Index: Source/core/loader/DocumentThreadableLoader.cpp |
diff --git a/Source/core/loader/DocumentThreadableLoader.cpp b/Source/core/loader/DocumentThreadableLoader.cpp |
index 97d3b2820ef624184bd8fd9105846dcae350dbdb..399abe64ff7f54abe96f17223c524fd269a76411 100644 |
--- a/Source/core/loader/DocumentThreadableLoader.cpp |
+++ b/Source/core/loader/DocumentThreadableLoader.cpp |
@@ -53,25 +53,28 @@ |
namespace WebCore { |
-void DocumentThreadableLoader::loadResourceSynchronously(Document& document, const ResourceRequest& request, ThreadableLoaderClient& client, const ThreadableLoaderOptions& options) |
+void DocumentThreadableLoader::loadResourceSynchronously(Document& document, const ResourceRequest& request, ThreadableLoaderClient& client, const ThreadableLoaderOptions& options, const ResourceLoaderOptions& resourceLoaderOptions) |
{ |
// The loader will be deleted as soon as this function exits. |
- RefPtr<DocumentThreadableLoader> loader = adoptRef(new DocumentThreadableLoader(document, &client, LoadSynchronously, request, options)); |
+ RefPtr<DocumentThreadableLoader> loader = adoptRef(new DocumentThreadableLoader(document, &client, LoadSynchronously, request, options, resourceLoaderOptions)); |
ASSERT(loader->hasOneRef()); |
} |
-PassRefPtr<DocumentThreadableLoader> DocumentThreadableLoader::create(Document& document, ThreadableLoaderClient* client, const ResourceRequest& request, const ThreadableLoaderOptions& options) |
+PassRefPtr<DocumentThreadableLoader> DocumentThreadableLoader::create(Document& document, ThreadableLoaderClient* client, const ResourceRequest& request, const ThreadableLoaderOptions& options, const ResourceLoaderOptions& resourceLoaderOptions) |
{ |
- RefPtr<DocumentThreadableLoader> loader = adoptRef(new DocumentThreadableLoader(document, client, LoadAsynchronously, request, options)); |
+ RefPtr<DocumentThreadableLoader> loader = adoptRef(new DocumentThreadableLoader(document, client, LoadAsynchronously, request, options, resourceLoaderOptions)); |
if (!loader->resource()) |
loader = nullptr; |
return loader.release(); |
} |
-DocumentThreadableLoader::DocumentThreadableLoader(Document& document, ThreadableLoaderClient* client, BlockingBehavior blockingBehavior, const ResourceRequest& request, const ThreadableLoaderOptions& options) |
+DocumentThreadableLoader::DocumentThreadableLoader(Document& document, ThreadableLoaderClient* client, BlockingBehavior blockingBehavior, const ResourceRequest& request, const ThreadableLoaderOptions& options, const ResourceLoaderOptions& resourceLoaderOptions) |
: m_client(client) |
, m_document(document) |
, m_options(options) |
+ , m_resourceLoaderOptions(resourceLoaderOptions) |
+ , m_allowCredentials(m_resourceLoaderOptions.allowCredentials) |
+ , m_securityOrigin(m_resourceLoaderOptions.securityOrigin) |
, m_sameOriginRequest(securityOrigin()->canRequest(request.url())) |
, m_simpleRequest(true) |
, m_async(blockingBehavior == LoadAsynchronously) |
@@ -115,17 +118,17 @@ void DocumentThreadableLoader::makeCrossOriginAccessRequest(const ResourceReques |
} |
ResourceRequest crossOriginRequest(request); |
- updateRequestForAccessControl(crossOriginRequest, securityOrigin(), m_options.allowCredentials); |
+ updateRequestForAccessControl(crossOriginRequest, securityOrigin(), m_allowCredentials); |
loadRequest(crossOriginRequest); |
} else { |
m_simpleRequest = false; |
OwnPtr<ResourceRequest> crossOriginRequest = adoptPtr(new ResourceRequest(request)); |
// Do not set the Origin header for preflight requests. |
- updateRequestForAccessControl(*crossOriginRequest, 0, m_options.allowCredentials); |
+ updateRequestForAccessControl(*crossOriginRequest, 0, m_allowCredentials); |
m_actualRequest = crossOriginRequest.release(); |
- if (CrossOriginPreflightResultCache::shared().canSkipPreflight(securityOrigin()->toString(), m_actualRequest->url(), m_options.allowCredentials, m_actualRequest->httpMethod(), m_actualRequest->httpHeaderFields())) { |
+ if (CrossOriginPreflightResultCache::shared().canSkipPreflight(securityOrigin()->toString(), m_actualRequest->url(), m_allowCredentials, m_actualRequest->httpMethod(), m_actualRequest->httpHeaderFields())) { |
loadActualRequest(); |
} else { |
ResourceRequest preflightRequest = createAccessControlPreflightRequest(*m_actualRequest, securityOrigin()); |
@@ -198,7 +201,7 @@ void DocumentThreadableLoader::redirectReceived(Resource* resource, ResourceRequ |
if (m_simpleRequest) { |
allowRedirect = CrossOriginAccessControl::isLegalRedirectLocation(request.url(), accessControlErrorDescription) |
- && (m_sameOriginRequest || passesAccessControlCheck(redirectResponse, m_options.allowCredentials, securityOrigin(), accessControlErrorDescription)); |
+ && (m_sameOriginRequest || passesAccessControlCheck(redirectResponse, m_allowCredentials, securityOrigin(), accessControlErrorDescription)); |
} else { |
accessControlErrorDescription = "The request was redirected to '"+ request.url().string() + "', which is disallowed for cross-origin requests that require preflight."; |
} |
