| Index: Source/core/fetch/ResourceFetcher.cpp
|
| diff --git a/Source/core/fetch/ResourceFetcher.cpp b/Source/core/fetch/ResourceFetcher.cpp
|
| index cd15e1c78b0743685f832fb03db2a66fce09cfd5..38cf008ba4e4575ccad5f91c04ff516b81ce4e95 100644
|
| --- a/Source/core/fetch/ResourceFetcher.cpp
|
| +++ b/Source/core/fetch/ResourceFetcher.cpp
|
| @@ -88,6 +88,7 @@ static Resource* createResource(Resource::Type type, const ResourceRequest& requ
|
| return new FontResource(request);
|
| case Resource::MainResource:
|
| case Resource::Raw:
|
| + case Resource::XMLHttpRequest:
|
| case Resource::TextTrack:
|
| case Resource::Media:
|
| return new RawResource(request, type);
|
| @@ -116,6 +117,7 @@ static ResourceLoadPriority loadPriority(Resource::Type type, const FetchRequest
|
| case Resource::CSSStyleSheet:
|
| return ResourceLoadPriorityHigh;
|
| case Resource::Raw:
|
| + case Resource::XMLHttpRequest:
|
| return request.options().synchronousPolicy == RequestSynchronously ? ResourceLoadPriorityVeryHigh : ResourceLoadPriorityMedium;
|
| case Resource::Script:
|
| case Resource::Font:
|
| @@ -216,6 +218,8 @@ static ResourceRequest::TargetType requestTargetType(const ResourceFetcher* fetc
|
| return ResourceRequest::TargetIsImage;
|
| case Resource::Media:
|
| return ResourceRequest::TargetIsMedia;
|
| + case Resource::XMLHttpRequest:
|
| + return ResourceRequest::TargetIsXHR;
|
| }
|
| ASSERT_NOT_REACHED();
|
| return ResourceRequest::TargetIsSubresource;
|
| @@ -273,7 +277,7 @@ ResourcePtr<Resource> ResourceFetcher::fetchSynchronously(FetchRequest& request)
|
| ResourceLoaderOptions options(request.options());
|
| options.synchronousPolicy = RequestSynchronously;
|
| request.setOptions(options);
|
| - return requestResource(Resource::Raw, request);
|
| + return requestResource(request.resourceRequest().targetType() == ResourceRequest::TargetIsXHR ? Resource::XMLHttpRequest : Resource::Raw, request);
|
| }
|
|
|
| ResourcePtr<ImageResource> ResourceFetcher::fetchImage(FetchRequest& request)
|
| @@ -365,6 +369,11 @@ ResourcePtr<RawResource> ResourceFetcher::fetchRawResource(FetchRequest& request
|
| return toRawResource(requestResource(Resource::Raw, request));
|
| }
|
|
|
| +ResourcePtr<RawResource> ResourceFetcher::fetchXMLHttpRequest(FetchRequest& request)
|
| +{
|
| + return toRawResource(requestResource(Resource::XMLHttpRequest, request));
|
| +}
|
| +
|
| ResourcePtr<RawResource> ResourceFetcher::fetchMainResource(FetchRequest& request, const SubstituteData& substituteData)
|
| {
|
| if (substituteData.isValid())
|
| @@ -400,87 +409,78 @@ void ResourceFetcher::preCacheSubstituteDataForMainResource(const FetchRequest&
|
| memoryCache()->add(resource.get());
|
| }
|
|
|
| -bool ResourceFetcher::checkInsecureContent(Resource::Type type, const KURL& url, MixedContentBlockingTreatment treatment) const
|
| -{
|
| - if (treatment == TreatAsDefaultForType) {
|
| - switch (type) {
|
| - case Resource::XSLStyleSheet:
|
| - ASSERT(RuntimeEnabledFeatures::xsltEnabled());
|
| - case Resource::Script:
|
| - case Resource::SVGDocument:
|
| - case Resource::CSSStyleSheet:
|
| - case Resource::ImportResource:
|
| - // These resource can inject script into the current document (Script,
|
| - // XSL) or exfiltrate the content of the current document (CSS).
|
| - treatment = TreatAsActiveContent;
|
| - break;
|
| -
|
| - case Resource::Font:
|
| - case Resource::TextTrack:
|
| - // These resources are passive, but mixed usage is low enough that we
|
| - // can block them in a mixed context.
