OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 278 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
289 ResourceLoadPriority load_priority, | 289 ResourceLoadPriority load_priority, |
290 int intra_priority_value) { | 290 int intra_priority_value) { |
291 TRACE_EVENT1( | 291 TRACE_EVENT1( |
292 "devtools.timeline", "ResourceChangePriority", "data", | 292 "devtools.timeline", "ResourceChangePriority", "data", |
293 InspectorChangeResourcePriorityEvent::Data(identifier, load_priority)); | 293 InspectorChangeResourcePriorityEvent::Data(identifier, load_priority)); |
294 probe::didChangeResourcePriority(GetFrame(), identifier, load_priority); | 294 probe::didChangeResourcePriority(GetFrame(), identifier, load_priority); |
295 } | 295 } |
296 | 296 |
297 void FrameFetchContext::PrepareRequest(ResourceRequest& request, | 297 void FrameFetchContext::PrepareRequest(ResourceRequest& request, |
298 RedirectType redirect_type) { | 298 RedirectType redirect_type) { |
299 SetFirstPartyCookieAndRequestorOrigin(request); | |
kinuko
2017/06/07 02:00:49
Moved here so this is also called in redirects (so
| |
300 | |
299 GetFrame()->Loader().ApplyUserAgent(request); | 301 GetFrame()->Loader().ApplyUserAgent(request); |
300 GetLocalFrameClient()->DispatchWillSendRequest(request); | 302 GetLocalFrameClient()->DispatchWillSendRequest(request); |
301 | 303 |
302 // ServiceWorker hook ups. | 304 // ServiceWorker hook ups. |
303 if (MasterDocumentLoader()->GetServiceWorkerNetworkProvider()) { | 305 if (MasterDocumentLoader()->GetServiceWorkerNetworkProvider()) { |
304 WrappedResourceRequest webreq(request); | 306 WrappedResourceRequest webreq(request); |
305 MasterDocumentLoader()->GetServiceWorkerNetworkProvider()->WillSendRequest( | 307 MasterDocumentLoader()->GetServiceWorkerNetworkProvider()->WillSendRequest( |
306 webreq); | 308 webreq); |
307 } | 309 } |
308 | 310 |
(...skipping 371 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
680 } | 682 } |
681 | 683 |
682 void FrameFetchContext::PopulateResourceRequest( | 684 void FrameFetchContext::PopulateResourceRequest( |
683 const KURL& url, | 685 const KURL& url, |
684 Resource::Type type, | 686 Resource::Type type, |
685 const ClientHintsPreferences& hints_preferences, | 687 const ClientHintsPreferences& hints_preferences, |
686 const FetchParameters::ResourceWidth& resource_width, | 688 const FetchParameters::ResourceWidth& resource_width, |
687 const ResourceLoaderOptions& options, | 689 const ResourceLoaderOptions& options, |
688 SecurityViolationReportingPolicy reporting_policy, | 690 SecurityViolationReportingPolicy reporting_policy, |
689 ResourceRequest& request) { | 691 ResourceRequest& request) { |
690 SetFirstPartyCookieAndRequestorOrigin(request); | |
691 | |
692 // Before modifying the request for CSP, evaluate report-only headers. This | 692 // Before modifying the request for CSP, evaluate report-only headers. This |
693 // allows site owners to learn about requests that are being modified | 693 // allows site owners to learn about requests that are being modified |
694 // (e.g. mixed content that is being upgraded by upgrade-insecure-requests). | 694 // (e.g. mixed content that is being upgraded by upgrade-insecure-requests). |
695 CheckCSPForRequest(request, url, options, reporting_policy, | 695 CheckCSPForRequest(request, url, options, reporting_policy, |
696 request.GetRedirectStatus(), | 696 request.GetRedirectStatus(), |
697 ContentSecurityPolicy::CheckHeaderType::kCheckReportOnly); | 697 ContentSecurityPolicy::CheckHeaderType::kCheckReportOnly); |
698 | 698 |
699 ModifyRequestForCSP(request); | 699 ModifyRequestForCSP(request); |
700 AddClientHintsIfNecessary(hints_preferences, resource_width, request); | 700 AddClientHintsIfNecessary(hints_preferences, resource_width, request); |
701 AddCSPHeaderIfNecessary(type, request); | 701 AddCSPHeaderIfNecessary(type, request); |
702 } | 702 } |
703 | 703 |
704 void FrameFetchContext::SetFirstPartyCookieAndRequestorOrigin( | 704 void FrameFetchContext::SetFirstPartyCookieAndRequestorOrigin( |
kinuko
2017/06/07 02:00:49
Now this does mostly same as what RenderFrameImpl:
| |
705 ResourceRequest& request) { | 705 ResourceRequest& request) { |
706 if (!GetDocument()) | 706 // Set the first party for cookies url if it has not been set yet (new |
707 return; | 707 // requests). This value will be updated during redirects, consistent with |
708 | 708 // https://tools.ietf.org/html/draft-west-first-party-cookies-04#section-2.1.1 |
Mike West
2017/06/07 06:48:44
Would you mind updating this to https://tools.ietf
kinuko
2017/06/07 06:57:49
Done.
