OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. |
3 * Copyright (C) 2013, Intel Corporation | 3 * Copyright (C) 2013, Intel Corporation |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions are | 6 * modification, are permitted provided that the following conditions are |
7 * met: | 7 * met: |
8 * | 8 * |
9 * * Redistributions of source code must retain the above copyright | 9 * * Redistributions of source code must retain the above copyright |
10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
(...skipping 231 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
242 m_fallbackRequestForServiceWorker = ResourceRequest(request); | 242 m_fallbackRequestForServiceWorker = ResourceRequest(request); |
243 // m_fallbackRequestForServiceWorker is used when a regular controll
ing | 243 // m_fallbackRequestForServiceWorker is used when a regular controll
ing |
244 // service worker doesn't handle a cross origin request. When this h
appens | 244 // service worker doesn't handle a cross origin request. When this h
appens |
245 // we still want to give foreign fetch a chance to handle the reques
t, so | 245 // we still want to give foreign fetch a chance to handle the reques
t, so |
246 // only skip the controlling service worker for the fallback request
. | 246 // only skip the controlling service worker for the fallback request
. |
247 // This is currently safe because of http://crbug.com/604084 the | 247 // This is currently safe because of http://crbug.com/604084 the |
248 // wasFallbackRequiredByServiceWorker flag is never set when foreign
fetch | 248 // wasFallbackRequiredByServiceWorker flag is never set when foreign
fetch |
249 // handled a request. | 249 // handled a request. |
250 m_fallbackRequestForServiceWorker.setSkipServiceWorker(WebURLRequest
::SkipServiceWorker::Controlling); | 250 m_fallbackRequestForServiceWorker.setSkipServiceWorker(WebURLRequest
::SkipServiceWorker::Controlling); |
251 } | 251 } |
| 252 |
| 253 if (m_options.sameOriginHeaderPolicy == IncludeSameOriginHeader) |
| 254 newRequest.setHTTPOrigin(getSecurityOrigin()); |
| 255 |
252 loadRequest(newRequest, m_resourceLoaderOptions); | 256 loadRequest(newRequest, m_resourceLoaderOptions); |
253 return; | 257 return; |
254 } | 258 } |
255 | 259 |
256 dispatchInitialRequest(newRequest); | 260 dispatchInitialRequest(newRequest); |
257 } | 261 } |
258 | 262 |
259 void DocumentThreadableLoader::dispatchInitialRequest(const ResourceRequest& req
uest) | 263 void DocumentThreadableLoader::dispatchInitialRequest(ResourceRequest& request) |
260 { | 264 { |
261 if (!request.isExternalRequest() && (m_sameOriginRequest || m_options.crossO
riginRequestPolicy == AllowCrossOriginRequests)) { | 265 if (!request.isExternalRequest() && (m_sameOriginRequest || m_options.crossO
riginRequestPolicy == AllowCrossOriginRequests)) { |
| 266 if (m_options.sameOriginHeaderPolicy == IncludeSameOriginHeader) |
| 267 request.setHTTPOrigin(getSecurityOrigin()); |
| 268 |
262 loadRequest(request, m_resourceLoaderOptions); | 269 loadRequest(request, m_resourceLoaderOptions); |
263 return; | 270 return; |
264 } | 271 } |
265 | 272 |
266 ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl || request.isE
xternalRequest()); | 273 ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl || request.isE
xternalRequest()); |
267 | 274 |
268 makeCrossOriginAccessRequest(request); | 275 makeCrossOriginAccessRequest(request); |
269 } | 276 } |
270 | 277 |
271 void DocumentThreadableLoader::makeCrossOriginAccessRequest(const ResourceReques
t& request) | 278 void DocumentThreadableLoader::makeCrossOriginAccessRequest(const ResourceReques
t& request) |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
306 // We update the credentials mode according to effectiveAllowCredentials
