Add 'XHR' to the Resource::Type enum, and use it for XHR requests.

Source/core/fetch/ResourceFetcher.cpp

 /*
     Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de)
     Copyright (C) 2001 Dirk Mueller (mueller@kde.org)
     Copyright (C) 2002 Waldo Bastian (bastian@kde.org)
     Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved.
     Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/
 
     This library is free software; you can redistribute it and/or
     modify it under the terms of the GNU Library General Public
     License as published by the Free Software Foundation; either
@@ skipping 70 matching lines @@
     case Resource::CSSStyleSheet:
         return new CSSStyleSheetResource(request, charset);
     case Resource::Script:
         return new ScriptResource(request, charset);
     case Resource::SVGDocument:
         return new DocumentResource(request, Resource::SVGDocument);
     case Resource::Font:
         return new FontResource(request);
     case Resource::MainResource:
     case Resource::Raw:
+    case Resource::XMLHttpRequest:
     case Resource::TextTrack:
     case Resource::Media:
         return new RawResource(request, type);
     case Resource::XSLStyleSheet:
         return new XSLStyleSheetResource(request, charset);
     case Resource::LinkPrefetch:
         return new Resource(request, Resource::LinkPrefetch);
     case Resource::LinkSubresource:
         return new Resource(request, Resource::LinkSubresource);
     case Resource::ImportResource:
         return new RawResource(request, type);
     }
 
     ASSERT_NOT_REACHED();
     return 0;
 }
 
 static ResourceLoadPriority loadPriority(Resource::Type type, const FetchRequest& request)
 {
     if (request.priority() != ResourceLoadPriorityUnresolved)
         return request.priority();
 
     switch (type) {
     case Resource::MainResource:
         return ResourceLoadPriorityVeryHigh;
     case Resource::CSSStyleSheet:
         return ResourceLoadPriorityHigh;
     case Resource::Raw:
+    case Resource::XMLHttpRequest:
         return request.options().synchronousPolicy == RequestSynchronously ? ResourceLoadPriorityVeryHigh : ResourceLoadPriorityMedium;
     case Resource::Script:
     case Resource::Font:
     case Resource::ImportResource:
         return ResourceLoadPriorityMedium;
     case Resource::Image:
         // We'll default images to VeryLow, and promote whatever is visible. This improves
         // speed-index by ~5% on average, ~14% at the 99th percentile.
         return ResourceLoadPriorityVeryLow;
     case Resource::Media:
@@ skipping 80 matching lines @@
     case Resource::LinkPrefetch:
         return ResourceRequest::TargetIsPrefetch;
     case Resource::LinkSubresource:
         return ResourceRequest::TargetIsSubresource;
     case Resource::TextTrack:
         return ResourceRequest::TargetIsTextTrack;
     case Resource::SVGDocument:
         return ResourceRequest::TargetIsImage;
     case Resource::Media:
         return ResourceRequest::TargetIsMedia;
+    case Resource::XMLHttpRequest:
+        return ResourceRequest::TargetIsXHR;
     }
     ASSERT_NOT_REACHED();
     return ResourceRequest::TargetIsSubresource;
 }
 
 ResourceFetcher::ResourceFetcher(DocumentLoader* documentLoader)
     : m_document(nullptr)
     , m_documentLoader(documentLoader)
     , m_requestCount(0)
     , m_garbageCollectDocumentResourcesTimer(this, &ResourceFetcher::garbageCollectDocumentResourcesTimerFired)
@@ skipping 37 matching lines @@
     return FetchContext::nullInstance();
 }
 
 ResourcePtr<Resource> ResourceFetcher::fetchSynchronously(FetchRequest& request)
 {
     ASSERT(document());
     request.mutableResourceRequest().setTimeoutInterval(10);
     ResourceLoaderOptions options(request.options());
     options.synchronousPolicy = RequestSynchronously;
     request.setOptions(options);
-    return requestResource(Resource::Raw, request);
+    return requestResource(request.resourceRequest().targetType() == ResourceRequest::TargetIsXHR ? Resource::XMLHttpRequest : Resource::Raw, request);
 }
 
