| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. |
| 3 * Copyright (C) 2013, Intel Corporation | 3 * Copyright (C) 2013, Intel Corporation |
| 4 * | 4 * |
| 5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
| 6 * modification, are permitted provided that the following conditions are | 6 * modification, are permitted provided that the following conditions are |
| 7 * met: | 7 * met: |
| 8 * | 8 * |
| 9 * * Redistributions of source code must retain the above copyright | 9 * * Redistributions of source code must retain the above copyright |
| 10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 86 WeakPtrFactory<EmptyDataReader> m_factory; | 86 WeakPtrFactory<EmptyDataReader> m_factory; |
| 87 }; | 87 }; |
| 88 | 88 |
| 89 Reader* obtainReaderInternal(Client* client) override | 89 Reader* obtainReaderInternal(Client* client) override |
| 90 { | 90 { |
| 91 return new EmptyDataReader(client); | 91 return new EmptyDataReader(client); |
| 92 } | 92 } |
| 93 const char* debugName() const override { return "EmptyDataHandle"; } | 93 const char* debugName() const override { return "EmptyDataHandle"; } |
| 94 }; | 94 }; |
| 95 | 95 |
| 96 // No-CORS requests are allowed for all these contexts, and plugin contexts with |
| 97 // private permission when we set skipServiceWorker flag in PepperURLLoaderHost. |
| 98 bool IsNoCORSAllowedContext(WebURLRequest::RequestContext context, bool skipServ
iceWorker) |
| 99 { |
| 100 switch (context) { |
| 101 case WebURLRequest::RequestContextAudio: |
| 102 case WebURLRequest::RequestContextVideo: |
| 103 case WebURLRequest::RequestContextObject: |
| 104 case WebURLRequest::RequestContextFavicon: |
| 105 case WebURLRequest::RequestContextImage: |
| 106 case WebURLRequest::RequestContextScript: |
| 107 return true; |
| 108 case WebURLRequest::RequestContextPlugin: |
| 109 return skipServiceWorker; |
| 110 default: |
| 111 return false; |
| 112 } |
| 113 } |
| 114 |
| 96 } // namespace | 115 } // namespace |
| 97 | 116 |
| 98 // Max number of CORS redirects handled in DocumentThreadableLoader. | 117 // Max number of CORS redirects handled in DocumentThreadableLoader. |
| 99 // Same number as net/url_request/url_request.cc, and | 118 // Same number as net/url_request/url_request.cc, and |
| 100 // same number as https://fetch.spec.whatwg.org/#concept-http-fetch, Step 4. | 119 // same number as https://fetch.spec.whatwg.org/#concept-http-fetch, Step 4. |
| 101 // FIXME: currently the number of redirects is counted and limited here and in | 120 // FIXME: currently the number of redirects is counted and limited here and in |
| 102 // net/url_request/url_request.cc separately. | 121 // net/url_request/url_request.cc separately. |
| 103 static const int kMaxCORSRedirects = 20; | 122 static const int kMaxCORSRedirects = 20; |
| 104 | 123 |
| 105 void DocumentThreadableLoader::loadResourceSynchronously(Document& document, con
st ResourceRequest& request, ThreadableLoaderClient& client, const ThreadableLoa
derOptions& options, const ResourceLoaderOptions& resourceLoaderOptions) | 124 void DocumentThreadableLoader::loadResourceSynchronously(Document& document, con
st ResourceRequest& request, ThreadableLoaderClient& client, const ThreadableLoa
derOptions& options, const ResourceLoaderOptions& resourceLoaderOptions) |
| (...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 179 // recorded here. | 198 // recorded here. |
| 180 // - ThreadableLoader w/ non-GET request is only created from javascript | 199 // - ThreadableLoader w/ non-GET request is only created from javascript |
| 181 // initiated fetch. | 200 // initiated fetch. |
