Chromium Code Reviews Chromium Code Reviews
Issue 1976513002:
Set the request mode and the credentials mode even if the request will not go to ServiceWorker. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp |
| diff --git a/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp b/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp |
| index 8502e4b3e5ee2aa623430bb3177ee2daf4678638..1f2ac0e470c444c4c271b361845b90b0e9e33788 100644 |
| --- a/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp |
| +++ b/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp |
| @@ -186,50 +186,50 @@ void DocumentThreadableLoader::start(const ResourceRequest& request) |
| page->chromeClient().didObserveNonGetFetchFromScript(); |
| } |
| + ResourceRequest newRequest(request); |
| + if (m_requestContext != WebURLRequest::RequestContextFetch) { |
| + // When the request context is not "fetch", |
| + // |crossOriginRequestPolicy| represents the fetch request mode, |
| + // and |credentialsRequested| represents the fetch credentials mode. |
| + // So we set those flags here so that we can see the correct request |
| + // mode and credentials mode in the service worker's fetch event |
| + // handler. |
| + switch (m_options.crossOriginRequestPolicy) { |
| + case DenyCrossOriginRequests: |
| + newRequest.setFetchRequestMode(WebURLRequest::FetchRequestModeSameOrigin); |
| + break; |
| + case UseAccessControl: |
| + if (m_options.preflightPolicy == ForcePreflight) |
| + newRequest.setFetchRequestMode(WebURLRequest::FetchRequestModeCORSWithForcedPreflight); |
| + else |
| + newRequest.setFetchRequestMode(WebURLRequest::FetchRequestModeCORS); |
| + break; |
| + case AllowCrossOriginRequests: |
| + // No-CORS requests are allowed only for those contexts when |
|
Marijn Kruisselbrink
2016/05/12 17:30:37
The comment doesn't match the check. You're commen
horo
2016/05/16 06:24:19
Updated comment.
|
| + // skipServiceWorker is not set. |
| + SECURITY_CHECK(request.skipServiceWorker() || m_requestContext == WebURLRequest::RequestContextAudio || m_requestContext == WebURLRequest::RequestContextVideo || m_requestContext == WebURLRequest::RequestContextObject || m_requestContext == WebURLRequest::RequestContextFavicon || m_requestContext == WebURLRequest::RequestContextImage || m_requestContext == WebURLRequest::RequestContextScript); |
| + newRequest.setFetchRequestMode(WebURLRequest::FetchRequestModeNoCORS); |
| + break; |
| + } |
| + if (m_resourceLoaderOptions.allowCredentials == AllowStoredCredentials) |
| + newRequest.setFetchCredentialsMode(WebURLRequest::FetchCredentialsModeInclude); |
| + else |
| + newRequest.setFetchCredentialsMode(WebURLRequest::FetchCredentialsModeSameOrigin); |
| + } |
| + |
| // We assume that ServiceWorker is skipped for sync requests and unsupported |
| // protocol requests by content/ code. |
| if (m_async && !request.skipServiceWorker() && SchemeRegistry::shouldTreatURLSchemeAsAllowingServiceWorkers(request.url().protocol()) && m_document->fetcher()->isControlledByServiceWorker()) { |
| - ResourceRequest newRequest(request); |
| - const WebURLRequest::RequestContext requestContext(request.requestContext()); |
| - if (requestContext != WebURLRequest::RequestContextFetch) { |
| - // When the request context is not "fetch", |
| - // |crossOriginRequestPolicy| represents the fetch request mode, |
| - // and |credentialsRequested| represents the fetch credentials mode. |
| - // So we set those flags here so that we can see the correct request |
| - // mode and credentials mode in the service worker's fetch event |
| - // handler. |
| - switch (m_options.crossOriginRequestPolicy) { |
| - case DenyCrossOriginRequests: |
| - newRequest.setFetchRequestMode(WebURLRequest::FetchRequestModeSameOrigin); |
| - break; |
| - case UseAccessControl: |
| - if (m_options.preflightPolicy == ForcePreflight) |
| - newRequest.setFetchRequestMode(WebURLRequest::FetchRequestModeCORSWithForcedPreflight); |
| - else |
| - newRequest.setFetchRequestMode(WebURLRequest::FetchRequestModeCORS); |
| - break; |
| - case AllowCrossOriginRequests: |
| - // No-CORS requests are allowed only for those contexts. |
| - SECURITY_CHECK(requestContext == WebURLRequest::RequestContextAudio || requestContext == WebURLRequest::RequestContextVideo || requestContext == WebURLRequest::RequestContextObject || requestContext == WebURLRequest::RequestContextFavicon || requestContext == WebURLRequest::RequestContextImage || requestContext == WebURLRequest::RequestContextScript); |
| - newRequest.setFetchRequestMode(WebURLRequest::FetchRequestModeNoCORS); |
| - break; |
| - } |
| - if (m_resourceLoaderOptions.allowCredentials == AllowStoredCredentials) |
| - newRequest.setFetchCredentialsMode(WebURLRequest::FetchCredentialsModeInclude); |
| - else |
| - newRequest.setFetchCredentialsMode(WebURLRequest::FetchCredentialsModeSameOrigin); |
| - } |
| if (newRequest.fetchRequestMode() == WebURLRequest::FetchRequestModeCORS || newRequest.fetchRequestMode() == WebURLRequest::FetchRequestModeCORSWithForcedPreflight) { |
| m_fallbackRequestForServiceWorker = ResourceRequest(request); |
| m_fallbackRequestForServiceWorker.setSkipServiceWorker(true); |
| } |
| - |
| loadRequest(newRequest, m_resourceLoaderOptions); |
| // |this| may be dead here. |
| return; |
| } |
| - dispatchInitialRequest(request); |
| + dispatchInitialRequest(newRequest); |
| // |this| may be dead here in async mode. |
| } |
