Skip foreign fetch when the skipServiceWorker flag is set on a request.

third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp

 /*
  * Copyright (C) 2011, 2012 Google Inc. All rights reserved.
  * Copyright (C) 2013, Intel Corporation
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
@@ skipping 79 matching lines @@
 
     Reader* obtainReaderInternal(Client* client) override
     {
         return new EmptyDataReader(client);
     }
     const char* debugName() const override { return "EmptyDataHandle"; }
 };
 
 // No-CORS requests are allowed for all these contexts, and plugin contexts with
 // private permission when we set skipServiceWorker flag in PepperURLLoaderHost.
-bool IsNoCORSAllowedContext(WebURLRequest::RequestContext context, bool skipServiceWorker)
+bool IsNoCORSAllowedContext(WebURLRequest::RequestContext context, WebURLRequest::SkipServiceWorker skipServiceWorker)
 {
     switch (context) {
     case WebURLRequest::RequestContextAudio:
     case WebURLRequest::RequestContextVideo:
     case WebURLRequest::RequestContextObject:
     case WebURLRequest::RequestContextFavicon:
     case WebURLRequest::RequestContextImage:
     case WebURLRequest::RequestContextScript:
         return true;
     case WebURLRequest::RequestContextPlugin:
-        return skipServiceWorker;
+        return skipServiceWorker == WebURLRequest::SkipServiceWorker::All;
     default:
         return false;
     }
 }
 
 } // namespace
 
 // Max number of CORS redirects handled in DocumentThreadableLoader.
 // Same number as net/url_request/url_request.cc, and
 // same number as https://fetch.spec.whatwg.org/#concept-http-fetch, Step 4.
@@ skipping 109 matching lines @@
             break;
         }
         if (m_resourceLoaderOptions.allowCredentials == AllowStoredCredentials)
             newRequest.setFetchCredentialsMode(WebURLRequest::FetchCredentialsModeInclude);
         else
             newRequest.setFetchCredentialsMode(WebURLRequest::FetchCredentialsModeSameOrigin);
     }
 
     // We assume that ServiceWorker is skipped for sync requests and unsupported
     // protocol requests by content/ code.
-    if (m_async && !request.skipServiceWorker() && SchemeRegistry::shouldTreatURLSchemeAsAllowingServiceWorkers(request.url().protocol()) && m_document->fetcher()->isControlledByServiceWorker()) {
+    if (m_async && request.skipServiceWorker() == WebURLRequest::SkipServiceWorker::None && SchemeRegistry::shouldTreatURLSchemeAsAllowingServiceWorkers(request.url().protocol()) && m_document->fetcher()->isControlledByServiceWorker()) {
         if (newRequest.fetchRequestMode() == WebURLRequest::FetchRequestModeCORS || newRequest.fetchRequestMode() == WebURLRequest::FetchRequestModeCORSWithForcedPreflight) {
             m_fallbackRequestForServiceWorker = ResourceRequest(request);
-            m_fallbackRequestForServiceWorker.setSkipServiceWorker(true);
+            // m_fallbackRequestForServiceWorker is used when a regular controlling
+            // service worker doesn't handle a cross origin request. When this happens
+            // we still want to give foreign fetch a chance to handle the request, so
+            // only skip the controlling service worker for the fallback request.
+            // This is currently safe because of http://crbug.com/604084 the
+            // wasFallbackRequiredByServiceWorker flag is never set when foreign fetch
+            // handled a request.
+            m_fallbackRequestForServiceWorker.setSkipServiceWorker(WebURLRequest::SkipServiceWorker::Controlling);
         }
         loadRequest(newRequest, m_resourceLoaderOptions);
         // |this| may be dead here.
         return;
     }
 
     dispatchInitialRequest(newRequest);
     // |this| may be dead here in async mode.
 }
 
@@ skipping 567 matching lines @@
     m_actualOptions = ResourceLoaderOptions();
 
     actualRequest.setHTTPOrigin(getSecurityOrigin());
 
     clearResource();
 
     // Explicitly set the SkipServiceWorker flag here. Even if the page was not
     // controlled by a SW when the preflight request was sent, a new SW may be
     // controlling the page now by calling clients.claim(). We should not send
     // the actual request to the SW. https://crbug.com/604583
-    actualRequest.setSkipServiceWorker(true);
+    actualRequest.setSkipServiceWorker(WebURLRequest::SkipServiceWorker::All);
 
     loadRequest(actualRequest, actualOptions);
     // |this| may be dead here in async mode.
 }
 
 void DocumentThreadableLoader::handlePreflightFailure(const String& url, const String& errorDescription)
 {
     ResourceError error(errorDomainBlinkInternal, 0, url, errorDescription);
 
     // Prevent handleSuccessfulFinish() from bypassing access check.
@@ skipping 150 matching lines @@
     return m_securityOrigin ? m_securityOrigin.get() : document().getSecurityOrigin();
 }
 
 Document& DocumentThreadableLoader::document() const
 {
     ASSERT(m_document);
     return *m_document;
 }
 
 } // namespace blink