| 182 // - Some non-script initiated fetches such as WorkerScriptLoader also use | 201 // - Some non-script initiated fetches such as WorkerScriptLoader also use |
| 183 // ThreadableLoader, but they are guaranteed to use GET method. | 202 // ThreadableLoader, but they are guaranteed to use GET method. |
| 184 if (request.httpMethod() != HTTPNames::GET) { | 203 if (request.httpMethod() != HTTPNames::GET) { |
| 185 if (Page* page = m_document->page()) | 204 if (Page* page = m_document->page()) |
| 186 page->chromeClient().didObserveNonGetFetchFromScript(); | 205 page->chromeClient().didObserveNonGetFetchFromScript(); |
| 187 } | 206 } |
| 188 | 207 |
| 208 ResourceRequest newRequest(request); |
| 209 if (m_requestContext != WebURLRequest::RequestContextFetch) { |
| 210 // When the request context is not "fetch", |
| 211 // |crossOriginRequestPolicy| represents the fetch request mode, |
| 212 // and |credentialsRequested| represents the fetch credentials mode. |
| 213 // So we set those flags here so that we can see the correct request |
| 214 // mode and credentials mode in the service worker's fetch event |
| 215 // handler. |
| 216 switch (m_options.crossOriginRequestPolicy) { |
| 217 case DenyCrossOriginRequests: |
| 218 newRequest.setFetchRequestMode(WebURLRequest::FetchRequestModeSameOr
igin); |
| 219 break; |
| 220 case UseAccessControl: |
| 221 if (m_options.preflightPolicy == ForcePreflight) |
| 222 newRequest.setFetchRequestMode(WebURLRequest::FetchRequestModeCO
RSWithForcedPreflight); |
| 223 else |
| 224 newRequest.setFetchRequestMode(WebURLRequest::FetchRequestModeCO
RS); |
| 225 break; |
| 226 case AllowCrossOriginRequests: |
| 227 SECURITY_CHECK(IsNoCORSAllowedContext(m_requestContext, request.skip
ServiceWorker())); |
| 228 newRequest.setFetchRequestMode(WebURLRequest::FetchRequestModeNoCORS
); |
| 229 break; |
| 230 } |
| 231 if (m_resourceLoaderOptions.allowCredentials == AllowStoredCredentials) |
| 232 newRequest.setFetchCredentialsMode(WebURLRequest::FetchCredentialsMo
deInclude); |
| 233 else |
| 234 newRequest.setFetchCredentialsMode(WebURLRequest::FetchCredentialsMo
deSameOrigin); |
| 235 } |
| 236 |
| 189 // We assume that ServiceWorker is skipped for sync requests and unsupported | 237 // We assume that ServiceWorker is skipped for sync requests and unsupported |
| 190 // protocol requests by content/ code. | 238 // protocol requests by content/ code. |
| 191 if (m_async && !request.skipServiceWorker() && SchemeRegistry::shouldTreatUR
LSchemeAsAllowingServiceWorkers(request.url().protocol()) && m_document->fetcher
()->isControlledByServiceWorker()) { | 239 if (m_async && !request.skipServiceWorker() && SchemeRegistry::shouldTreatUR
LSchemeAsAllowingServiceWorkers(request.url().protocol()) && m_document->fetcher
()->isControlledByServiceWorker()) { |
| 192 ResourceRequest newRequest(request); | |
| 193 const WebURLRequest::RequestContext requestContext(request.requestContex
t()); | |
| 194 if (requestContext != WebURLRequest::RequestContextFetch) { | |
| 195 // When the request context is not "fetch", | |
| 196 // |crossOriginRequestPolicy| represents the fetch request mode, | |
| 197 // and |credentialsRequested| represents the fetch credentials mode. | |
| 198 // So we set those flags here so that we can see the correct request | |
| 199 // mode and credentials mode in the service worker's fetch event | |
| 200 // handler. | |
| 201 switch (m_options.crossOriginRequestPolicy) { | |
| 202 case DenyCrossOriginRequests: | |
| 203 newRequest.setFetchRequestMode(WebURLRequest::FetchRequestModeSa
meOrigin); | |
| 204 break; | |
| 205 case UseAccessControl: | |
| 206 if (m_options.preflightPolicy == ForcePreflight) | |
| 207 newRequest.setFetchRequestMode(WebURLRequest::FetchRequestMo
