CORS: Update the redirection status in Inspector Network tab for CORS requests.

Source/core/loader/DocumentThreadableLoader.cpp

 /*
  * Copyright (C) 2011, 2012 Google Inc. All rights reserved.
  * Copyright (C) 2013, Intel Corporation
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
@@ skipping 188 matching lines @@
     if (isAllowedRedirect(request.url())) {
         if (m_client->isDocumentThreadableLoaderClient())
             static_cast<DocumentThreadableLoaderClient*>(m_client)->willSendRequest(request, redirectResponse);
         return;
     }
 
     // When using access control, only simple cross origin requests are allowed to redirect. The new request URL must have a supported
     // scheme and not contain the userinfo production. In addition, the redirect response must pass the access control check if the
     // original request was not same-origin.
     if (m_options.crossOriginRequestPolicy == UseAccessControl) {
+
+        InspectorInstrumentation::didReceiveCORSRedirectResponse(m_document->frame(), resource->identifier(), m_document->frame()->loader()->documentLoader(), redirectResponse, 0, resource->loadFinishTime());

[eustas, 2013/08/28 09:43:25]

I'm not sure that it is legal to use resource->loadFinishTime() here.

As I understand, execution path is 
WebURLLoaderImpl::Context::OnReceivedRedirect -> ResourceLoader::willSendRequest
-> RawResource::willSendRequest -> DocumentThreadableLoader::redirectReceived

And Resource::finish is not called along this path.

As a consequence, we should explicitly pass either 0.0, or current monotonic
time.

[ancilgeorge, 2013/08/28 14:05:11]

I agree that finish time will not be updated in the current path. However
m_loadFinishTime is initialized to 0. I am fine with change you have
recommended. Or will it better to remove the monotonicFinishTime parameter and
use 0.0 in InspectorResourceAgent::didReceiveCORSRedirectResponse while calling
InspectorResourceAgent::didFinishLoading?

+
         bool allowRedirect = false;
+        String accessControlErrorDescription;
         if (m_simpleRequest) {
-            String accessControlErrorDescription;
             allowRedirect = SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(request.url().protocol())
                             && request.url().user().isEmpty()
                             && request.url().pass().isEmpty()
                             && (m_sameOriginRequest || passesAccessControlCheck(redirectResponse, m_options.allowCredentials, securityOrigin(), accessControlErrorDescription));
+        } else {
+            accessControlErrorDescription = "Cross Origin Requests with preflight cannot be redirected";
         }
 
         if (allowRedirect) {
             if (m_resource)
                 clearResource();
 
             RefPtr<SecurityOrigin> originalOrigin = SecurityOrigin::create(redirectResponse.url());
             RefPtr<SecurityOrigin> requestOrigin = SecurityOrigin::create(request.url());
             // If the original request wasn't same-origin, then if the request URL origin is not same origin with the original URL origin,
             // set the source origin to a globally unique identifier. (If the original request was same-origin, the origin of the new request
@@ skipping 10 matching lines @@
 
             // Remove any headers that may have been added by the network layer that cause access control to fail.
             request.clearHTTPContentType();
             request.clearHTTPReferrer();
             request.clearHTTPOrigin();
             request.clearHTTPUserAgent();
             request.clearHTTPAccept();
             makeCrossOriginAccessRequest(request);
             return;
         }
+
+        ResourceError error(errorDomainWebKitInternal, 0, redirectResponse.url().string(), accessControlErrorDescription);
+        m_client->didFailAccessControlCheck(error);
+    } else {
+        m_client->didFailRedirectCheck();
     }
-
-    m_client->didFailRedirectCheck();
     request = ResourceRequest();
 }
 
 void DocumentThreadableLoader::dataSent(Resource* resource, unsigned long long bytesSent, unsigned long long totalBytesToBeSent)
 {
     ASSERT(m_client);
     ASSERT_UNUSED(resource, resource == m_resource);
     m_client->didSendData(bytesSent, totalBytesToBeSent);
 }
 
@@ skipping 227 matching lines @@
         return true;
     return m_document->contentSecurityPolicy()->allowConnectToSource(url);
 }
 
 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const
 {
     return m_options.securityOrigin ? m_options.securityOrigin.get() : m_document->securityOrigin();
 }
 
 } // namespace WebCore