Change WebURLLoaderClient::willFollowRedirect() API to return bool

third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp

 /*
  * Copyright (C) 2011, 2012 Google Inc. All rights reserved.
  * Copyright (C) 2013, Intel Corporation
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
@@ skipping 397 matching lines @@
     m_requestStartedSeconds = 0.0;
     clearResource();
 }
 
 // In this method, we can clear |request| to tell content::WebURLLoaderImpl of
 // Chromium not to follow the redirect. This works only when this method is
 // called by RawResource::willSendRequest(). If called by
 // RawResource::didAddClient(), clearing |request| won't be propagated
 // to content::WebURLLoaderImpl. So, this loader must also get detached from
 // the resource by calling clearResource().
-void DocumentThreadableLoader::redirectReceived(Resource* resource, ResourceRequest& request, const ResourceResponse& redirectResponse)
+bool DocumentThreadableLoader::redirectReceived(Resource* resource, const ResourceRequest& request, const ResourceResponse& redirectResponse)
 {
     DCHECK(m_client);
     DCHECK_EQ(resource, this->resource());
     DCHECK(m_async);
 
     m_checker.redirectReceived();
 
     if (!m_actualRequest.isNull()) {
         reportResponseReceived(resource->identifier(), redirectResponse);
 
         handlePreflightFailure(redirectResponse.url().getString(), "Response for preflight is invalid (redirect)");
 
-        request = ResourceRequest();
-
-        return;
+        return false;
     }
 
     if (m_redirectMode == WebURLRequest::FetchRedirectModeManual) {
         // We use |m_redirectMode| to check the original redirect mode.
         // |request| is a new request for redirect. So we don't set the redirect
         // mode of it in WebURLLoaderImpl::Context::OnReceivedRedirect().
         DCHECK(request.useStreamOnResponse());
         // There is no need to read the body of redirect response because there
         // is no way to read the body of opaque-redirect filtered response's
         // internal response.
         // TODO(horo): If we support any API which expose the internal body, we
         // will have to read the body. And also HTTPCache changes will be needed
         // because it doesn't store the body of redirect responses.
         responseReceived(resource, redirectResponse, wrapUnique(new EmptyDataHandle()));
 
         if (m_client) {
             DCHECK(m_actualRequest.isNull());
             notifyFinished(resource);
         }
 
-        request = ResourceRequest();
-
-        return;
+        return false;
     }
 
     if (m_redirectMode == WebURLRequest::FetchRedirectModeError) {
         ThreadableLoaderClient* client = m_client;
         clear();
         client->didFailRedirectCheck();
 
-        request = ResourceRequest();
-
-        return;
+        return false;
     }
 
     // Allow same origin requests to continue after allowing clients to audit the redirect.
     if (isAllowedRedirect(request.url())) {
         if (m_client->isDocumentThreadableLoaderClient())
-            static_cast<DocumentThreadableLoaderClient*>(m_client)->willFollowRedirect(request, redirectResponse);
-        return;
+            return static_cast<DocumentThreadableLoaderClient*>(m_client)->willFollowRedirect(request, redirectResponse);
+        return true;
     }
 
     if (m_corsRedirectLimit <= 0) {
         ThreadableLoaderClient* client = m_client;
         clear();
         client->didFailRedirectCheck();
-        request = ResourceRequest();
-        return;
+        return false;
     }
 
     --m_corsRedirectLimit;
 