@@ -214,14 +217,14 @@ void DocumentThreadableLoader::redirectReceived(Resource* resource, ResourceRequ |
// set the source origin to a globally unique identifier. (If the original request was same-origin, the origin of the new request |
// should be the original URL origin.) |
if (!m_sameOriginRequest && !originalOrigin->isSameSchemeHostPort(requestOrigin.get())) |
- m_options.securityOrigin = SecurityOrigin::createUnique(); |
+ m_securityOrigin = SecurityOrigin::createUnique(); |
// Force any subsequent requests to use these checks. |
m_sameOriginRequest = false; |
// Since the request is no longer same-origin, if the user didn't request credentials in |
// the first place, update our state so we neither request them nor expect they must be allowed. |
- if (m_options.credentialsRequested == ClientDidNotRequestCredentials) |
- m_options.allowCredentials = DoNotAllowStoredCredentials; |
+ if (m_resourceLoaderOptions.credentialsRequested == ClientDidNotRequestCredentials) |
+ m_allowCredentials = DoNotAllowStoredCredentials; |
// Remove any headers that may have been added by the network layer that cause access control to fail. |
request.clearHTTPReferrer(); |
@@ -279,7 +282,7 @@ void DocumentThreadableLoader::handlePreflightResponse(unsigned long identifier, |
String accessControlErrorDescription; |
- if (!passesAccessControlCheck(response, m_options.allowCredentials, securityOrigin(), accessControlErrorDescription)) { |
+ if (!passesAccessControlCheck(response, m_allowCredentials, securityOrigin(), accessControlErrorDescription)) { |
handlePreflightFailure(response.url().string(), accessControlErrorDescription); |
return; |
} |
@@ -289,7 +292,7 @@ void DocumentThreadableLoader::handlePreflightResponse(unsigned long identifier, |
return; |
} |
- OwnPtr<CrossOriginPreflightResultCacheItem> preflightResult = adoptPtr(new CrossOriginPreflightResultCacheItem(m_options.allowCredentials)); |
+ OwnPtr<CrossOriginPreflightResultCacheItem> preflightResult = adoptPtr(new CrossOriginPreflightResultCacheItem(m_allowCredentials)); |
if (!preflightResult->parse(response, accessControlErrorDescription) |
|| !preflightResult->allowsCrossOriginMethod(m_actualRequest->httpMethod(), accessControlErrorDescription) |
|| !preflightResult->allowsCrossOriginHeaders(m_actualRequest->httpHeaderFields(), accessControlErrorDescription)) { |
@@ -311,7 +314,7 @@ void DocumentThreadableLoader::handleResponse(unsigned long identifier, const Re |
if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessControl) { |
String accessControlErrorDescription; |
- if (!passesAccessControlCheck(response, m_options.allowCredentials, securityOrigin(), accessControlErrorDescription)) { |
+ if (!passesAccessControlCheck(response, m_allowCredentials, securityOrigin(), accessControlErrorDescription)) { |
m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkInternal, 0, response.url().string(), accessControlErrorDescription)); |
return; |
} |
@@ -398,17 +401,20 @@ void DocumentThreadableLoader::loadRequest(const ResourceRequest& request) |
ASSERT(m_sameOriginRequest || requestURL.user().isEmpty()); |
ASSERT(m_sameOriginRequest || requestURL.pass().isEmpty()); |
- ThreadableLoaderOptions options = m_options; |
+ ResourceLoaderOptions resourceLoaderOptions = m_resourceLoaderOptions; |
+ // Update resourceLoaderOptions with enforced values. |
+ resourceLoaderOptions.allowCredentials = m_allowCredentials; |
+ resourceLoaderOptions.securityOrigin = m_securityOrigin; |
if (m_async) { |
if (m_actualRequest) { |
- options.sniffContent = DoNotSniffContent; |
- options.dataBufferingPolicy = BufferData; |
+ resourceLoaderOptions.sniffContent = DoNotSniffContent; |
+ resourceLoaderOptions.dataBufferingPolicy = BufferData; |
} |
if (m_options.timeoutMilliseconds > 0) |
m_timeoutTimer.startOneShot(m_options.timeoutMilliseconds / 1000.0, FROM_HERE); |
- FetchRequest newRequest(request, m_options.initiator, options); |
+ FetchRequest newRequest(request, m_options.initiator, resourceLoaderOptions); |
ASSERT(!resource()); |
if (request.targetType() == ResourceRequest::TargetIsMedia) |
setResource(m_document.fetcher()->fetchMedia(newRequest)); |
@@ -421,7 +427,7 @@ void DocumentThreadableLoader::loadRequest(const ResourceRequest& request) |
return; |
} |
- FetchRequest fetchRequest(request, m_options.initiator, options); |
+ FetchRequest fetchRequest(request, m_options.initiator, resourceLoaderOptions); |
ResourcePtr<Resource> resource = m_document.fetcher()->fetchSynchronously(fetchRequest); |
ResourceResponse response = resource ? resource->response() : ResourceResponse(); |
unsigned long identifier = resource ? resource->identifier() : std::numeric_limits<unsigned long>::max(); |
@@ -475,7 +481,7 @@ bool DocumentThreadableLoader::isAllowedByPolicy(const KURL& url) const |
SecurityOrigin* DocumentThreadableLoader::securityOrigin() const |
{ |
- return m_options.securityOrigin ? m_options.securityOrigin.get() : m_document.securityOrigin(); |
+ return m_securityOrigin ? m_securityOrigin.get() : m_document.securityOrigin(); |
} |
} // namespace WebCore |