 ResourcePtr<ImageResource> ResourceFetcher::fetchImage(FetchRequest& request)
 {
     if (LocalFrame* f = frame()) {
         if (f->document()->pageDismissalEventBeingDispatched() != Document::NoDismissal) {
             KURL requestURL = request.resourceRequest().url();
             if (requestURL.isValid() && canRequest(Resource::Image, requestURL, request.options(), request.forPreload(), request.originRestriction()))
                 PingLoader::loadImage(f, requestURL);
             return 0;
@@ skipping 71 matching lines @@
     ASSERT(frame());
     ASSERT(type == Resource::LinkPrefetch || type == Resource::LinkSubresource);
     return requestResource(type, request);
 }
 
 ResourcePtr<RawResource> ResourceFetcher::fetchRawResource(FetchRequest& request)
 {
     return toRawResource(requestResource(Resource::Raw, request));
 }
 
+ResourcePtr<RawResource> ResourceFetcher::fetchXMLHttpRequest(FetchRequest& request)
+{
+    return toRawResource(requestResource(Resource::XMLHttpRequest, request));
+}
+
 ResourcePtr<RawResource> ResourceFetcher::fetchMainResource(FetchRequest& request, const SubstituteData& substituteData)
 {
     if (substituteData.isValid())
         preCacheSubstituteDataForMainResource(request, substituteData);
     return toRawResource(requestResource(Resource::MainResource, request));
 }
 
 ResourcePtr<RawResource> ResourceFetcher::fetchMedia(FetchRequest& request)
 {
     return toRawResource(requestResource(Resource::Media, request));
@@ skipping 15 matching lines @@
     resource->setNeedsSynchronousCacheHit(substituteData.forceSynchronousLoad());
     resource->setOptions(request.options());
     resource->setDataBufferingPolicy(BufferData);
     resource->responseReceived(response);
     if (substituteData.content()->size())
         resource->setResourceBuffer(substituteData.content());
     resource->finish();
     memoryCache()->add(resource.get());
 }
 
-bool ResourceFetcher::checkInsecureContent(Resource::Type type, const KURL& url, MixedContentBlockingTreatment treatment) const
+bool ResourceFetcher::checkInsecureContent(Resource::Type type, const KURL& url) const
 {
-    if (treatment == TreatAsDefaultForType) {
-        switch (type) {
-        case Resource::XSLStyleSheet:
-            ASSERT(RuntimeEnabledFeatures::xsltEnabled());
-        case Resource::Script:
-        case Resource::SVGDocument:
-        case Resource::CSSStyleSheet:
-        case Resource::ImportResource:
-            // These resource can inject script into the current document (Script,
-            // XSL) or exfiltrate the content of the current document (CSS).
-            treatment = TreatAsActiveContent;
-            break;
-
-        case Resource::Font:
-        case Resource::TextTrack:
-            // These resources are passive, but mixed usage is low enough that we
-            // can block them in a mixed context.
-            treatment = TreatAsActiveContent;
-            break;
-
-        case Resource::Raw:
-        case Resource::Image:
-        case Resource::Media:
-            // These resources can corrupt only the frame's pixels.
-            treatment = TreatAsPassiveContent;
-            break;
-
-        case Resource::MainResource:
-        case Resource::LinkPrefetch:
-        case Resource::LinkSubresource:
-            // These cannot affect the current document.
-            treatment = TreatAsAlwaysAllowedContent;
-            break;
-        }
-    }
     // FIXME: We need a way to access the top-level frame's mixedContentChecker when that frame
     // is in a different process from the current frame. Until that is done, we always allow
     // loads in remote frames.
     if (frame() && !frame()->tree().top()->isLocalFrame())
+        return false;
+
+    if (!frame())
         return true;
-    if (treatment == TreatAsActiveContent) {
-        if (LocalFrame* f = frame()) {
-            if (!f->loader().mixedContentChecker()->canRunInsecureContent(m_document->securityOrigin(), url))
-                return false;
-            Frame* top = f->tree().top();
-            if (top != f && !toLocalFrame(top)->loader().mixedContentChecker()->canRunInsecureContent(toLocalFrame(top)->document()->securityOrigin(), url))
-                return false;
-        }
-    } else if (treatment == TreatAsPassiveContent) {
-        if (LocalFrame* f = frame()) {
-            Frame* top = f->tree().top();
-            if (!toLocalFrame(top)->loader().mixedContentChecker()->canDisplayInsecureContent(toLocalFrame(top)->document()->securityOrigin(), url))
-                return false;
-            if (MixedContentChecker::isMixedContent(toLocalFrame(top)->document()->securityOrigin(), url)) {
-                switch (type) {
-                case Resource::TextTrack:
-                    UseCounter::count(toLocalFrame(top)->document(), UseCounter::MixedContentTextTrack);
-                    break;
+    LocalFrame* top = toLocalFrame(frame()->tree().top());
 
