Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(515)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/modules/beacon/NavigatorBeacon.cpp

Issue 2870383002: Have sendBeacon throw for Blobs with a type that is not CORS-safelisted. (Closed)
Patch Set: Rebase Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/virtual/stable/http/tests/sendbeacon/beacon-cross-origin-redirect-blob-expected.txt ('k') | third_party/WebKit/Source/platform/RuntimeEnabledFeatures.json5 » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "modules/beacon/NavigatorBeacon.h" 5 #include "modules/beacon/NavigatorBeacon.h"
6 6
7 #include "bindings/core/v8/ExceptionState.h" 7 #include "bindings/core/v8/ExceptionState.h"
8 #include "bindings/modules/v8/ArrayBufferViewOrBlobOrStringOrFormData.h" 8 #include "bindings/modules/v8/ArrayBufferViewOrBlobOrStringOrFormData.h"
9 #include "core/dom/DOMArrayBufferView.h" 9 #include "core/dom/DOMArrayBufferView.h"
10 #include "core/dom/ExceptionCode.h" 10 #include "core/dom/ExceptionCode.h"
(...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after
119 PingLoader::SendBeacon(GetSupplementable()->GetFrame(), allowance, url, 119 PingLoader::SendBeacon(GetSupplementable()->GetFrame(), allowance, url,
120 data.getAsArrayBufferView().View(), beacon_size); 120 data.getAsArrayBufferView().View(), beacon_size);
121 } else if (data.isBlob()) { 121 } else if (data.isBlob()) {
122 Blob* blob = data.getAsBlob(); 122 Blob* blob = data.getAsBlob();
123 if (!FetchUtils::IsSimpleContentType(AtomicString(blob->type()))) { 123 if (!FetchUtils::IsSimpleContentType(AtomicString(blob->type()))) {
124 UseCounter::Count(context, 124 UseCounter::Count(context,
125 UseCounter::kSendBeaconWithNonSimpleContentType); 125 UseCounter::kSendBeaconWithNonSimpleContentType);
126 if (RuntimeEnabledFeatures:: 126 if (RuntimeEnabledFeatures::
127 sendBeaconThrowForBlobWithNonSimpleTypeEnabled()) { 127 sendBeaconThrowForBlobWithNonSimpleTypeEnabled()) {
128 exception_state.ThrowSecurityError( 128 exception_state.ThrowSecurityError(
129 "sendBeacon() with a Blob whose type is not CORS-safelisted MIME " 129 "sendBeacon() with a Blob whose type is not any of the "
130 "type is disallowed experimentally. See http://crbug.com/490015 " 130 "CORS-safelisted values for the Content-Type request header is "
131 "for details."); 131 "disabled temporarily. See http://crbug.com/490015 for details.");
132 return false; 132 return false;
133 } 133 }
134 } 134 }
135 allowed = PingLoader::SendBeacon(GetSupplementable()->GetFrame(), allowance, 135 allowed = PingLoader::SendBeacon(GetSupplementable()->GetFrame(), allowance,
136 url, blob, beacon_size); 136 url, blob, beacon_size);
137 } else if (data.isString()) { 137 } else if (data.isString()) {
138 allowed = PingLoader::SendBeacon(GetSupplementable()->GetFrame(), allowance, 138 allowed = PingLoader::SendBeacon(GetSupplementable()->GetFrame(), allowance,
139 url, data.getAsString(), beacon_size); 139 url, data.getAsString(), beacon_size);
140 } else if (data.isFormData()) { 140 } else if (data.isFormData()) {
141 allowed = PingLoader::SendBeacon(GetSupplementable()->GetFrame(), allowance, 141 allowed = PingLoader::SendBeacon(GetSupplementable()->GetFrame(), allowance,
142 url, data.getAsFormData(), beacon_size); 142 url, data.getAsFormData(), beacon_size);
143 } else { 143 } else {
144 allowed = PingLoader::SendBeacon(GetSupplementable()->GetFrame(), allowance, 144 allowed = PingLoader::SendBeacon(GetSupplementable()->GetFrame(), allowance,
145 url, String(), beacon_size); 145 url, String(), beacon_size);
146 } 146 }
147 147
148 if (!allowed) { 148 if (!allowed) {
149 UseCounter::Count(context, UseCounter::kSendBeaconQuotaExceeded); 149 UseCounter::Count(context, UseCounter::kSendBeaconQuotaExceeded);
150 return false; 150 return false;
151 } 151 }
152 152
153 // Only accumulate transmission size if a limit is imposed. 153 // Only accumulate transmission size if a limit is imposed.
154 if (allowance >= 0) 154 if (allowance >= 0)
155 AddTransmittedBytes(beacon_size); 155 AddTransmittedBytes(beacon_size);
156 return true; 156 return true;
157 } 157 }
158 158
159 } // namespace blink 159 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/virtual/stable/http/tests/sendbeacon/beacon-cross-origin-redirect-blob-expected.txt ('k') | third_party/WebKit/Source/platform/RuntimeEnabledFeatures.json5 » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698