OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. |
3 * Copyright (C) 2013, Intel Corporation | 3 * Copyright (C) 2013, Intel Corporation |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions are | 6 * modification, are permitted provided that the following conditions are |
7 * met: | 7 * met: |
8 * | 8 * |
9 * * Redistributions of source code must retain the above copyright | 9 * * Redistributions of source code must retain the above copyright |
10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
(...skipping 188 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
199 if (isAllowedRedirect(request.url())) { | 199 if (isAllowedRedirect(request.url())) { |
200 if (m_client->isDocumentThreadableLoaderClient()) | 200 if (m_client->isDocumentThreadableLoaderClient()) |
201 static_cast<DocumentThreadableLoaderClient*>(m_client)->willSendRequ est(request, redirectResponse); | 201 static_cast<DocumentThreadableLoaderClient*>(m_client)->willSendRequ est(request, redirectResponse); |
202 return; | 202 return; |
203 } | 203 } |
204 | 204 |
205 // When using access control, only simple cross origin requests are allowed to redirect. The new request URL must have a supported | 205 // When using access control, only simple cross origin requests are allowed to redirect. The new request URL must have a supported |
206 // scheme and not contain the userinfo production. In addition, the redirect response must pass the access control check if the | 206 // scheme and not contain the userinfo production. In addition, the redirect response must pass the access control check if the |
207 // original request was not same-origin. | 207 // original request was not same-origin. |
208 if (m_options.crossOriginRequestPolicy == UseAccessControl) { | 208 if (m_options.crossOriginRequestPolicy == UseAccessControl) { |
209 | |
210 DocumentLoader* loader = m_document->frame()->loader()->documentLoader() ; | |
211 InspectorInstrumentationCookie cookie = InspectorInstrumentation::willRe ceiveResourceResponse(m_document->frame(), resource->identifier(), redirectRespo nse); | |
pfeldman
2013/08/27 14:21:33
You should not need 2 instrumenting signals here,
ancilgeorge
2013/08/28 08:14:36
Done.
| |
212 InspectorInstrumentation::didReceiveCORSRedirectResponse(cookie, resourc e->identifier(), loader, redirectResponse, 0, resource->loadFinishTime()); | |
213 | |
209 bool allowRedirect = false; | 214 bool allowRedirect = false; |
215 String accessControlErrorDescription; | |
210 if (m_simpleRequest) { | 216 if (m_simpleRequest) { |
211 String accessControlErrorDescription; | |
212 allowRedirect = SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(re quest.url().protocol()) | 217 allowRedirect = SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(re quest.url().protocol()) |
213 && request.url().user().isEmpty() | 218 && request.url().user().isEmpty() |
214 && request.url().pass().isEmpty() | 219 && request.url().pass().isEmpty() |
215 && (m_sameOriginRequest || passesAccessControlCheck( redirectResponse, m_options.allowCredentials, securityOrigin(), accessControlErr orDescription)); | 220 && (m_sameOriginRequest || passesAccessControlCheck( redirectResponse, m_options.allowCredentials, securityOrigin(), accessControlErr orDescription)); |
221 } else { | |
222 accessControlErrorDescription = "Cross Origin Requests with prefligh t cannot be redirected"; | |
216 } | 223 } |
217 | 224 |
218 if (allowRedirect) { | 225 if (allowRedirect) { |
219 if (m_resource) | 226 if (m_resource) |
220 clearResource(); | 227 clearResource(); |
221 | 228 |
222 RefPtr<SecurityOrigin> originalOrigin = SecurityOrigin::create(redir ectResponse.url()); | 229 RefPtr<SecurityOrigin> originalOrigin = SecurityOrigin::create(redir ectResponse.url()); |
223 RefPtr<SecurityOrigin> requestOrigin = SecurityOrigin::create(reques t.url()); | 230 RefPtr<SecurityOrigin> requestOrigin = SecurityOrigin::create(reques t.url()); |
224 // If the original request wasn't same-origin, then if the request U RL origin is not same origin with the original URL origin, | 231 // If the original request wasn't same-origin, then if the request U RL origin is not same origin with the original URL origin, |
225 // set the source origin to a globally unique identifier. (If the or iginal request was same-origin, the origin of the new request | 232 // set the source origin to a globally unique identifier. (If the or iginal request was same-origin, the origin of the new request |
(...skipping 10 matching lines...) Expand all Loading... | |
236 | 243 |
237 // Remove any headers that may have been added by the network layer that cause access control to fail. | 244 // Remove any headers that may have been added by the network layer that cause access control to fail. |
238 request.clearHTTPContentType(); | 245 request.clearHTTPContentType(); |
239 request.clearHTTPReferrer(); | 246 request.clearHTTPReferrer(); |
240 request.clearHTTPOrigin(); | 247 request.clearHTTPOrigin(); |
241 request.clearHTTPUserAgent(); | 248 request.clearHTTPUserAgent(); |
242 request.clearHTTPAccept(); | 249 request.clearHTTPAccept(); |
243 makeCrossOriginAccessRequest(request); | 250 makeCrossOriginAccessRequest(request); |
244 return; | 251 return; |
245 } | 252 } |
253 | |
254 ResourceError error(errorDomainWebKitInternal, 0, redirectResponse.url() .string(), accessControlErrorDescription); | |
255 m_client->didFailAccessControlCheck(error); | |
256 } else { | |
257 m_client->didFailRedirectCheck(); | |
246 } | 258 } |
247 | |
248 m_client->didFailRedirectCheck(); | |
249 request = ResourceRequest(); | 259 request = ResourceRequest(); |
250 } | 260 } |
251 | 261 |
252 void DocumentThreadableLoader::dataSent(Resource* resource, unsigned long long b ytesSent, unsigned long long totalBytesToBeSent) | 262 void DocumentThreadableLoader::dataSent(Resource* resource, unsigned long long b ytesSent, unsigned long long totalBytesToBeSent) |
253 { | 263 { |
254 ASSERT(m_client); | 264 ASSERT(m_client); |
255 ASSERT_UNUSED(resource, resource == m_resource); | 265 ASSERT_UNUSED(resource, resource == m_resource); |
256 m_client->didSendData(bytesSent, totalBytesToBeSent); | 266 m_client->didSendData(bytesSent, totalBytesToBeSent); |
257 } | 267 } |
258 | 268 |
(...skipping 227 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
486 return true; | 496 return true; |
487 return m_document->contentSecurityPolicy()->allowConnectToSource(url); | 497 return m_document->contentSecurityPolicy()->allowConnectToSource(url); |
488 } | 498 } |
489 | 499 |
490 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const | 500 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const |
491 { | 501 { |
492 return m_options.securityOrigin ? m_options.securityOrigin.get() : m_documen t->securityOrigin(); | 502 return m_options.securityOrigin ? m_options.securityOrigin.get() : m_documen t->securityOrigin(); |
493 } | 503 } |
494 | 504 |
495 } // namespace WebCore | 505 } // namespace WebCore |
OLD | NEW |