     InspectorInstrumentation::didReceiveCORSRedirectResponse(document().frame(), resource->identifier(), document().frame()->loader().documentLoader(), redirectResponse, resource);
 
     bool allowRedirect = false;
     String accessControlErrorDescription;
 
     if (m_crossOriginNonSimpleRequest) {
         // Non-simple cross origin requests (both preflight and actual one) are
         // not allowed to follow redirect.
         accessControlErrorDescription = "Redirect from '" + redirectResponse.url().getString()+ "' to '" + request.url().getString() + "' has been blocked by CORS policy: Request requires preflight, which is disallowed to follow cross-origin redirect.";
     } else if (!CrossOriginAccessControl::isLegalRedirectLocation(request.url(), accessControlErrorDescription)) {
         accessControlErrorDescription = "Redirect from '" + redirectResponse.url().getString() + "' has been blocked by CORS policy: " + accessControlErrorDescription;
     } else if (!m_sameOriginRequest && !passesAccessControlCheck(redirectResponse, effectiveAllowCredentials(), getSecurityOrigin(), accessControlErrorDescription, m_requestContext)) {
         // The redirect response must pass the access control check if the
         // original request was not same-origin.
         accessControlErrorDescription = "Redirect from '" + redirectResponse.url().getString()+ "' to '" + request.url().getString() + "' has been blocked by CORS policy: " + accessControlErrorDescription;
     } else {
         allowRedirect = true;
     }
 
     if (!allowRedirect) {
         ThreadableLoaderClient* client = m_client;
         clear();
         client->didFailAccessControlCheck(ResourceError(errorDomainBlinkInternal, 0, redirectResponse.url().getString(), accessControlErrorDescription));
-        request = ResourceRequest();
-        return;
+        return false;
     }
 
     // FIXME: consider combining this with CORS redirect handling performed by
     // CrossOriginAccessControl::handleRedirect().
     clearResource();
 
     // If the original request wasn't same-origin, then if the request URL origin is not same origin with the original URL origin,
     // set the source origin to a globally unique identifier. (If the original request was same-origin, the origin of the new request
     // should be the original URL origin.)
     if (!m_sameOriginRequest) {
         RefPtr<SecurityOrigin> originalOrigin = SecurityOrigin::create(redirectResponse.url());
         RefPtr<SecurityOrigin> requestOrigin = SecurityOrigin::create(request.url());
         if (!originalOrigin->isSameSchemeHostPort(requestOrigin.get()))
             m_securityOrigin = SecurityOrigin::createUnique();
     }
     // Force any subsequent requests to use these checks.
     m_sameOriginRequest = false;
 
     // Since the request is no longer same-origin, if the user didn't request credentials in
     // the first place, update our state so we neither request them nor expect they must be allowed.
     if (m_resourceLoaderOptions.credentialsRequested == ClientDidNotRequestCredentials)
         m_forceDoNotAllowStoredCredentials = true;
 
     // Save the referrer to use when following the redirect.
     m_didRedirect = true;
     m_referrerAfterRedirect = Referrer(request.httpReferrer(), request.getReferrerPolicy());
 
+    ResourceRequest crossOriginRequest(request);
+
     // Remove any headers that may have been added by the network layer that cause access control to fail.
-    request.clearHTTPReferrer();
-    request.clearHTTPOrigin();
-    request.clearHTTPUserAgent();
+    crossOriginRequest.clearHTTPReferrer();
+    crossOriginRequest.clearHTTPOrigin();
+    crossOriginRequest.clearHTTPUserAgent();
     // Add any CORS simple request headers which we previously saved from the original request.
     for (const auto& header : m_simpleRequestHeaders)
-        request.setHTTPHeaderField(header.key, header.value);
-    makeCrossOriginAccessRequest(request);
+        crossOriginRequest.setHTTPHeaderField(header.key, header.value);
+    makeCrossOriginAccessRequest(crossOriginRequest);
     // |this| may be dead here.
+
+    return true;
 }
 
 void DocumentThreadableLoader::redirectBlocked()
 {
     m_checker.redirectBlocked();
 
     // Tells the client that a redirect was received but not followed (for an unknown reason).
     ThreadableLoaderClient* client = m_client;
     clear();
     client->didFailRedirectCheck();
@@ skipping 415 matching lines @@
 
 DEFINE_TRACE(DocumentThreadableLoader)
 {
     visitor->trace(m_resource);
     visitor->trace(m_document);
     ThreadableLoader::trace(visitor);
     RawResourceClient::trace(visitor);
 }
 
 } // namespace blink