;
- }
- // "2. Set |r|'s redirect mode to "error"."
- r->m_request->setRedirect(WebURLRequest::FetchRedirectModeError);
- // "3. Set |r|'s skip-service-worker flag."
- // TODO(mkwst): Set this flag.
- // "4. Set |r|'s opaque flag."
- r->setOpaque();
- }
-
// "Set |r|'s MIME type to the result of extracting a MIME type from |r|'s
// request's header list."
r->m_request->setMIMEType(r->m_request->headerList()->extractMIMEType());
@@ -560,6 +565,8 @@ String Request::credentials() const
return "same-origin";
case WebURLRequest::FetchCredentialsModeInclude:
return "include";
+ case WebURLRequest::FetchCredentialsModePassword:
+ return "password";
}
ASSERT_NOT_REACHED();
return "";
« no previous file with comments | « third_party/WebKit/Source/modules/fetch/Request.h ('k') | third_party/WebKit/Source/modules/fetch/RequestInit.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698