Collapse images disallowed by the Safe Browsing Subresource Filter.

third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp

 /*
     Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de)
     Copyright (C) 2001 Dirk Mueller (mueller@kde.org)
     Copyright (C) 2002 Waldo Bastian (bastian@kde.org)
     Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All
     rights reserved.
     Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/
 
     This library is free software; you can redistribute it and/or
     modify it under the terms of the GNU Library General Public
@@ skipping 240 matching lines @@
 }
 
 ResourceFetcher::~ResourceFetcher() {}
 
 Resource* ResourceFetcher::cachedResource(const KURL& resourceURL) const {
   KURL url = MemoryCache::removeFragmentIdentifierIfNeeded(resourceURL);
   const WeakMember<Resource>& resource = m_documentResources.get(url);
   return resource.get();
 }
 
-bool ResourceFetcher::canAccessResponse(
+ResourceRequestBlockedReason ResourceFetcher::canAccessResponse(
     Resource* resource,
     const ResourceResponse& response) const {
   // Redirects can change the response URL different from one of request.
   bool forPreload = resource->isUnusedPreload();
-  if (!context().canRequest(resource->getType(), resource->resourceRequest(),
-                            response.url(), resource->options(), forPreload,
-                            FetchRequest::UseDefaultOriginRestrictionForType))
-    return false;
+  ResourceRequestBlockedReason blockedReason =
+      context().canRequest(resource->getType(), resource->resourceRequest(),
+                           response.url(), resource->options(), forPreload,
+                           FetchRequest::UseDefaultOriginRestrictionForType);
+  if (blockedReason != ResourceRequestBlockedReason::None)
+    return blockedReason;
 
   SecurityOrigin* sourceOrigin = resource->options().securityOrigin.get();
   if (!sourceOrigin)
     sourceOrigin = context().getSecurityOrigin();
 
   if (sourceOrigin->canRequestNoSuborigin(response.url()))
-    return true;
+    return ResourceRequestBlockedReason::None;
 
   // Use the original response instead of the 304 response for a successful
   // revaldiation.
   const ResourceResponse& responseForAccessControl =
       (resource->isCacheValidator() && response.httpStatusCode() == 304)
           ? resource->response()
           : response;
   String errorDescription;
   if (!passesAccessControlCheck(
           responseForAccessControl, resource->options().allowCredentials,
           sourceOrigin, errorDescription,
           resource->lastResourceRequest().requestContext())) {
     resource->setCORSFailed();
     if (!forPreload) {
       String resourceType = Resource::resourceTypeToString(
           resource->getType(), resource->options().initiatorInfo);
       context().addConsoleMessage(
           "Access to " + resourceType + " at '" + response.url().getString() +
           "' from origin '" + sourceOrigin->toString() +
           "' has been blocked by CORS policy: " + errorDescription);
     }
-    return false;
+    return ResourceRequestBlockedReason::Other;
   }
-  return true;
+  return ResourceRequestBlockedReason::None;
 }
 
 bool ResourceFetcher::isControlledByServiceWorker() const {
   return context().isControlledByServiceWorker();
 }
 
 bool ResourceFetcher::resourceNeedsLoad(Resource* resource,
                                         const FetchRequest& request,
                                         RevalidationPolicy policy) {
   // Defer a font load until it is actually needed unless this is a preload.
@@ skipping 119 matching lines @@
   resource->finish();
 
   if (!substituteData.isValid())
     memoryCache()->add(resource);
 
   return resource;
 }
 
 Resource* ResourceFetcher::resourceForBlockedRequest(
     const FetchRequest& request,
-    const ResourceFactory& factory) {
+    const ResourceFactory& factory,
+    ResourceRequestBlockedReason blockedReason) {
   Resource* resource = factory.create(request.resourceRequest(),
                                       request.options(), request.charset());
-  resource->error(ResourceError::cancelledDueToAccessCheckError(request.url()));
+  resource->error(ResourceError::cancelledDueToAccessCheckError(request.url(),
+                                                                blockedReason));
   return resource;
 }
 