-                case Resource::Raw:
-                    UseCounter::count(toLocalFrame(top)->document(), UseCounter::MixedContentRaw);
-                    break;
+    switch (type) {
+    // Exit early for these resource types, which cannot affect the current document.
+    case Resource::MainResource:
+    case Resource::LinkPrefetch:
+    case Resource::LinkSubresource:
+        return true;
 
-                case Resource::Image:
-                    UseCounter::count(toLocalFrame(top)->document(), UseCounter::MixedContentImage);
-                    break;
+    // These resource can inject script into the current document (Script,
+    // XSL) or exfiltrate the content of the current document (CSS).
+    case Resource::XSLStyleSheet:
+        ASSERT(RuntimeEnabledFeatures::xsltEnabled());
+    case Resource::Script:
+    case Resource::SVGDocument:
+    case Resource::CSSStyleSheet:
+    case Resource::ImportResource:
+    case Resource::XMLHttpRequest:
+        // Intentionally fall-through.
+    // These resources are passive, but mixed usage is low enough that we
+    // can block them in a mixed context.
+    case Resource::Font:
+    case Resource::TextTrack:
+        if (!frame()->loader().mixedContentChecker()->canRunInsecureContent(m_document->securityOrigin(), url))
+            return false;
+        if (top != frame() && !top->loader().mixedContentChecker()->canRunInsecureContent(top->document()->securityOrigin(), url))
+            return false;
+        break;
 
-                case Resource::Media:
-                    UseCounter::count(toLocalFrame(top)->document(), UseCounter::MixedContentMedia);
-                    break;
+    // These resource are passive, and can only affect the document's pixels.
+    case Resource::Raw:
+    case Resource::Image:
+    case Resource::Media:
+        if (!frame()->loader().mixedContentChecker()->canDisplayInsecureContent(m_document->securityOrigin(), url))
+            return false;
+        if (top != frame() && !top->loader().mixedContentChecker()->canDisplayInsecureContent(top->document()->securityOrigin(), url))
+            return false;
+        if (MixedContentChecker::isMixedContent(top->document()->securityOrigin(), url)) {
+            switch (type) {
+            case Resource::TextTrack:
+                UseCounter::count(top->document(), UseCounter::MixedContentTextTrack);
+                break;
 
-                default:
-                    ASSERT_NOT_REACHED();
-                }
+            case Resource::Raw:
+                UseCounter::count(top->document(), UseCounter::MixedContentRaw);
+                break;
+
+            case Resource::Image:
+                UseCounter::count(top->document(), UseCounter::MixedContentImage);
+                break;
+
+            case Resource::Media:
+                UseCounter::count(top->document(), UseCounter::MixedContentMedia);
+                break;
+
+            default:
+                ASSERT_NOT_REACHED();
             }
         }
-    } else {
-        ASSERT(treatment == TreatAsAlwaysAllowedContent);
+        break;
     }
+
     return true;
 }
 
 bool ResourceFetcher::canRequest(Resource::Type type, const KURL& url, const ResourceLoaderOptions& options, bool forPreload, FetchRequest::OriginRestriction originRestriction) const
 {
     SecurityOrigin* securityOrigin = options.securityOrigin.get();
     if (!securityOrigin && document())
         securityOrigin = document()->securityOrigin();
 
     if (securityOrigin && !securityOrigin->canDisplay(url)) {
@@ skipping 14 matching lines @@
     case Resource::Image:
     case Resource::CSSStyleSheet:
     case Resource::Script:
     case Resource::Font:
     case Resource::Raw:
     case Resource::LinkPrefetch:
     case Resource::LinkSubresource:
     case Resource::TextTrack:
     case Resource::ImportResource:
     case Resource::Media:
+    case Resource::XMLHttpRequest:
         // By default these types of resources can be loaded from any origin.
         // FIXME: Are we sure about Resource::Font?
         if (originRestriction == FetchRequest::RestrictToSameOrigin && !securityOrigin->canRequest(url)) {
             printAccessDeniedMessage(url);
             return false;
         }
         break;
     case Resource::XSLStyleSheet:
         ASSERT(RuntimeEnabledFeatures::xsltEnabled());
     case Resource::SVGDocument:
@@ skipping 36 matching lines @@
         if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowImageFromSource(url, cspReporting))
             return false;
         break;
     case Resource::Font: {
         if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowFontFromSource(url, cspReporting))
             return false;
         break;
     }
     case Resource::MainResource:
     case Resource::Raw:
+    case Resource::XMLHttpRequest:
     case Resource::LinkPrefetch:
     case Resource::LinkSubresource:
         break;
     case Resource::Media:
     case Resource::TextTrack:
         if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowMediaFromSource(url, cspReporting))
             return false;
         break;
     }
 
