Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(372)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/loader/DocumentThreadableLoader.cpp

Issue 333423004: moved to https://codereview.chromium.org/399543002/ (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: rebase Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Source/core/fetch/ResourceFetcher.cpp ('k') | Source/modules/modules.gypi » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved.
3 * Copyright (C) 2013, Intel Corporation 3 * Copyright (C) 2013, Intel Corporation
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are 6 * modification, are permitted provided that the following conditions are
7 * met: 7 * met:
8 * 8 *
9 * * Redistributions of source code must retain the above copyright 9 * * Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
(...skipping 301 matching lines...) Expand 10 before | Expand all | Expand 10 after
312 312
313 void DocumentThreadableLoader::handleResponse(unsigned long identifier, const Re sourceResponse& response) 313 void DocumentThreadableLoader::handleResponse(unsigned long identifier, const Re sourceResponse& response)
314 { 314 {
315 ASSERT(m_client); 315 ASSERT(m_client);
316 316
317 if (m_actualRequest) { 317 if (m_actualRequest) {
318 handlePreflightResponse(identifier, response); 318 handlePreflightResponse(identifier, response);
319 return; 319 return;
320 } 320 }
321 321
322 // FIXME: When response.wasFetchedViaServiceWorker() is true, we need to che ck the URL of the response for CSP and CORS. 322 // If the response is fetched via ServiceWorker, the original URL of the res ponse could be different from the URL of the request.
323 if (response.wasFetchedViaServiceWorker()) {
324 if (!isAllowedByPolicy(response.url())) {
325 m_client->didFailRedirectCheck();
326 return;
327 }
328 if (!isAllowedRedirect(response.url())) {
329 if (m_options.crossOriginRequestPolicy == DenyCrossOriginRequests) {
330 m_client->didFail(ResourceError(errorDomainBlinkInternal, 0, res ponse.url().string(), "Cross origin requests are not supported."));
331 return;
332 }
333 if (m_options.crossOriginRequestPolicy == UseAccessControl) {
334 String accessControlErrorDescription;
335 if (!passesAccessControlCheck(response, effectiveAllowCredential s(), securityOrigin(), accessControlErrorDescription)) {
336 m_client->didFailAccessControlCheck(ResourceError(errorDomai nBlinkInternal, 0, response.url().string(), accessControlErrorDescription));
337 return;
338 }
339 }
340 }
341 }
323 342
324 if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessC ontrol) { 343 if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessC ontrol) {
325 String accessControlErrorDescription; 344 String accessControlErrorDescription;
326 if (!passesAccessControlCheck(response, effectiveAllowCredentials(), sec urityOrigin(), accessControlErrorDescription)) { 345 if (!passesAccessControlCheck(response, effectiveAllowCredentials(), sec urityOrigin(), accessControlErrorDescription)) {
327 m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkIn ternal, 0, response.url().string(), accessControlErrorDescription)); 346 m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkIn ternal, 0, response.url().string(), accessControlErrorDescription));
328 return; 347 return;
329 } 348 }
330 } 349 }
331 350
332 m_client->didReceiveResponse(identifier, response); 351 m_client->didReceiveResponse(identifier, response);
(...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after
496 return DoNotAllowStoredCredentials; 515 return DoNotAllowStoredCredentials;
497 return m_resourceLoaderOptions.allowCredentials; 516 return m_resourceLoaderOptions.allowCredentials;
498 } 517 }
499 518
500 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const 519 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const
501 { 520 {
502 return m_securityOrigin ? m_securityOrigin.get() : m_document.securityOrigin (); 521 return m_securityOrigin ? m_securityOrigin.get() : m_document.securityOrigin ();
503 } 522 }
504 523
505 } // namespace WebCore 524 } // namespace WebCore
OLDNEW
« no previous file with comments | « Source/core/fetch/ResourceFetcher.cpp ('k') | Source/modules/modules.gypi » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698