deCORSWithForcedPreflight); | |
| 208 else | |
| 209 newRequest.setFetchRequestMode(WebURLRequest::FetchRequestMo
deCORS); | |
| 210 break; | |
| 211 case AllowCrossOriginRequests: | |
| 212 // No-CORS requests are allowed only for those contexts. | |
| 213 SECURITY_CHECK(requestContext == WebURLRequest::RequestContextAu
dio || requestContext == WebURLRequest::RequestContextVideo || requestContext ==
WebURLRequest::RequestContextObject || requestContext == WebURLRequest::Request
ContextFavicon || requestContext == WebURLRequest::RequestContextImage || reques
tContext == WebURLRequest::RequestContextScript); | |
| 214 newRequest.setFetchRequestMode(WebURLRequest::FetchRequestModeNo
CORS); | |
| 215 break; | |
| 216 } | |
| 217 if (m_resourceLoaderOptions.allowCredentials == AllowStoredCredentia
ls) | |
| 218 newRequest.setFetchCredentialsMode(WebURLRequest::FetchCredentia
lsModeInclude); | |
| 219 else | |
| 220 newRequest.setFetchCredentialsMode(WebURLRequest::FetchCredentia
lsModeSameOrigin); | |
| 221 } | |
| 222 if (newRequest.fetchRequestMode() == WebURLRequest::FetchRequestModeCORS
|| newRequest.fetchRequestMode() == WebURLRequest::FetchRequestModeCORSWithForc
edPreflight) { | 240 if (newRequest.fetchRequestMode() == WebURLRequest::FetchRequestModeCORS
|| newRequest.fetchRequestMode() == WebURLRequest::FetchRequestModeCORSWithForc
edPreflight) { |
| 223 m_fallbackRequestForServiceWorker = ResourceRequest(request); | 241 m_fallbackRequestForServiceWorker = ResourceRequest(request); |
| 224 m_fallbackRequestForServiceWorker.setSkipServiceWorker(true); | 242 m_fallbackRequestForServiceWorker.setSkipServiceWorker(true); |
| 225 } | 243 } |
| 226 | |
| 227 loadRequest(newRequest, m_resourceLoaderOptions); | 244 loadRequest(newRequest, m_resourceLoaderOptions); |
| 228 // |this| may be dead here. | 245 // |this| may be dead here. |
| 229 return; | 246 return; |
| 230 } | 247 } |
| 231 | 248 |
| 232 dispatchInitialRequest(request); | 249 dispatchInitialRequest(newRequest); |
| 233 // |this| may be dead here in async mode. | 250 // |this| may be dead here in async mode. |
| 234 } | 251 } |
| 235 | 252 |
| 236 void DocumentThreadableLoader::dispatchInitialRequest(const ResourceRequest& req
uest) | 253 void DocumentThreadableLoader::dispatchInitialRequest(const ResourceRequest& req
uest) |
| 237 { | 254 { |
| 238 if (!request.isExternalRequest() && (m_sameOriginRequest || m_options.crossO
riginRequestPolicy == AllowCrossOriginRequests)) { | 255 if (!request.isExternalRequest() && (m_sameOriginRequest || m_options.crossO
riginRequestPolicy == AllowCrossOriginRequests)) { |
| 239 loadRequest(request, m_resourceLoaderOptions); | 256 loadRequest(request, m_resourceLoaderOptions); |
| 240 // |this| may be dead here in async mode. | 257 // |this| may be dead here in async mode. |
| 241 return; | 258 return; |
| 242 } | 259 } |
| (...skipping 731 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 974 return m_securityOrigin ? m_securityOrigin.get() : document().getSecurityOri
gin(); | 991 return m_securityOrigin ? m_securityOrigin.get() : document().getSecurityOri
gin(); |
| 975 } | 992 } |
| 976 | 993 |
| 977 Document& DocumentThreadableLoader::document() const | 994 Document& DocumentThreadableLoader::document() const |
| 978 { | 995 { |
| 979 ASSERT(m_document); | 996 ASSERT(m_document); |
| 980 return *m_document; | 997 return *m_document; |
| 981 } | 998 } |
| 982 | 999 |
| 983 } // namespace blink | 1000 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1976513002:
Set the request mode and the credentials mode even if the request will not go to ServiceWorker. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master