|
| - treatment = TreatAsActiveContent;
|
| - break;
|
| -
|
| - case Resource::Raw:
|
| - case Resource::Image:
|
| - case Resource::Media:
|
| - // These resources can corrupt only the frame's pixels.
|
| - treatment = TreatAsPassiveContent;
|
| - break;
|
| -
|
| - case Resource::MainResource:
|
| - case Resource::LinkPrefetch:
|
| - case Resource::LinkSubresource:
|
| - // These cannot affect the current document.
|
| - treatment = TreatAsAlwaysAllowedContent;
|
| - break;
|
| - }
|
| - }
|
| +bool ResourceFetcher::checkInsecureContent(Resource::Type type, const KURL& url) const
|
| +{
|
| // FIXME: We need a way to access the top-level frame's mixedContentChecker when that frame
|
| // is in a different process from the current frame. Until that is done, we always allow
|
| // loads in remote frames.
|
| if (frame() && !frame()->tree().top()->isLocalFrame())
|
| + return false;
|
| +
|
| + if (!frame())
|
| return true;
|
| - if (treatment == TreatAsActiveContent) {
|
| - if (LocalFrame* f = frame()) {
|
| - if (!f->loader().mixedContentChecker()->canRunInsecureContent(m_document->securityOrigin(), url))
|
| - return false;
|
| - Frame* top = f->tree().top();
|
| - if (top != f && !toLocalFrame(top)->loader().mixedContentChecker()->canRunInsecureContent(toLocalFrame(top)->document()->securityOrigin(), url))
|
| - return false;
|
| - }
|
| - } else if (treatment == TreatAsPassiveContent) {
|
| - if (LocalFrame* f = frame()) {
|
| - Frame* top = f->tree().top();
|
| - if (!toLocalFrame(top)->loader().mixedContentChecker()->canDisplayInsecureContent(toLocalFrame(top)->document()->securityOrigin(), url))
|
| - return false;
|
| - if (MixedContentChecker::isMixedContent(toLocalFrame(top)->document()->securityOrigin(), url)) {
|
| - switch (type) {
|
| - case Resource::TextTrack:
|
| - UseCounter::count(toLocalFrame(top)->document(), UseCounter::MixedContentTextTrack);
|
| - break;
|
| -
|
| - case Resource::Raw:
|
| - UseCounter::count(toLocalFrame(top)->document(), UseCounter::MixedContentRaw);
|
| - break;
|
| -
|
| - case Resource::Image:
|
| - UseCounter::count(toLocalFrame(top)->document(), UseCounter::MixedContentImage);
|
| - break;
|
| -
|
| - case Resource::Media:
|
| - UseCounter::count(toLocalFrame(top)->document(), UseCounter::MixedContentMedia);
|
| - break;
|
| -
|
| - default:
|
| - ASSERT_NOT_REACHED();
|
| - }
|
| + LocalFrame* top = toLocalFrame(frame()->tree().top());
|
| +
|
| + switch (type) {
|
| + // Exit early for these resource types, which cannot affect the current document.
|
| + case Resource::MainResource:
|
| + case Resource::LinkPrefetch:
|
| + case Resource::LinkSubresource:
|
| + return true;
|
| +
|
| + // These resource can inject script into the current document (Script,
|
| + // XSL) or exfiltrate the content of the current document (CSS).
|
| + case Resource::XSLStyleSheet:
|
| + ASSERT(RuntimeEnabledFeatures::xsltEnabled());
|
| + case Resource::Script:
|
| + case Resource::SVGDocument:
|
| + case Resource::CSSStyleSheet:
|
| + case Resource::ImportResource:
|
| + case Resource::XMLHttpRequest:
|
| + // Intentionally fall-through.
|
| + // These resources are passive, but mixed usage is low enough that we
|
| + // can block them in a mixed context.
|
| + case Resource::Font:
|
| + case Resource::TextTrack:
|
| + if (!frame()->loader().mixedContentChecker()->canRunInsecureContent(m_document->securityOrigin(), url))
|
| + return false;
|
| + if (top != frame() && !top->loader().mixedContentChecker()->canRunInsecureContent(top->document()->securityOrigin(), url))
|
| + return false;
|
| + break;
|
| +
|
| + // These resource are passive, and can only affect the document's pixels.
