Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(168)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/fetch/Resource.cpp

Issue 2616323002: CrossOriginAccessControl: separate access checks and error message generation (Closed)
Patch Set: initialize allowRedirect correctly Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp ('K') | « third_party/WebKit/Source/core/fetch/Resource.h ('k') | third_party/WebKit/Source/core/fetch/ResourceLoader.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) 2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de)
3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) 3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org)
4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) 4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org)
5 Copyright (C) 2006 Samuel Weinig (sam.weinig@gmail.com) 5 Copyright (C) 2006 Samuel Weinig (sam.weinig@gmail.com)
6 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All 6 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All
7 rights reserved. 7 rights reserved.
8 8
9 This library is free software; you can redistribute it and/or 9 This library is free software; you can redistribute it and/or
10 modify it under the terms of the GNU Library General Public 10 modify it under the terms of the GNU Library General Public
(...skipping 426 matching lines...) Expand 10 before | Expand all | Expand 10 after
437 m_loader = nullptr; 437 m_loader = nullptr;
438 checkNotify(); 438 checkNotify();
439 } 439 }
440 440
441 AtomicString Resource::httpContentType() const { 441 AtomicString Resource::httpContentType() const {
442 return extractMIMETypeFromMediaType( 442 return extractMIMETypeFromMediaType(
443 m_response.httpHeaderField(HTTPNames::Content_Type).lower()); 443 m_response.httpHeaderField(HTTPNames::Content_Type).lower());
444 } 444 }
445 445
446 bool Resource::passesAccessControlCheck(SecurityOrigin* securityOrigin) const { 446 bool Resource::passesAccessControlCheck(SecurityOrigin* securityOrigin) const {
447 String ignoredErrorDescription; 447 StoredCredentials storedCredentials =
448 return passesAccessControlCheck(securityOrigin, ignoredErrorDescription); 448 lastResourceRequest().allowStoredCredentials()
449 } 449 ? AllowStoredCredentials
450 : DoNotAllowStoredCredentials;
451 CrossOriginAccessControl::AccessStatus status =
452 CrossOriginAccessControl::checkAccess(m_response, storedCredentials,
453 securityOrigin);
450 454
451 bool Resource::passesAccessControlCheck(SecurityOrigin* securityOrigin, 455 return status == CrossOriginAccessControl::kAccessAllowed;
452 String& errorDescription) const {
453 return blink::passesAccessControlCheck(
454 m_response, lastResourceRequest().allowStoredCredentials()
455 ? AllowStoredCredentials
456 : DoNotAllowStoredCredentials,
457 securityOrigin, errorDescription, lastResourceRequest().requestContext());
458 } 456 }
459 457
460 bool Resource::isEligibleForIntegrityCheck( 458 bool Resource::isEligibleForIntegrityCheck(
461 SecurityOrigin* securityOrigin) const { 459 SecurityOrigin* securityOrigin) const {
462 String ignoredErrorDescription;
463 return securityOrigin->canRequest(resourceRequest().url()) || 460 return securityOrigin->canRequest(resourceRequest().url()) ||
464 passesAccessControlCheck(securityOrigin, ignoredErrorDescription); 461 passesAccessControlCheck(securityOrigin);
465 } 462 }
466 463
467 void Resource::setIntegrityDisposition( 464 void Resource::setIntegrityDisposition(
468 ResourceIntegrityDisposition disposition) { 465 ResourceIntegrityDisposition disposition) {
469 DCHECK_NE(disposition, ResourceIntegrityDisposition::NotChecked); 466 DCHECK_NE(disposition, ResourceIntegrityDisposition::NotChecked);
470 DCHECK(m_type == Resource::Script || m_type == Resource::CSSStyleSheet); 467 DCHECK(m_type == Resource::Script || m_type == Resource::CSSStyleSheet);
471 m_integrityDisposition = disposition; 468 m_integrityDisposition = disposition;
472 } 469 }
473 470
474 bool Resource::mustRefetchDueToIntegrityMetadata( 471 bool Resource::mustRefetchDueToIntegrityMetadata(
(...skipping 643 matching lines...) Expand 10 before | Expand all | Expand 10 after
1118 case Resource::Media: 1115 case Resource::Media:
1119 case Resource::Manifest: 1116 case Resource::Manifest:
1120 case Resource::Mock: 1117 case Resource::Mock:
1121 return false; 1118 return false;
1122 } 1119 }
1123 NOTREACHED(); 1120 NOTREACHED();
1124 return false; 1121 return false;
1125 } 1122 }
1126 1123
1127 } // namespace blink 1124 } // namespace blink
OLDNEW
« third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp ('K') | « third_party/WebKit/Source/core/fetch/Resource.h ('k') | third_party/WebKit/Source/core/fetch/ResourceLoader.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698