| |
709 if (request.FirstPartyForCookies().IsNull()) { | 709 if (request.FirstPartyForCookies().IsNull()) { |
710 request.SetFirstPartyForCookies( | 710 if (request.GetFrameType() == WebURLRequest::kFrameTypeTopLevel) { |
711 GetDocument() ? GetDocument()->FirstPartyForCookies() | 711 request.SetFirstPartyForCookies(request.Url()); |
712 : SecurityOrigin::UrlWithUniqueSecurityOrigin()); | 712 } else { |
713 // Use GetDocument() for subresource or nested frame cases, | |
714 // GetFrame()->GetDocument() otherwise. | |
715 Document* document = | |
716 GetDocument() ? GetDocument() : GetFrame()->GetDocument(); | |
717 request.SetFirstPartyForCookies(document->FirstPartyForCookies()); | |
718 } | |
713 } | 719 } |
714 | 720 |
715 // Subresource requests inherit their requestor origin from |m_document| | 721 // Subresource requests inherit their requestor origin from |document_| |
716 // directly. Top-level and nested frame types are taken care of in | 722 // directly. Top-level frame types are taken care of in 'FrameLoadRequest()'. |
717 // 'FrameLoadRequest()'. Auxiliary frame types in 'createWindow()' and | 723 // Auxiliary frame types in 'CreateWindow()' and 'FrameLoader::Load'. |
718 // 'FrameLoader::load'. | 724 if (!request.RequestorOrigin()) { |
719 // TODO(mkwst): It would be cleaner to adjust blink::ResourceRequest to | 725 if (request.GetFrameType() == WebURLRequest::kFrameTypeNone) { |
720 // initialize itself with a `nullptr` initiator so that this can be a simple | 726 Document* document = GetDocument(); |
721 // `isNull()` check. https://crbug.com/625969 | 727 request.SetRequestorOrigin(document->IsSandboxed(kSandboxOrigin) |
722 if (request.GetFrameType() == WebURLRequest::kFrameTypeNone && | 728 ? SecurityOrigin::Create(document->Url()) |
723 request.RequestorOrigin()->IsUnique()) { | 729 : document->GetSecurityOrigin()); |
724 request.SetRequestorOrigin(GetDocument()->IsSandboxed(kSandboxOrigin) | 730 } else { |
725 ? SecurityOrigin::Create(document_->Url()) | 731 // Set the requestor origin to the same origin as the frame's document |
726 : document_->GetSecurityOrigin()); | 732 // if it hasn't yet been set. (We may hit here for nested frames and |
733 // redirect cases) | |
734 request.SetRequestorOrigin( | |
735 GetFrame()->GetDocument()->GetSecurityOrigin()); | |
kinuko
2017/06/07 02:00:49
Wasn't bit sure if we should also check IsSandboxe
| |
736 } | |
727 } | 737 } |
728 } | 738 } |
729 | 739 |
730 MHTMLArchive* FrameFetchContext::Archive() const { | 740 MHTMLArchive* FrameFetchContext::Archive() const { |
731 DCHECK(!IsMainFrame()); | 741 DCHECK(!IsMainFrame()); |
732 // TODO(nasko): How should this work with OOPIF? | 742 // TODO(nasko): How should this work with OOPIF? |
733 // The MHTMLArchive is parsed as a whole, but can be constructed from frames | 743 // The MHTMLArchive is parsed as a whole, but can be constructed from frames |
734 // in multiple processes. In that case, which process should parse it and how | 744 // in multiple processes. In that case, which process should parse it and how |
735 // should the output be spread back across multiple processes? | 745 // should the output be spread back across multiple processes? |
736 if (!GetFrame()->Tree().Parent()->IsLocalFrame()) | 746 if (!GetFrame()->Tree().Parent()->IsLocalFrame()) |
(...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
846 return loader; | 856 return loader; |
847 } | 857 } |
848 | 858 |
849 DEFINE_TRACE(FrameFetchContext) { | 859 DEFINE_TRACE(FrameFetchContext) { |
850 visitor->Trace(document_loader_); | 860 visitor->Trace(document_loader_); |
851 visitor->Trace(document_); | 861 visitor->Trace(document_); |
852 BaseFetchContext::Trace(visitor); | 862 BaseFetchContext::Trace(visitor); |
853 } | 863 } |
854 | 864 |
855 } // namespace blink | 865 } // namespace blink |
OLD | NEW |