 void ResourceFetcher::moveCachedNonBlockingResourceToBlocking(
     Resource* resource,
     const FetchRequest& request) {
   // TODO(yoav): Test that non-blocking resources (video/audio/track) continue
   // to not-block even after being preloaded and discovered.
   if (resource && resource->loader() &&
       resource->isLoadEventBlockingResourceType() &&
@@ skipping 51 matching lines @@
   if (!request.url().isValid())
     return nullptr;
 
   request.mutableResourceRequest().setPriority(computeLoadPriority(
       factory.type(), request, ResourcePriority::NotVisible));
   initializeResourceRequest(request.mutableResourceRequest(), factory.type(),
                             request.defer());
   network_instrumentation::resourcePrioritySet(
       identifier, request.resourceRequest().priority());
 
-  if (!context().canRequest(
-          factory.type(), request.resourceRequest(),
-          MemoryCache::removeFragmentIdentifierIfNeeded(request.url()),
-          request.options(), request.forPreload(),
-          request.getOriginRestriction())) {
+  ResourceRequestBlockedReason blockedReason = context().canRequest(
+      factory.type(), request.resourceRequest(),
+      MemoryCache::removeFragmentIdentifierIfNeeded(request.url()),
+      request.options(), request.forPreload(), request.getOriginRestriction());
+  if (blockedReason != ResourceRequestBlockedReason::None) {
     DCHECK(!substituteData.forceSynchronousLoad());
-    return resourceForBlockedRequest(request, factory);
+    return resourceForBlockedRequest(request, factory, blockedReason);
   }
 
   context().willStartLoadingResource(
       identifier, request.mutableResourceRequest(), factory.type());
   if (!request.url().isValid())
     return nullptr;
 
   if (!request.forPreload()) {
     V8DOMActivityLogger* activityLogger = nullptr;
     if (request.options().initiatorInfo.name ==
@@ skipping 692 matching lines @@
       resource->loader()->restart(request, context().loadingTaskRunner(),
                                   context().defersLoading());
       return;
     }
 
     // If the response is fetched via ServiceWorker, the original URL of the
     // response could be different from the URL of the request. We check the URL
     // not to load the resources which are forbidden by the page CSP.
     // https://w3c.github.io/webappsec-csp/#should-block-response
     const KURL& originalURL = response.originalURLViaServiceWorker();
-    if (!originalURL.isEmpty() &&
-        !context().allowResponse(resource->getType(),
-                                 resource->resourceRequest(), originalURL,
-                                 resource->options())) {
-      resource->loader()->didFail(
-          ResourceError::cancelledDueToAccessCheckError(originalURL));
+    if (!originalURL.isEmpty()) {
+      ResourceRequestBlockedReason blockedReason = context().allowResponse(
+          resource->getType(), resource->resourceRequest(), originalURL,
+          resource->options());
+      if (blockedReason != ResourceRequestBlockedReason::None) {
+        resource->loader()->didFail(
+            ResourceError::cancelledDueToAccessCheckError(originalURL,
+                                                          blockedReason));
+        return;
+      }
+    }
+  } else if (resource->options().corsEnabled == IsCORSEnabled) {
+    ResourceRequestBlockedReason blockedReason =
+        canAccessResponse(resource, response);
+    if (blockedReason != ResourceRequestBlockedReason::None) {
+      resource->loader()->didFail(ResourceError::cancelledDueToAccessCheckError(
+          response.url(), blockedReason));
       return;
     }
-  } else if (resource->options().corsEnabled == IsCORSEnabled &&
-             !canAccessResponse(resource, response)) {
-    resource->loader()->didFail(
-        ResourceError::cancelledDueToAccessCheckError(response.url()));
-    return;
   }
 
