| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "modules/fetch/Request.h" | 5 #include "modules/fetch/Request.h" |
| 6 | 6 |
| 7 #include "bindings/core/v8/Dictionary.h" | 7 #include "bindings/core/v8/Dictionary.h" |
| 8 #include "core/dom/Document.h" | 8 #include "core/dom/Document.h" |
| 9 #include "core/dom/ExecutionContext.h" | 9 #include "core/dom/ExecutionContext.h" |
| 10 #include "core/fetch/FetchUtils.h" | 10 #include "core/fetch/FetchUtils.h" |
| 11 #include "core/fetch/ResourceLoaderOptions.h" | 11 #include "core/fetch/ResourceLoaderOptions.h" |
| 12 #include "core/loader/ThreadableLoader.h" | 12 #include "core/loader/ThreadableLoader.h" |
| 13 #include "modules/fetch/BodyStreamBuffer.h" | 13 #include "modules/fetch/BodyStreamBuffer.h" |
| 14 #include "modules/fetch/DataConsumerHandleUtil.h" | 14 #include "modules/fetch/DataConsumerHandleUtil.h" |
| 15 #include "modules/fetch/FetchBlobDataConsumerHandle.h" | 15 #include "modules/fetch/FetchBlobDataConsumerHandle.h" |
| 16 #include "modules/fetch/FetchManager.h" | 16 #include "modules/fetch/FetchManager.h" |
| 17 #include "modules/fetch/RequestInit.h" | 17 #include "modules/fetch/RequestInit.h" |
| 18 #include "platform/HTTPNames.h" | 18 #include "platform/HTTPNames.h" |
| 19 #include "platform/network/HTTPParsers.h" | 19 #include "platform/network/HTTPParsers.h" |
| 20 #include "platform/network/ResourceRequest.h" | 20 #include "platform/network/ResourceRequest.h" |
| 21 #include "platform/weborigin/OriginAccessEntry.h" |
| 21 #include "platform/weborigin/Referrer.h" | 22 #include "platform/weborigin/Referrer.h" |
| 22 #include "public/platform/WebURLRequest.h" | 23 #include "public/platform/WebURLRequest.h" |
| 23 #include "public/platform/modules/serviceworker/WebServiceWorkerRequest.h" | 24 #include "public/platform/modules/serviceworker/WebServiceWorkerRequest.h" |
| 24 | 25 |
| 25 namespace blink { | 26 namespace blink { |
| 26 | 27 |
| 27 FetchRequestData* createCopyOfFetchRequestDataForFetch(ScriptState* scriptState,
const FetchRequestData* original) | 28 FetchRequestData* createCopyOfFetchRequestDataForFetch(ScriptState* scriptState,
const FetchRequestData* original) |
| 28 { | 29 { |
| 29 FetchRequestData* request = FetchRequestData::create(); | 30 FetchRequestData* request = FetchRequestData::create(); |
| 30 request->setURL(original->url()); | 31 request->setURL(original->url()); |
| (...skipping 288 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 319 exceptionState.throwTypeError("Request with GET/HEAD method cannot h
ave body."); | 320 exceptionState.throwTypeError("Request with GET/HEAD method cannot h
ave body."); |
| 320 return nullptr; | 321 return nullptr; |
| 321 } | 322 } |
| 322 } | 323 } |
| 323 | 324 |
| 324 // TODO(mkwst): See the comment in RequestInit about serializing the attache
d credential | 325 // TODO(mkwst): See the comment in RequestInit about serializing the attache
d credential |
| 325 // prior to hitting the Service Worker machinery. | 326 // prior to hitting the Service Worker machinery. |
| 326 if (request->credentials() == WebURLRequest::FetchCredentialsModePassword) { | 327 if (request->credentials() == WebURLRequest::FetchCredentialsModePassword) { |
| 327 r->getHeaders()->append(HTTPNames::Content_Type, init.contentType, excep
tionState); | 328 r->getHeaders()->append(HTTPNames::Content_Type, init.contentType, excep
tionState); |
| 328 | 329 |
| 329 // TODO(mkwst): This should be a registrable-domain match. | 330 const OriginAccessEntry accessEntry = OriginAccessEntry(r->url().protoco
l(), r->url().host(), OriginAccessEntry::AllowRegisterableDomains); |
| 330 if (!origin->canRequest(r->url())) { | 331 if (accessEntry.matchesDomain(*origin) == OriginAccessEntry::DoesNotMatc
hOrigin) { |
| 331 exceptionState.throwTypeError("Credentials may only be submitted to
same-origin endpoints."); | 332 exceptionState.throwTypeError("Credentials may only be submitted to
endpoints on the same registrable domain."); |
| 332 return nullptr; | 333 return nullptr; |
| 333 } | 334 } |
| 334 } | 335 } |
| 335 | 336 |
| 336 // "If |init|'s body member is present, run these substeps:" | 337 // "If |init|'s body member is present, run these substeps:" |
| 337 if (init.body) { | 338 if (init.body) { |
| 338 // Perform the following steps: | 339 // Perform the following steps: |
| 339 // - "Let |stream| and |Content-Type| be the result of extracting | 340 // - "Let |stream| and |Content-Type| be the result of extracting |
| 340 // |init|'s body member." | 341 // |init|'s body member." |
| 341 // - "Set |temporaryBody| to |stream|. | 342 // - "Set |temporaryBody| to |stream|. |
| (...skipping 304 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 646 } | 647 } |
| 647 | 648 |
| 648 DEFINE_TRACE(Request) | 649 DEFINE_TRACE(Request) |
| 649 { | 650 { |
| 650 Body::trace(visitor); | 651 Body::trace(visitor); |
| 651 visitor->trace(m_request); | 652 visitor->trace(m_request); |
| 652 visitor->trace(m_headers); | 653 visitor->trace(m_headers); |
| 653 } | 654 } |
| 654 | 655 |
| 655 } // namespace blink | 656 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1918253002:
CREDENTIAL: Credentials should be submitted within a registrable domain. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master