OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. |
3 * Copyright (C) 2013, Intel Corporation | 3 * Copyright (C) 2013, Intel Corporation |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions are | 6 * modification, are permitted provided that the following conditions are |
7 * met: | 7 * met: |
8 * | 8 * |
9 * * Redistributions of source code must retain the above copyright | 9 * * Redistributions of source code must retain the above copyright |
10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
(...skipping 475 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
486 m_requestStartedSeconds = 0.0; | 486 m_requestStartedSeconds = 0.0; |
487 clearResource(); | 487 clearResource(); |
488 } | 488 } |
489 | 489 |
490 // In this method, we can clear |request| to tell content::WebURLLoaderImpl of | 490 // In this method, we can clear |request| to tell content::WebURLLoaderImpl of |
491 // Chromium not to follow the redirect. This works only when this method is | 491 // Chromium not to follow the redirect. This works only when this method is |
492 // called by RawResource::willSendRequest(). If called by | 492 // called by RawResource::willSendRequest(). If called by |
493 // RawResource::didAddClient(), clearing |request| won't be propagated to | 493 // RawResource::didAddClient(), clearing |request| won't be propagated to |
494 // content::WebURLLoaderImpl. So, this loader must also get detached from the | 494 // content::WebURLLoaderImpl. So, this loader must also get detached from the |
495 // resource by calling clearResource(). | 495 // resource by calling clearResource(). |
496 void DocumentThreadableLoader::redirectReceived( | 496 bool DocumentThreadableLoader::redirectReceived( |
497 Resource* resource, | 497 Resource* resource, |
498 ResourceRequest& request, | 498 const ResourceRequest& request, |
499 const ResourceResponse& redirectResponse) { | 499 const ResourceResponse& redirectResponse) { |
500 DCHECK(m_client); | 500 DCHECK(m_client); |
501 DCHECK_EQ(resource, this->resource()); | 501 DCHECK_EQ(resource, this->resource()); |
502 DCHECK(m_async); | 502 DCHECK(m_async); |
503 | 503 |
504 m_checker.redirectReceived(); | 504 m_checker.redirectReceived(); |
505 | 505 |
506 if (!m_actualRequest.isNull()) { | 506 if (!m_actualRequest.isNull()) { |
507 reportResponseReceived(resource->identifier(), redirectResponse); | 507 reportResponseReceived(resource->identifier(), redirectResponse); |
508 | 508 |
509 handlePreflightFailure(redirectResponse.url().getString(), | 509 handlePreflightFailure(redirectResponse.url().getString(), |
510 "Response for preflight is invalid (redirect)"); | 510 "Response for preflight is invalid (redirect)"); |
511 | 511 |
512 request = ResourceRequest(); | 512 return false; |
513 | |
514 return; | |
515 } | 513 } |
516 | 514 |
517 if (m_redirectMode == WebURLRequest::FetchRedirectModeManual) { | 515 if (m_redirectMode == WebURLRequest::FetchRedirectModeManual) { |
518 // We use |m_redirectMode| to check the original redirect mode. |request| is | 516 // We use |m_redirectMode| to check the original redirect mode. |request| is |
519 // a new request for redirect. So we don't set the redirect mode of it in | 517 // a new request for redirect. So we don't set the redirect mode of it in |
520 // WebURLLoaderImpl::Context::OnReceivedRedirect(). | 518 // WebURLLoaderImpl::Context::OnReceivedRedirect(). |
521 DCHECK(request.useStreamOnResponse()); | 519 DCHECK(request.useStreamOnResponse()); |
522 // There is no need to read the body of redirect response because there is | 520 // There is no need to read the body of redirect response because there is |
523 // no way to read the body of opaque-redirect filtered response's internal | 521 // no way to read the body of opaque-redirect filtered response's internal |
524 // response. | 522 // response. |
525 // TODO(horo): If we support any API which expose the internal body, we will | 523 // TODO(horo): If we support any API which expose the internal body, we will |