     // SVG Images have unique security rules that prevent all subresource requests
     // except for data urls.
     if (type != Resource::MainResource) {
         if (frame() && frame()->chromeClient().isSVGImageChromeClient() && !url.protocolIsData())
             return false;
     }
 
     // Last of all, check for insecure content. We do this last so that when
     // folks block insecure content with a CSP policy, they don't get a warning.
     // They'll still get a warning in the console about CSP blocking the load.
 
     // FIXME: Should we consider forPreload here?
-    if (!checkInsecureContent(type, url, options.mixedContentBlockingTreatment))
+    if (!checkInsecureContent(type, url))
         return false;
 
     return true;
 }
 
 bool ResourceFetcher::canAccessResource(Resource* resource, SecurityOrigin* sourceOrigin, const KURL& url) const
 {
     // Redirects can change the response URL different from one of request.
     if (!canRequest(resource->type(), url, resource->options(), false, FetchRequest::UseDefaultOriginRestrictionForType))
         return false;
@@ skipping 52 matching lines @@
         m_scheduledResourceTimingReports.add(info, resource->type() == Resource::MainResource);
         if (!m_resourceTimingReportTimer.isActive())
             m_resourceTimingReportTimer.startOneShot(0, FROM_HERE);
     }
 
     m_validatedURLs.add(request.resourceRequest().url());
 }
 
 ResourcePtr<Resource> ResourceFetcher::requestResource(Resource::Type type, FetchRequest& request)
 {
-    ASSERT(request.options().synchronousPolicy == RequestAsynchronously || type == Resource::Raw);
+    ASSERT(request.options().synchronousPolicy == RequestAsynchronously || type == Resource::Raw || type == Resource::XMLHttpRequest);
 
     TRACE_EVENT0("blink", "ResourceFetcher::requestResource");
 
     KURL url = request.resourceRequest().url();
 
     WTF_LOG(ResourceLoading, "ResourceFetcher::requestResource '%s', charset '%s', priority=%d, forPreload=%u, type=%s", url.elidedString().latin1().data(), request.charset().latin1().data(), request.priority(), request.forPreload(), ResourceTypeName(type));
 
     // If only the fragment identifiers differ, it is the same resource.
     url = MemoryCache::removeFragmentIdentifierIfNeeded(url);
 
@@ skipping 299 matching lines @@
     // "Access-Control-Allow-Origin: *" all the time, but some of the
     // client's requests are made without CORS and some with.
     if (existingResource->resourceRequest().allowStoredCredentials() != request.allowStoredCredentials()) {
         WTF_LOG(ResourceLoading, "ResourceFetcher::determineRevalidationPolicy reloading due to difference in credentials settings.");
         return Reload;
     }
 
     // During the initial load, avoid loading the same resource multiple times for a single document,
     // even if the cache policies would tell us to.
     // We also group loads of the same resource together.
-    // Raw resources are exempted, as XHRs fall into this category and may have user-set Cache-Control:
+    // Raw and XHR resources are exempted, as XHR or plugins may have user-set Cache-Control:
     // headers or other factors that require separate requests.
-    if (type != Resource::Raw) {
+    if (type != Resource::Raw && type != Resource::XMLHttpRequest) {
         if (document() && !document()->loadEventFinished() && m_validatedURLs.contains(existingResource->url()))
             return Use;
         if (existingResource->isLoading())
             return Use;
     }
 
     // CachePolicyReload always reloads
     if (cachePolicy == CachePolicyReload) {
         WTF_LOG(ResourceLoading, "ResourceFetcher::determineRevalidationPolicy reloading due to CachePolicyReload.");
         return Reload;
@@ skipping 483 matching lines @@
     }
 }
 
 void ResourceFetcher::trace(Visitor* visitor)
 {
     visitor->trace(m_document);
     ResourceLoaderHost::trace(visitor);
 }
 
 }