   context().dispatchDidReceiveResponse(
       resource->identifier(), response, resource->resourceRequest().frameType(),
       resource->resourceRequest().requestContext(), resource);
   resource->responseReceived(response, std::move(handle));
   if (resource->loader() && response.httpStatusCode() >= 400 &&
       !resource->shouldIgnoreHTTPStatusCodeErrors()) {
     resource->loader()->didFail(ResourceError::cancelledError(response.url()));
   }
@@ skipping 102 matching lines @@
 bool ResourceFetcher::defersLoading() const {
   return context().defersLoading();
 }
 
 static bool isManualRedirectFetchRequest(const ResourceRequest& request) {
   return request.fetchRedirectMode() ==
              WebURLRequest::FetchRedirectModeManual &&
          request.requestContext() == WebURLRequest::RequestContextFetch;
 }
 
-bool ResourceFetcher::willFollowRedirect(
+ResourceRequestBlockedReason ResourceFetcher::willFollowRedirect(
     Resource* resource,
     ResourceRequest& newRequest,
     const ResourceResponse& redirectResponse) {
   if (!isManualRedirectFetchRequest(resource->resourceRequest())) {
-    if (!context().canRequest(resource->getType(), newRequest, newRequest.url(),
-                              resource->options(), resource->isUnusedPreload(),
-                              FetchRequest::UseDefaultOriginRestrictionForType))
-      return false;
+    ResourceRequestBlockedReason blockedReason =
+        context().canRequest(resource->getType(), newRequest, newRequest.url(),
+                             resource->options(), resource->isUnusedPreload(),
+                             FetchRequest::UseDefaultOriginRestrictionForType);
+    if (blockedReason != ResourceRequestBlockedReason::None)
+      return blockedReason;
     if (resource->options().corsEnabled == IsCORSEnabled) {
       RefPtr<SecurityOrigin> sourceOrigin = resource->options().securityOrigin;
       if (!sourceOrigin.get())
         sourceOrigin = context().getSecurityOrigin();
 
       String errorMessage;
       StoredCredentials withCredentials =
           resource->lastResourceRequest().allowStoredCredentials()
               ? AllowStoredCredentials
               : DoNotAllowStoredCredentials;
       if (!CrossOriginAccessControl::handleRedirect(
               sourceOrigin, newRequest, redirectResponse, withCredentials,
               resource->mutableOptions(), errorMessage)) {
         resource->setCORSFailed();
         context().addConsoleMessage(errorMessage);
-        return false;
+        return ResourceRequestBlockedReason::Other;
       }
     }
     if (resource->getType() == Resource::Image &&
-        shouldDeferImageLoad(newRequest.url()))
-      return false;
+        shouldDeferImageLoad(newRequest.url())) {
+      return ResourceRequestBlockedReason::Other;
+    }
   }
 
   ResourceTimingInfoMap::iterator it = m_resourceTimingInfoMap.find(resource);
   if (it != m_resourceTimingInfoMap.end()) {
     bool crossOrigin = IsCrossOrigin(redirectResponse.url(), newRequest.url());
     it->value->addRedirect(redirectResponse, crossOrigin);
   }
   newRequest.setAllowStoredCredentials(resource->options().allowCredentials ==
                                        AllowStoredCredentials);
   willSendRequest(resource->identifier(), newRequest, redirectResponse,
                   resource->options());
-  return true;
+  return ResourceRequestBlockedReason::None;
 }
 
 void ResourceFetcher::willSendRequest(unsigned long identifier,
                                       ResourceRequest& newRequest,
                                       const ResourceResponse& redirectResponse,
                                       const ResourceLoaderOptions& options) {
   context().dispatchWillSendRequest(identifier, newRequest, redirectResponse,
                                     options.initiatorInfo);
 }
 
@@ skipping 220 matching lines @@
   visitor->trace(m_context);
   visitor->trace(m_archive);
   visitor->trace(m_loaders);
   visitor->trace(m_nonBlockingLoaders);
   visitor->trace(m_documentResources);
   visitor->trace(m_preloads);
   visitor->trace(m_resourceTimingInfoMap);
 }
 
 }  // namespace blink