526 // have to read the body. And also HTTPCache changes will be needed because | 524 // have to read the body. And also HTTPCache changes will be needed because |
527 // it doesn't store the body of redirect responses. | 525 // it doesn't store the body of redirect responses. |
528 responseReceived(resource, redirectResponse, | 526 responseReceived(resource, redirectResponse, |
529 wrapUnique(new EmptyDataHandle())); | 527 wrapUnique(new EmptyDataHandle())); |
530 | 528 |
531 if (m_client) { | 529 if (m_client) { |
532 DCHECK(m_actualRequest.isNull()); | 530 DCHECK(m_actualRequest.isNull()); |
533 notifyFinished(resource); | 531 notifyFinished(resource); |
534 } | 532 } |
535 | 533 |
536 request = ResourceRequest(); | 534 return false; |
537 | |
538 return; | |
539 } | 535 } |
540 | 536 |
541 if (m_redirectMode == WebURLRequest::FetchRedirectModeError) { | 537 if (m_redirectMode == WebURLRequest::FetchRedirectModeError) { |
542 ThreadableLoaderClient* client = m_client; | 538 ThreadableLoaderClient* client = m_client; |
543 clear(); | 539 clear(); |
544 client->didFailRedirectCheck(); | 540 client->didFailRedirectCheck(); |
545 | 541 |
546 request = ResourceRequest(); | 542 return false; |
547 | |
548 return; | |
549 } | 543 } |
550 | 544 |
551 // Allow same origin requests to continue after allowing clients to audit the | 545 // Allow same origin requests to continue after allowing clients to audit the |
552 // redirect. | 546 // redirect. |
553 if (isAllowedRedirect(request.url())) { | 547 if (isAllowedRedirect(request.url())) { |
554 if (m_client->isDocumentThreadableLoaderClient()) | 548 if (m_client->isDocumentThreadableLoaderClient()) |
555 static_cast<DocumentThreadableLoaderClient*>(m_client) | 549 return static_cast<DocumentThreadableLoaderClient*>(m_client) |
556 ->willFollowRedirect(request, redirectResponse); | 550 ->willFollowRedirect(request, redirectResponse); |
557 return; | 551 return true; |
558 } | 552 } |
559 | 553 |
560 if (m_corsRedirectLimit <= 0) { | 554 if (m_corsRedirectLimit <= 0) { |
561 ThreadableLoaderClient* client = m_client; | 555 ThreadableLoaderClient* client = m_client; |
562 clear(); | 556 clear(); |
563 client->didFailRedirectCheck(); | 557 client->didFailRedirectCheck(); |
564 request = ResourceRequest(); | 558 return false; |
565 return; | |
566 } | 559 } |
567 | 560 |
568 --m_corsRedirectLimit; | 561 --m_corsRedirectLimit; |
569 | 562 |
570 InspectorInstrumentation::didReceiveCORSRedirectResponse( | 563 InspectorInstrumentation::didReceiveCORSRedirectResponse( |
571 document().frame(), resource->identifier(), | 564 document().frame(), resource->identifier(), |
572 document().frame()->loader().documentLoader(), redirectResponse, | 565 document().frame()->loader().documentLoader(), redirectResponse, |
573 resource); | 566 resource); |
574 | 567 |
575 bool allowRedirect = false; | 568 bool allowRedirect = false; |
(...skipping 26 matching lines...) Expand all Loading... |
602 } else { | 595 } else { |
603 allowRedirect = true; | 596 allowRedirect = true; |
604 } | 597 } |
605 | 598 |
606 if (!allowRedirect) { | 599 if (!allowRedirect) { |
607 ThreadableLoaderClient* client = m_client; | 600 ThreadableLoaderClient* client = m_client; |
608 clear(); | 601 clear(); |
609 client->didFailAccessControlCheck(ResourceError( | 602 client->didFailAccessControlCheck(ResourceError( |
610 errorDomainBlinkInternal, 0, redirectResponse.url().getString(), | 603 errorDomainBlinkInternal, 0, redirectResponse.url().getString(), |
611 accessControlErrorDescription)); | 604 accessControlErrorDescription)); |
612 request = ResourceRequest(); | 605 return false; |
613 return; | |
614 } | 606 } |
615 | 607 |
616 // FIXME: consider combining this with CORS redirect handling performed by | 608 // FIXME: consider combining this with CORS redirect handling performed by |
617 // CrossOriginAccessControl::handleRedirect(). | 609 // CrossOriginAccessControl::handleRedirect(). |