() here for backward compatibility. But this is not correct. | 313 // We update the credentials mode according to effectiveAllowCredentials
() here for backward compatibility. But this is not correct. |
307 // FIXME: We should set it in the caller of DocumentThreadableLoader. | 314 // FIXME: We should set it in the caller of DocumentThreadableLoader. |
308 crossOriginRequest.setFetchCredentialsMode(effectiveAllowCredentials() =
= AllowStoredCredentials ? WebURLRequest::FetchCredentialsModeInclude : WebURLRe
quest::FetchCredentialsModeOmit); | 315 crossOriginRequest.setFetchCredentialsMode(effectiveAllowCredentials() =
= AllowStoredCredentials ? WebURLRequest::FetchCredentialsModeInclude : WebURLRe
quest::FetchCredentialsModeOmit); |
309 if (m_didRedirect) { | 316 if (m_didRedirect) { |
310 crossOriginRequest.setHTTPReferrer(SecurityPolicy::generateReferrer(
m_referrerAfterRedirect.referrerPolicy, crossOriginRequest.url(), m_referrerAfte
rRedirect.referrer)); | 317 crossOriginRequest.setHTTPReferrer(SecurityPolicy::generateReferrer(
m_referrerAfterRedirect.referrerPolicy, crossOriginRequest.url(), m_referrerAfte
rRedirect.referrer)); |
311 } | 318 } |
312 loadRequest(crossOriginRequest, crossOriginOptions); | 319 loadRequest(crossOriginRequest, crossOriginOptions); |
313 } else { | 320 } else { |
314 m_crossOriginNonSimpleRequest = true; | 321 m_crossOriginNonSimpleRequest = true; |
315 // Do not set the Origin header for preflight requests. | 322 // Do not set the Origin header for preflight requests. |
316 updateRequestForAccessControl(crossOriginRequest, 0, effectiveAllowCrede
ntials()); | 323 updateRequestForAccessControl(crossOriginRequest, nullptr, effectiveAllo
wCredentials()); |
317 // We update the credentials mode according to effectiveAllowCredentials
() here for backward compatibility. But this is not correct. | 324 // We update the credentials mode according to effectiveAllowCredentials
() here for backward compatibility. But this is not correct. |
318 // FIXME: We should set it in the caller of DocumentThreadableLoader. | 325 // FIXME: We should set it in the caller of DocumentThreadableLoader. |
319 crossOriginRequest.setFetchCredentialsMode(effectiveAllowCredentials() =
= AllowStoredCredentials ? WebURLRequest::FetchCredentialsModeInclude : WebURLRe
quest::FetchCredentialsModeOmit); | 326 crossOriginRequest.setFetchCredentialsMode(effectiveAllowCredentials() =
= AllowStoredCredentials ? WebURLRequest::FetchCredentialsModeInclude : WebURLRe
quest::FetchCredentialsModeOmit); |
320 m_actualRequest = crossOriginRequest; | 327 m_actualRequest = crossOriginRequest; |
321 m_actualOptions = crossOriginOptions; | 328 m_actualOptions = crossOriginOptions; |
322 | 329 |
323 if (m_didRedirect) { | 330 if (m_didRedirect) { |
324 m_actualRequest.setHTTPReferrer(SecurityPolicy::generateReferrer(m_r
eferrerAfterRedirect.referrerPolicy, m_actualRequest.url(), m_referrerAfterRedir
ect.referrer)); | 331 m_actualRequest.setHTTPReferrer(SecurityPolicy::generateReferrer(m_r
eferrerAfterRedirect.referrerPolicy, m_actualRequest.url(), m_referrerAfterRedir
ect.referrer)); |
325 } | 332 } |
326 | 333 |
(...skipping 660 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
987 | 994 |
988 DEFINE_TRACE(DocumentThreadableLoader) | 995 DEFINE_TRACE(DocumentThreadableLoader) |
989 { | 996 { |
990 visitor->trace(m_resource); | 997 visitor->trace(m_resource); |
991 visitor->trace(m_document); | 998 visitor->trace(m_document); |
992 ThreadableLoader::trace(visitor); | 999 ThreadableLoader::trace(visitor); |
993 RawResourceClient::trace(visitor); | 1000 RawResourceClient::trace(visitor); |
994 } | 1001 } |
995 | 1002 |
996 } // namespace blink | 1003 } // namespace blink |
OLD | NEW |