Check the mime type of cross-origin CSS fetched via the Service Worker.

third_party/WebKit/Source/core/css/StyleSheetContents.cpp

Index: third_party/WebKit/Source/core/css/StyleSheetContents.cpp
diff --git a/third_party/WebKit/Source/core/css/StyleSheetContents.cpp b/third_party/WebKit/Source/core/css/StyleSheetContents.cpp
index f60e92860d25c832c1680cf3baca182b6671c050..32f43dca5952767bb1464120ba165b096a55f5ee 100644
--- a/third_party/WebKit/Source/core/css/StyleSheetContents.cpp
+++ b/third_party/WebKit/Source/core/css/StyleSheetContents.cpp
@@ -322,6 +322,12 @@ void StyleSheetContents::parseAuthorStyleSheet(const CSSStyleSheetResource* cach
     TRACE_EVENT1("blink,devtools.timeline", "ParseAuthorStyleSheet", "data", InspectorParseAuthorStyleSheetEvent::data(cachedStyleSheet));
 
     bool isSameOriginRequest = securityOrigin && securityOrigin->canRequest(baseURL());
+
+    // When the response was fetched via the Service Worker, the original URL may not be same as the base URL.
+    // FIXME: When we will use the original URL as the base URL, we can remove this check. crbug.com/553535

[Mike West, 2016/04/06 06:54:16]

Nit: s/FIXME/TODO(horo)/

[horo, 2016/04/06 08:13:50]

Done.

+    if (cachedStyleSheet->response().wasFetchedViaServiceWorker() && !securityOrigin->canRequest(cachedStyleSheet->response().originalURLViaServiceWorker()))

[Mike West, 2016/04/06 06:54:16]

What do we do for purely synthetic responses? It seems like those ought to be
considered same-origin.

[horo, 2016/04/06 08:13:50]

Done.
Added isEmpty() checking.

+        isSameOriginRequest = false;
+
     CSSStyleSheetResource::MIMETypeCheck mimeTypeCheck = isQuirksModeBehavior(m_parserContext.mode()) && isSameOriginRequest ? CSSStyleSheetResource::MIMETypeCheck::Lax : CSSStyleSheetResource::MIMETypeCheck::Strict;
     String sheetText = cachedStyleSheet->sheetText(mimeTypeCheck);