|
| + case Resource::Raw:
|
| + case Resource::Image:
|
| + case Resource::Media:
|
| + if (!frame()->loader().mixedContentChecker()->canDisplayInsecureContent(m_document->securityOrigin(), url))
|
| + return false;
|
| + if (top != frame() && !top->loader().mixedContentChecker()->canDisplayInsecureContent(top->document()->securityOrigin(), url))
|
| + return false;
|
| + if (MixedContentChecker::isMixedContent(top->document()->securityOrigin(), url)) {
|
| + switch (type) {
|
| + case Resource::TextTrack:
|
| + UseCounter::count(top->document(), UseCounter::MixedContentTextTrack);
|
| + break;
|
| +
|
| + case Resource::Raw:
|
| + UseCounter::count(top->document(), UseCounter::MixedContentRaw);
|
| + break;
|
| +
|
| + case Resource::Image:
|
| + UseCounter::count(top->document(), UseCounter::MixedContentImage);
|
| + break;
|
| +
|
| + case Resource::Media:
|
| + UseCounter::count(top->document(), UseCounter::MixedContentMedia);
|
| + break;
|
| +
|
| + default:
|
| + ASSERT_NOT_REACHED();
|
| }
|
| }
|
| - } else {
|
| - ASSERT(treatment == TreatAsAlwaysAllowedContent);
|
| + break;
|
| }
|
| +
|
| return true;
|
| }
|
|
|
| @@ -515,6 +515,7 @@ bool ResourceFetcher::canRequest(Resource::Type type, const KURL& url, const Res
|
| case Resource::TextTrack:
|
| case Resource::ImportResource:
|
| case Resource::Media:
|
| + case Resource::XMLHttpRequest:
|
| // By default these types of resources can be loaded from any origin.
|
| // FIXME: Are we sure about Resource::Font?
|
| if (originRestriction == FetchRequest::RestrictToSameOrigin && !securityOrigin->canRequest(url)) {
|
| @@ -571,6 +572,7 @@ bool ResourceFetcher::canRequest(Resource::Type type, const KURL& url, const Res
|
| }
|
| case Resource::MainResource:
|
| case Resource::Raw:
|
| + case Resource::XMLHttpRequest:
|
| case Resource::LinkPrefetch:
|
| case Resource::LinkSubresource:
|
| break;
|
| @@ -593,7 +595,7 @@ bool ResourceFetcher::canRequest(Resource::Type type, const KURL& url, const Res
|
| // They'll still get a warning in the console about CSP blocking the load.
|
|
|
| // FIXME: Should we consider forPreload here?
|
| - if (!checkInsecureContent(type, url, options.mixedContentBlockingTreatment))
|
| + if (!checkInsecureContent(type, url))
|
| return false;
|
|
|
| return true;
|
| @@ -666,7 +668,7 @@ void ResourceFetcher::requestLoadStarted(Resource* resource, const FetchRequest&
|
|
|
| ResourcePtr<Resource> ResourceFetcher::requestResource(Resource::Type type, FetchRequest& request)
|
| {
|
| - ASSERT(request.options().synchronousPolicy == RequestAsynchronously || type == Resource::Raw);
|
| + ASSERT(request.options().synchronousPolicy == RequestAsynchronously || type == Resource::Raw || type == Resource::XMLHttpRequest);
|
|
|
| TRACE_EVENT0("blink", "ResourceFetcher::requestResource");
|
|
|
| @@ -986,9 +988,9 @@ ResourceFetcher::RevalidationPolicy ResourceFetcher::determineRevalidationPolicy
|
| // During the initial load, avoid loading the same resource multiple times for a single document,
|
| // even if the cache policies would tell us to.
|
| // We also group loads of the same resource together.
|
| - // Raw resources are exempted, as XHRs fall into this category and may have user-set Cache-Control:
|
| + // Raw and XHR resources are exempted, as XHR or plugins may have user-set Cache-Control:
|
| // headers or other factors that require separate requests.
|
| - if (type != Resource::Raw) {
|
| + if (type != Resource::Raw && type != Resource::XMLHttpRequest) {
|
| if (document() && !document()->loadEventFinished() && m_validatedURLs.contains(existingResource->url()))
|
| return Use;
|
| if (existingResource->isLoading())
|
|
|
Chromium Code Reviews
Issue 356723003:
Add 'XHR' to the Resource::Type enum, and use it for XHR requests. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk