Skip foreign fetch when the skipServiceWorker flag is set on a request.

third_party/WebKit/Source/core/fetch/ResourceLoader.cpp

 /*
  * Copyright (C) 2006, 2007, 2010, 2011 Apple Inc. All rights reserved.
  *           (C) 2007 Graham Dennis (graham.dennis@gmail.com)
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1.  Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
@@ skipping 134 matching lines @@
 }
 
 bool ResourceLoader::responseNeedsAccessControlCheck() const
 {
     // If the fetch was (potentially) CORS enabled, an access control check of the response is required.
     return m_resource->options().corsEnabled == IsCORSEnabled;
 }
 
 void ResourceLoader::didReceiveResponse(WebURLLoader*, const WebURLResponse& response, WebDataConsumerHandle* rawHandle)
 {
-    ASSERT(!response.isNull());
+    DCHECK(!response.isNull());
     // |rawHandle|'s ownership is transferred to the callee.
     std::unique_ptr<WebDataConsumerHandle> handle = wrapUnique(rawHandle);
     const ResourceResponse& resourceResponse = response.toResourceResponse();
 
     if (responseNeedsAccessControlCheck()) {
         if (response.wasFetchedViaServiceWorker()) {
             if (response.wasFallbackRequiredByServiceWorker()) {
                 m_loader.reset();
                 m_loader = wrapUnique(Platform::current()->createURLLoader());
-                ASSERT(m_loader);
+                DCHECK(m_loader);
                 ResourceRequest request = m_resource->lastResourceRequest();
-                ASSERT(!request.skipServiceWorker());
-                request.setSkipServiceWorker(true);
+                DCHECK_EQ(request.skipServiceWorker(), WebURLRequest::SkipServiceWorker::None);
+                request.setSkipServiceWorker(WebURLRequest::SkipServiceWorker::Controlling);

[horo, 2016/06/28 12:10:02]

This code is executed when a CORS request was send to the SW but respondWith()
is not called.
In this case, we should skip all SW.

[Marijn Kruisselbrink, 2016/06/28 17:06:12]

Also see my reply in DocumentThreadableLoader, but no, in this case we should
not skip foreign fetch service workers since CORS requests generally are exactly
the requests we do want foreign fetch to intercept. The layout test I added that
injects a cross origin script tag in a service worker controlled page exercises
this code, and I do expect that script tag to be intercepted by foreign fetch.

                 m_loader->loadAsynchronously(WrappedResourceRequest(request), this);
                 return;
             }
         } else {
             if (!m_resource->isCacheValidator() || resourceResponse.httpStatusCode() != 304)
                 m_resource->setResponse(resourceResponse);
             if (!m_fetcher->canAccessResource(m_resource.get(), m_resource->options().securityOrigin.get(), response.url(), ResourceFetcher::ShouldLogAccessControlErrors)) {
                 m_fetcher->didReceiveResponse(m_resource.get(), resourceResponse);
                 didFail(nullptr, ResourceError::cancelledDueToAccessCheckError(KURL(response.url())));
                 return;
@@ skipping 76 matching lines @@
     // empty buffer is a noop in most cases, but is destructive in the case of
     // a 304, where it will overwrite the cached data we should be reusing.
     if (dataOut.size()) {
         m_fetcher->didReceiveData(m_resource.get(), dataOut.data(), dataOut.size(), encodedDataLength);
         m_resource->setResourceBuffer(dataOut);
     }
     didFinishLoading(0, monotonicallyIncreasingTime(), encodedDataLength);
 }
 
 } // namespace blink