618 clearResource(); | 610 clearResource(); |
619 | 611 |
620 // If the original request wasn't same-origin, then if the request URL origin | 612 // If the original request wasn't same-origin, then if the request URL origin |
621 // is not same origin with the original URL origin, set the source origin to a | 613 // is not same origin with the original URL origin, set the source origin to a |
622 // globally unique identifier. (If the original request was same-origin, the | 614 // globally unique identifier. (If the original request was same-origin, the |
623 // origin of the new request should be the original URL origin.) | 615 // origin of the new request should be the original URL origin.) |
(...skipping 13 matching lines...) Expand all Loading... |
637 // nor expect they must be allowed. | 629 // nor expect they must be allowed. |
638 if (m_resourceLoaderOptions.credentialsRequested == | 630 if (m_resourceLoaderOptions.credentialsRequested == |
639 ClientDidNotRequestCredentials) | 631 ClientDidNotRequestCredentials) |
640 m_forceDoNotAllowStoredCredentials = true; | 632 m_forceDoNotAllowStoredCredentials = true; |
641 | 633 |
642 // Save the referrer to use when following the redirect. | 634 // Save the referrer to use when following the redirect. |
643 m_didRedirect = true; | 635 m_didRedirect = true; |
644 m_referrerAfterRedirect = | 636 m_referrerAfterRedirect = |
645 Referrer(request.httpReferrer(), request.getReferrerPolicy()); | 637 Referrer(request.httpReferrer(), request.getReferrerPolicy()); |
646 | 638 |
| 639 ResourceRequest crossOriginRequest(request); |
| 640 |
647 // Remove any headers that may have been added by the network layer that cause | 641 // Remove any headers that may have been added by the network layer that cause |
648 // access control to fail. | 642 // access control to fail. |
649 request.clearHTTPReferrer(); | 643 crossOriginRequest.clearHTTPReferrer(); |
650 request.clearHTTPOrigin(); | 644 crossOriginRequest.clearHTTPOrigin(); |
651 request.clearHTTPUserAgent(); | 645 crossOriginRequest.clearHTTPUserAgent(); |
652 // Add any CORS simple request headers which we previously saved from the | 646 // Add any CORS simple request headers which we previously saved from the |
653 // original request. | 647 // original request. |
654 for (const auto& header : m_simpleRequestHeaders) | 648 for (const auto& header : m_simpleRequestHeaders) |
655 request.setHTTPHeaderField(header.key, header.value); | 649 crossOriginRequest.setHTTPHeaderField(header.key, header.value); |
656 makeCrossOriginAccessRequest(request); | 650 makeCrossOriginAccessRequest(crossOriginRequest); |
657 // |this| may be dead here. | 651 // |this| may be dead here. |
| 652 |
| 653 return false; |
658 } | 654 } |
659 | 655 |
660 void DocumentThreadableLoader::redirectBlocked() { | 656 void DocumentThreadableLoader::redirectBlocked() { |
661 m_checker.redirectBlocked(); | 657 m_checker.redirectBlocked(); |
662 | 658 |
663 // Tells the client that a redirect was received but not followed (for an | 659 // Tells the client that a redirect was received but not followed (for an |
664 // unknown reason). | 660 // unknown reason). |
665 ThreadableLoaderClient* client = m_client; | 661 ThreadableLoaderClient* client = m_client; |
666 clear(); | 662 clear(); |
667 client->didFailRedirectCheck(); | 663 client->didFailRedirectCheck(); |
(...skipping 462 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1130 } | 1126 } |
1131 | 1127 |
1132 DEFINE_TRACE(DocumentThreadableLoader) { | 1128 DEFINE_TRACE(DocumentThreadableLoader) { |
1133 visitor->trace(m_resource); | 1129 visitor->trace(m_resource); |
1134 visitor->trace(m_document); | 1130 visitor->trace(m_document); |
1135 ThreadableLoader::trace(visitor); | 1131 ThreadableLoader::trace(visitor); |
1136 RawResourceClient::trace(visitor); | 1132 RawResourceClient::trace(visitor); |
1137 } | 1133 } |
1138 | 1134 |
1139 } // namespace blink | 1135 } // namespace blink |
OLD | NEW |