Chromium Code Reviews Chromium Code Reviews
Issue 2918653004:
Remove dup'ed code for RequestorOrigin and FirstPartyCookie (Closed)
| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 278 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 289 ResourceLoadPriority load_priority, | 289 ResourceLoadPriority load_priority, |
| 290 int intra_priority_value) { | 290 int intra_priority_value) { |
| 291 TRACE_EVENT1( | 291 TRACE_EVENT1( |
| 292 "devtools.timeline", "ResourceChangePriority", "data", | 292 "devtools.timeline", "ResourceChangePriority", "data", |
| 293 InspectorChangeResourcePriorityEvent::Data(identifier, load_priority)); | 293 InspectorChangeResourcePriorityEvent::Data(identifier, load_priority)); |
| 294 probe::didChangeResourcePriority(GetFrame(), identifier, load_priority); | 294 probe::didChangeResourcePriority(GetFrame(), identifier, load_priority); |
| 295 } | 295 } |
| 296 | 296 |
| 297 void FrameFetchContext::PrepareRequest(ResourceRequest& request, | 297 void FrameFetchContext::PrepareRequest(ResourceRequest& request, |
| 298 RedirectType redirect_type) { | 298 RedirectType redirect_type) { |
| 299 SetFirstPartyCookieAndRequestorOrigin(request); | |
|
kinuko
2017/06/07 02:00:49
Moved here so this is also called in redirects (so
| |
| 300 | |
| 299 GetFrame()->Loader().ApplyUserAgent(request); | 301 GetFrame()->Loader().ApplyUserAgent(request); |
| 300 GetLocalFrameClient()->DispatchWillSendRequest(request); | 302 GetLocalFrameClient()->DispatchWillSendRequest(request); |
| 301 | 303 |
| 302 // ServiceWorker hook ups. | 304 // ServiceWorker hook ups. |
| 303 if (MasterDocumentLoader()->GetServiceWorkerNetworkProvider()) { | 305 if (MasterDocumentLoader()->GetServiceWorkerNetworkProvider()) { |
| 304 WrappedResourceRequest webreq(request); | 306 WrappedResourceRequest webreq(request); |
| 305 MasterDocumentLoader()->GetServiceWorkerNetworkProvider()->WillSendRequest( | 307 MasterDocumentLoader()->GetServiceWorkerNetworkProvider()->WillSendRequest( |
| 306 webreq); | 308 webreq); |
| 307 } | 309 } |
| 308 | 310 |
| (...skipping 371 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 680 } | 682 } |
| 681 | 683 |
| 682 void FrameFetchContext::PopulateResourceRequest( | 684 void FrameFetchContext::PopulateResourceRequest( |
| 683 const KURL& url, | 685 const KURL& url, |
| 684 Resource::Type type, | 686 Resource::Type type, |
| 685 const ClientHintsPreferences& hints_preferences, | 687 const ClientHintsPreferences& hints_preferences, |
| 686 const FetchParameters::ResourceWidth& resource_width, | 688 const FetchParameters::ResourceWidth& resource_width, |
| 687 const ResourceLoaderOptions& options, | 689 const ResourceLoaderOptions& options, |
| 688 SecurityViolationReportingPolicy reporting_policy, | 690 SecurityViolationReportingPolicy reporting_policy, |
| 689 ResourceRequest& request) { | 691 ResourceRequest& request) { |
| 690 SetFirstPartyCookieAndRequestorOrigin(request); | |
| 691 | |
| 692 // Before modifying the request for CSP, evaluate report-only headers. This | 692 // Before modifying the request for CSP, evaluate report-only headers. This |
| 693 // allows site owners to learn about requests that are being modified | 693 // allows site owners to learn about requests that are being modified |
| 694 // (e.g. mixed content that is being upgraded by upgrade-insecure-requests). | 694 // (e.g. mixed content that is being upgraded by upgrade-insecure-requests). |
| 695 CheckCSPForRequest(request, url, options, reporting_policy, | 695 CheckCSPForRequest(request, url, options, reporting_policy, |
| 696 request.GetRedirectStatus(), | 696 request.GetRedirectStatus(), |
| 697 ContentSecurityPolicy::CheckHeaderType::kCheckReportOnly); | 697 ContentSecurityPolicy::CheckHeaderType::kCheckReportOnly); |
| 698 | 698 |
| 699 ModifyRequestForCSP(request); | 699 ModifyRequestForCSP(request); |
| 700 AddClientHintsIfNecessary(hints_preferences, resource_width, request); | 700 AddClientHintsIfNecessary(hints_preferences, resource_width, request); |
| 701 AddCSPHeaderIfNecessary(type, request); | 701 AddCSPHeaderIfNecessary(type, request); |
| 702 } | 702 } |
| 703 | 703 |
| 704 void FrameFetchContext::SetFirstPartyCookieAndRequestorOrigin( | 704 void FrameFetchContext::SetFirstPartyCookieAndRequestorOrigin( |
|
kinuko
2017/06/07 02:00:49
Now this does mostly same as what RenderFrameImpl:
| |
| 705 ResourceRequest& request) { | 705 ResourceRequest& request) { |
| 706 if (!GetDocument()) | 706 // Set the first party for cookies url if it has not been set yet (new |
| 707 return; | 707 // requests). This value will be updated during redirects, consistent with |
| 708 | 708 // https://tools.ietf.org/html/draft-west-first-party-cookies-04#section-2.1.1 |
|
Mike West
2017/06/07 06:48:44
Would you mind updating this to https://tools.ietf
kinuko
2017/06/07 06:57:49
Done.
