| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2004, 2006, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2004, 2006, 2008 Apple Inc. All rights reserved. |
| 3 * Copyright (C) 2005-2007 Alexey Proskuryakov <ap@webkit.org> | 3 * Copyright (C) 2005-2007 Alexey Proskuryakov <ap@webkit.org> |
| 4 * Copyright (C) 2007, 2008 Julien Chaffraix <jchaffraix@webkit.org> | 4 * Copyright (C) 2007, 2008 Julien Chaffraix <jchaffraix@webkit.org> |
| 5 * Copyright (C) 2008, 2011 Google Inc. All rights reserved. | 5 * Copyright (C) 2008, 2011 Google Inc. All rights reserved. |
| 6 * Copyright (C) 2012 Intel Corporation | 6 * Copyright (C) 2012 Intel Corporation |
| 7 * | 7 * |
| 8 * This library is free software; you can redistribute it and/or | 8 * This library is free software; you can redistribute it and/or |
| 9 * modify it under the terms of the GNU Lesser General Public | 9 * modify it under the terms of the GNU Lesser General Public |
| 10 * License as published by the Free Software Foundation; either | 10 * License as published by the Free Software Foundation; either |
| (...skipping 599 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 610 DCHECK(validateOpenArguments(method, url, exceptionState)); | 610 DCHECK(validateOpenArguments(method, url, exceptionState)); |
| 611 | 611 |
| 612 if (!internalAbort()) | 612 if (!internalAbort()) |
| 613 return; | 613 return; |
| 614 | 614 |
| 615 State previousState = m_state; | 615 State previousState = m_state; |
| 616 m_state = kUnsent; | 616 m_state = kUnsent; |
| 617 m_error = false; | 617 m_error = false; |
| 618 m_uploadComplete = false; | 618 m_uploadComplete = false; |
| 619 | 619 |
| 620 if (!ContentSecurityPolicy::shouldBypassMainWorld(getExecutionContext()) && | |
| 621 !getExecutionContext()->contentSecurityPolicy()->allowConnectToSource( | |
| 622 url)) { | |
| 623 // We can safely expose the URL to JavaScript, as these checks happen | |
| 624 // synchronously before redirection. JavaScript receives no new information. | |
| 625 exceptionState.throwSecurityError( | |
| 626 "Refused to connect to '" + url.elidedString() + | |
| 627 "' because it violates the document's Content Security Policy."); | |
| 628 return; | |
| 629 } | |
| 630 | |
| 631 if (!async && getExecutionContext()->isDocument()) { | 620 if (!async && getExecutionContext()->isDocument()) { |
| 632 if (document()->settings() && | 621 if (document()->settings() && |
| 633 !document()->settings()->getSyncXHRInDocumentsEnabled()) { | 622 !document()->settings()->getSyncXHRInDocumentsEnabled()) { |
| 634 exceptionState.throwDOMException( | 623 exceptionState.throwDOMException( |
| 635 InvalidAccessError, | 624 InvalidAccessError, |
| 636 "Synchronous requests are disabled for this page."); | 625 "Synchronous requests are disabled for this page."); |
| 637 return; | 626 return; |
| 638 } | 627 } |
| 639 | 628 |
| 640 // Newer functionality is not available to synchronous requests in window | 629 // Newer functionality is not available to synchronous requests in window |
| (...skipping 1252 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1893 visitor->traceWrappers(m_responseDocument); | 1882 visitor->traceWrappers(m_responseDocument); |
| 1894 visitor->traceWrappers(m_responseArrayBuffer); | 1883 visitor->traceWrappers(m_responseArrayBuffer); |
| 1895 XMLHttpRequestEventTarget::traceWrappers(visitor); | 1884 XMLHttpRequestEventTarget::traceWrappers(visitor); |
| 1896 } | 1885 } |
| 1897 | 1886 |
| 1898 std::ostream& operator<<(std::ostream& ostream, const XMLHttpRequest* xhr) { | 1887 std::ostream& operator<<(std::ostream& ostream, const XMLHttpRequest* xhr) { |
| 1899 return ostream << "XMLHttpRequest " << static_cast<const void*>(xhr); | 1888 return ostream << "XMLHttpRequest " << static_cast<const void*>(xhr); |
| 1900 } | 1889 } |
| 1901 | 1890 |
| 1902 } // namespace blink | 1891 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2456013002:
CSP: 'connect-src' should not cause exceptions. (Closed)
