Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(147)

Unified Diff: third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp

Issue 2582833002: Fix foreign fetch intercepting CORS preflighted requests if preflight was in cache. (Closed)
Patch Set: address comments Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/serviceworker/foreign-fetch-basics.html ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp
diff --git a/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp b/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp
index e6aa7c47fd9a818012271e5280e0167f6aa41045..c71ae427dc6b403dfa01852a61f7e1fb76093323 100644
--- a/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp
+++ b/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp
@@ -369,6 +369,16 @@ void DocumentThreadableLoader::makeCrossOriginAccessRequest(
prepareCrossOriginRequest(crossOriginRequest);
loadRequest(crossOriginRequest, crossOriginOptions);
} else {
+ // Explicitly set the SkipServiceWorker flag here. Although the page is not
+ // controlled by a SW at this point, a new SW may be controlling the page
+ // when this request gets sent later. We should not send the actual request
+ // to the SW. https://crbug.com/604583
+ // Similarly we don't want any requests that could involve a CORS preflight
+ // to get intercepted by a foreign fetch service worker, even if we have the
+ // result of the preflight cached already. https://crbug.com/674370
+ crossOriginRequest.setSkipServiceWorker(
+ WebURLRequest::SkipServiceWorker::All);
+
bool shouldForcePreflight =
request.isExternalRequest() ||
InspectorInstrumentation::shouldForceCORSPreflight(m_document);
@@ -916,12 +926,6 @@ void DocumentThreadableLoader::loadActualRequest() {
clearResource();
- // Explicitly set the SkipServiceWorker flag here. Even if the page was not
- // controlled by a SW when the preflight request was sent, a new SW may be
- // controlling the page now by calling clients.claim(). We should not send
- // the actual request to the SW. https://crbug.com/604583
- actualRequest.setSkipServiceWorker(WebURLRequest::SkipServiceWorker::All);
-
prepareCrossOriginRequest(actualRequest);
loadRequest(actualRequest, actualOptions);
}
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/serviceworker/foreign-fetch-basics.html ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698