OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2004, 2006, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2004, 2006, 2008 Apple Inc. All rights reserved. |
3 * Copyright (C) 2005-2007 Alexey Proskuryakov <ap@webkit.org> | 3 * Copyright (C) 2005-2007 Alexey Proskuryakov <ap@webkit.org> |
4 * Copyright (C) 2007, 2008 Julien Chaffraix <jchaffraix@webkit.org> | 4 * Copyright (C) 2007, 2008 Julien Chaffraix <jchaffraix@webkit.org> |
5 * Copyright (C) 2008, 2011 Google Inc. All rights reserved. | 5 * Copyright (C) 2008, 2011 Google Inc. All rights reserved. |
6 * Copyright (C) 2012 Intel Corporation | 6 * Copyright (C) 2012 Intel Corporation |
7 * | 7 * |
8 * This library is free software; you can redistribute it and/or | 8 * This library is free software; you can redistribute it and/or |
9 * modify it under the terms of the GNU Lesser General Public | 9 * modify it under the terms of the GNU Lesser General Public |
10 * License as published by the Free Software Foundation; either | 10 * License as published by the Free Software Foundation; either |
(...skipping 599 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
610 DCHECK(validateOpenArguments(method, url, exceptionState)); | 610 DCHECK(validateOpenArguments(method, url, exceptionState)); |
611 | 611 |
612 if (!internalAbort()) | 612 if (!internalAbort()) |
613 return; | 613 return; |
614 | 614 |
615 State previousState = m_state; | 615 State previousState = m_state; |
616 m_state = kUnsent; | 616 m_state = kUnsent; |
617 m_error = false; | 617 m_error = false; |
618 m_uploadComplete = false; | 618 m_uploadComplete = false; |
619 | 619 |
620 if (!ContentSecurityPolicy::shouldBypassMainWorld(getExecutionContext()) && | |
621 !getExecutionContext()->contentSecurityPolicy()->allowConnectToSource( | |
622 url)) { | |
623 // We can safely expose the URL to JavaScript, as these checks happen | |
624 // synchronously before redirection. JavaScript receives no new information. | |
625 exceptionState.throwSecurityError( | |
626 "Refused to connect to '" + url.elidedString() + | |
627 "' because it violates the document's Content Security Policy."); | |
628 return; | |
629 } | |
630 | |
631 if (!async && getExecutionContext()->isDocument()) { | 620 if (!async && getExecutionContext()->isDocument()) { |
632 if (document()->settings() && | 621 if (document()->settings() && |
633 !document()->settings()->getSyncXHRInDocumentsEnabled()) { | 622 !document()->settings()->getSyncXHRInDocumentsEnabled()) { |
634 exceptionState.throwDOMException( | 623 exceptionState.throwDOMException( |
635 InvalidAccessError, | 624 InvalidAccessError, |
636 "Synchronous requests are disabled for this page."); | 625 "Synchronous requests are disabled for this page."); |
637 return; | 626 return; |
638 } | 627 } |
639 | 628 |
640 // Newer functionality is not available to synchronous requests in window | 629 // Newer functionality is not available to synchronous requests in window |
(...skipping 1252 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1893 visitor->traceWrappers(m_responseDocument); | 1882 visitor->traceWrappers(m_responseDocument); |
1894 visitor->traceWrappers(m_responseArrayBuffer); | 1883 visitor->traceWrappers(m_responseArrayBuffer); |
1895 XMLHttpRequestEventTarget::traceWrappers(visitor); | 1884 XMLHttpRequestEventTarget::traceWrappers(visitor); |
1896 } | 1885 } |
1897 | 1886 |
1898 std::ostream& operator<<(std::ostream& ostream, const XMLHttpRequest* xhr) { | 1887 std::ostream& operator<<(std::ostream& ostream, const XMLHttpRequest* xhr) { |
1899 return ostream << "XMLHttpRequest " << static_cast<const void*>(xhr); | 1888 return ostream << "XMLHttpRequest " << static_cast<const void*>(xhr); |
1900 } | 1889 } |
1901 | 1890 |
1902 } // namespace blink | 1891 } // namespace blink |
OLD | NEW |