OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. |
3 * Copyright (C) 2013, Intel Corporation | 3 * Copyright (C) 2013, Intel Corporation |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions are | 6 * modification, are permitted provided that the following conditions are |
7 * met: | 7 * met: |
8 * | 8 * |
9 * * Redistributions of source code must retain the above copyright | 9 * * Redistributions of source code must retain the above copyright |
10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
(...skipping 188 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
199 if (isAllowedRedirect(request.url())) { | 199 if (isAllowedRedirect(request.url())) { |
200 if (m_client->isDocumentThreadableLoaderClient()) | 200 if (m_client->isDocumentThreadableLoaderClient()) |
201 static_cast<DocumentThreadableLoaderClient*>(m_client)->willSendRequ est(request, redirectResponse); | 201 static_cast<DocumentThreadableLoaderClient*>(m_client)->willSendRequ est(request, redirectResponse); |
202 return; | 202 return; |
203 } | 203 } |
204 | 204 |
205 // When using access control, only simple cross origin requests are allowed to redirect. The new request URL must have a supported | 205 // When using access control, only simple cross origin requests are allowed to redirect. The new request URL must have a supported |
206 // scheme and not contain the userinfo production. In addition, the redirect response must pass the access control check if the | 206 // scheme and not contain the userinfo production. In addition, the redirect response must pass the access control check if the |
207 // original request was not same-origin. | 207 // original request was not same-origin. |
208 if (m_options.crossOriginRequestPolicy == UseAccessControl) { | 208 if (m_options.crossOriginRequestPolicy == UseAccessControl) { |
209 | |
210 InspectorInstrumentation::didReceiveCORSRedirectResponse(m_document->fra me(), resource->identifier(), m_document->frame()->loader()->documentLoader(), r edirectResponse, 0, resource->loadFinishTime()); | |
eustas
2013/08/28 09:43:25
I'm not sure that it is legal to use resource->loa
ancilgeorge
2013/08/28 14:05:11
I agree that finish time will not be updated in th
| |
211 | |
209 bool allowRedirect = false; | 212 bool allowRedirect = false; |
213 String accessControlErrorDescription; | |
210 if (m_simpleRequest) { | 214 if (m_simpleRequest) { |
211 String accessControlErrorDescription; | |
212 allowRedirect = SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(re quest.url().protocol()) | 215 allowRedirect = SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(re quest.url().protocol()) |
213 && request.url().user().isEmpty() | 216 && request.url().user().isEmpty() |
214 && request.url().pass().isEmpty() | 217 && request.url().pass().isEmpty() |
215 && (m_sameOriginRequest || passesAccessControlCheck( redirectResponse, m_options.allowCredentials, securityOrigin(), accessControlErr orDescription)); | 218 && (m_sameOriginRequest || passesAccessControlCheck( redirectResponse, m_options.allowCredentials, securityOrigin(), accessControlErr orDescription)); |
219 } else { | |
220 accessControlErrorDescription = "Cross Origin Requests with prefligh t cannot be redirected"; | |
216 } | 221 } |
217 | 222 |
218 if (allowRedirect) { | 223 if (allowRedirect) { |
219 if (m_resource) | 224 if (m_resource) |
220 clearResource(); | 225 clearResource(); |
221 | 226 |
222 RefPtr<SecurityOrigin> originalOrigin = SecurityOrigin::create(redir ectResponse.url()); | 227 RefPtr<SecurityOrigin> originalOrigin = SecurityOrigin::create(redir ectResponse.url()); |
223 RefPtr<SecurityOrigin> requestOrigin = SecurityOrigin::create(reques t.url()); | 228 RefPtr<SecurityOrigin> requestOrigin = SecurityOrigin::create(reques t.url()); |
224 // If the original request wasn't same-origin, then if the request U RL origin is not same origin with the original URL origin, | 229 // If the original request wasn't same-origin, then if the request U RL origin is not same origin with the original URL origin, |
225 // set the source origin to a globally unique identifier. (If the or iginal request was same-origin, the origin of the new request | 230 // set the source origin to a globally unique identifier. (If the or iginal request was same-origin, the origin of the new request |
(...skipping 10 matching lines...) Expand all Loading... | |
236 | 241 |
237 // Remove any headers that may have been added by the network layer that cause access control to fail. | 242 // Remove any headers that may have been added by the network layer that cause access control to fail. |
238 request.clearHTTPContentType(); | 243 request.clearHTTPContentType(); |
239 request.clearHTTPReferrer(); | 244 request.clearHTTPReferrer(); |
240 request.clearHTTPOrigin(); | 245 request.clearHTTPOrigin(); |
241 request.clearHTTPUserAgent(); | 246 request.clearHTTPUserAgent(); |
242 request.clearHTTPAccept(); | 247 request.clearHTTPAccept(); |
243 makeCrossOriginAccessRequest(request); | 248 makeCrossOriginAccessRequest(request); |
244 return; | 249 return; |
245 } | 250 } |
251 | |
252 ResourceError error(errorDomainWebKitInternal, 0, redirectResponse.url() .string(), accessControlErrorDescription); | |
253 m_client->didFailAccessControlCheck(error); | |
254 } else { | |
255 m_client->didFailRedirectCheck(); | |
246 } | 256 } |
247 | |
248 m_client->didFailRedirectCheck(); | |
249 request = ResourceRequest(); | 257 request = ResourceRequest(); |
250 } | 258 } |
251 | 259 |
252 void DocumentThreadableLoader::dataSent(Resource* resource, unsigned long long b ytesSent, unsigned long long totalBytesToBeSent) | 260 void DocumentThreadableLoader::dataSent(Resource* resource, unsigned long long b ytesSent, unsigned long long totalBytesToBeSent) |
253 { | 261 { |
254 ASSERT(m_client); | 262 ASSERT(m_client); |
255 ASSERT_UNUSED(resource, resource == m_resource); | 263 ASSERT_UNUSED(resource, resource == m_resource); |
256 m_client->didSendData(bytesSent, totalBytesToBeSent); | 264 m_client->didSendData(bytesSent, totalBytesToBeSent); |
257 } | 265 } |
258 | 266 |
(...skipping 227 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
486 return true; | 494 return true; |
487 return m_document->contentSecurityPolicy()->allowConnectToSource(url); | 495 return m_document->contentSecurityPolicy()->allowConnectToSource(url); |
488 } | 496 } |
489 | 497 |
490 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const | 498 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const |
491 { | 499 { |
492 return m_options.securityOrigin ? m_options.securityOrigin.get() : m_documen t->securityOrigin(); | 500 return m_options.securityOrigin ? m_options.securityOrigin.get() : m_documen t->securityOrigin(); |
493 } | 501 } |
494 | 502 |
495 } // namespace WebCore | 503 } // namespace WebCore |
OLD | NEW |