| |
| 709 if (request.FirstPartyForCookies().IsNull()) { | 709 if (request.FirstPartyForCookies().IsNull()) { |
| 710 request.SetFirstPartyForCookies( | 710 if (request.GetFrameType() == WebURLRequest::kFrameTypeTopLevel) { |
| 711 GetDocument() ? GetDocument()->FirstPartyForCookies() | 711 request.SetFirstPartyForCookies(request.Url()); |
| 712 : SecurityOrigin::UrlWithUniqueSecurityOrigin()); | 712 } else { |
| 713 // Use GetDocument() for subresource or nested frame cases, | |
| 714 // GetFrame()->GetDocument() otherwise. | |
| 715 Document* document = | |
| 716 GetDocument() ? GetDocument() : GetFrame()->GetDocument(); | |
| 717 request.SetFirstPartyForCookies(document->FirstPartyForCookies()); | |
| 718 } | |
| 713 } | 719 } |
| 714 | 720 |
| 715 // Subresource requests inherit their requestor origin from |m_document| | 721 // Subresource requests inherit their requestor origin from |document_| |
| 716 // directly. Top-level and nested frame types are taken care of in | 722 // directly. Top-level frame types are taken care of in 'FrameLoadRequest()'. |
| 717 // 'FrameLoadRequest()'. Auxiliary frame types in 'createWindow()' and | 723 // Auxiliary frame types in 'CreateWindow()' and 'FrameLoader::Load'. |
| 718 // 'FrameLoader::load'. | 724 if (!request.RequestorOrigin()) { |
| 719 // TODO(mkwst): It would be cleaner to adjust blink::ResourceRequest to | 725 if (request.GetFrameType() == WebURLRequest::kFrameTypeNone) { |
| 720 // initialize itself with a `nullptr` initiator so that this can be a simple | 726 Document* document = GetDocument(); |
| 721 // `isNull()` check. https://crbug.com/625969 | 727 request.SetRequestorOrigin(document->IsSandboxed(kSandboxOrigin) |
| 722 if (request.GetFrameType() == WebURLRequest::kFrameTypeNone && | 728 ? SecurityOrigin::Create(document->Url()) |
| 723 request.RequestorOrigin()->IsUnique()) { | 729 : document->GetSecurityOrigin()); |
| 724 request.SetRequestorOrigin(GetDocument()->IsSandboxed(kSandboxOrigin) | 730 } else { |
| 725 ? SecurityOrigin::Create(document_->Url()) | 731 // Set the requestor origin to the same origin as the frame's document |
| 726 : document_->GetSecurityOrigin()); | 732 // if it hasn't yet been set. (We may hit here for nested frames and |
| 733 // redirect cases) | |
| 734 request.SetRequestorOrigin( | |
| 735 GetFrame()->GetDocument()->GetSecurityOrigin()); | |
|
kinuko
2017/06/07 02:00:49
Wasn't bit sure if we should also check IsSandboxe
| |
| 736 } | |
| 727 } | 737 } |
| 728 } | 738 } |
| 729 | 739 |
| 730 MHTMLArchive* FrameFetchContext::Archive() const { | 740 MHTMLArchive* FrameFetchContext::Archive() const { |
| 731 DCHECK(!IsMainFrame()); | 741 DCHECK(!IsMainFrame()); |
| 732 // TODO(nasko): How should this work with OOPIF? | 742 // TODO(nasko): How should this work with OOPIF? |
| 733 // The MHTMLArchive is parsed as a whole, but can be constructed from frames | 743 // The MHTMLArchive is parsed as a whole, but can be constructed from frames |
| 734 // in multiple processes. In that case, which process should parse it and how | 744 // in multiple processes. In that case, which process should parse it and how |
| 735 // should the output be spread back across multiple processes? | 745 // should the output be spread back across multiple processes? |
| 736 if (!GetFrame()->Tree().Parent()->IsLocalFrame()) | 746 if (!GetFrame()->Tree().Parent()->IsLocalFrame()) |
| (...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 846 return loader; | 856 return loader; |
| 847 } | 857 } |
| 848 | 858 |
| 849 DEFINE_TRACE(FrameFetchContext) { | 859 DEFINE_TRACE(FrameFetchContext) { |
| 850 visitor->Trace(document_loader_); | 860 visitor->Trace(document_loader_); |
| 851 visitor->Trace(document_); | 861 visitor->Trace(document_); |
| 852 BaseFetchContext::Trace(visitor); | 862 BaseFetchContext::Trace(visitor); |
| 853 } | 863 } |
| 854 | 864 |
| 855 } // namespace blink | 865 } // namespace blink |
| OLD | NEW |
