Chromium Code Reviews Chromium Code Reviews
Issue 379113002:
Move fetch-related predicates to core/fetch. (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. |
| 3 * Copyright (C) 2013, Intel Corporation | 3 * Copyright (C) 2013, Intel Corporation |
| 4 * | 4 * |
| 5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
| 6 * modification, are permitted provided that the following conditions are | 6 * modification, are permitted provided that the following conditions are |
| 7 * met: | 7 * met: |
| 8 * | 8 * |
| 9 * * Redistributions of source code must retain the above copyright | 9 * * Redistributions of source code must retain the above copyright |
| 10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 83 { | 83 { |
| 84 ASSERT(client); | 84 ASSERT(client); |
| 85 // Setting an outgoing referer is only supported in the async code path. | 85 // Setting an outgoing referer is only supported in the async code path. |
| 86 ASSERT(m_async || request.httpReferrer().isEmpty()); | 86 ASSERT(m_async || request.httpReferrer().isEmpty()); |
| 87 | 87 |
| 88 // Save any CORS simple headers on the request here. If this request redirec ts cross-origin, we cancel the old request | 88 // Save any CORS simple headers on the request here. If this request redirec ts cross-origin, we cancel the old request |
| 89 // create a new one, and copy these headers. | 89 // create a new one, and copy these headers. |
| 90 const HTTPHeaderMap& headerMap = request.httpHeaderFields(); | 90 const HTTPHeaderMap& headerMap = request.httpHeaderFields(); |
| 91 HTTPHeaderMap::const_iterator end = headerMap.end(); | 91 HTTPHeaderMap::const_iterator end = headerMap.end(); |
| 92 for (HTTPHeaderMap::const_iterator it = headerMap.begin(); it != end; ++it) { | 92 for (HTTPHeaderMap::const_iterator it = headerMap.begin(); it != end; ++it) { |
| 93 if (isOnAccessControlSimpleRequestHeaderWhitelist(it->key, it->value)) | 93 if (CrossOriginAccessControl::isSimpleHeader(it->key, it->value)) |
| 94 m_simpleRequestHeaders.add(it->key, it->value); | 94 m_simpleRequestHeaders.add(it->key, it->value); |
| 95 } | 95 } |
| 96 | 96 |
| 97 if (m_sameOriginRequest || m_options.crossOriginRequestPolicy == AllowCrossO riginRequests) { | 97 if (m_sameOriginRequest || m_options.crossOriginRequestPolicy == AllowCrossO riginRequests) { |
| 98 loadRequest(request, m_resourceLoaderOptions); | 98 loadRequest(request, m_resourceLoaderOptions); |
| 99 return; | 99 return; |
| 100 } | 100 } |
| 101 | 101 |
| 102 if (m_options.crossOriginRequestPolicy == DenyCrossOriginRequests) { | 102 if (m_options.crossOriginRequestPolicy == DenyCrossOriginRequests) { |
| 103 m_client->didFail(ResourceError(errorDomainBlinkInternal, 0, request.url ().string(), "Cross origin requests are not supported.")); | 103 m_client->didFail(ResourceError(errorDomainBlinkInternal, 0, request.url ().string(), "Cross origin requests are not supported.")); |
| 104 return; | 104 return; |
| 105 } | 105 } |
| 106 | 106 |
| 107 makeCrossOriginAccessRequest(request); | 107 makeCrossOriginAccessRequest(request); |
| 108 } | 108 } |
| 109 | 109 |
| 110 void DocumentThreadableLoader::makeCrossOriginAccessRequest(const ResourceReques t& request) | 110 void DocumentThreadableLoader::makeCrossOriginAccessRequest(const ResourceReques t& request) |
| 111 { | 111 { |
| 112 ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl); | 112 ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl); |
| 113 | 113 |
| 114 // Cross-origin requests are only allowed certain registered schemes. | 114 // Cross-origin requests are only allowed certain registered schemes. |
| 115 // We would catch this when checking response headers later, but there | 115 // We would catch this when checking response headers later, but there |
| 116 // is no reason to send a request, preflighted or not, that's guaranteed | 116 // is no reason to send a request, preflighted or not, that's guaranteed |
| 117 // to be denied. | 117 // to be denied. |
| 118 if (!SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(request.url().protoco l())) { | 118 if (!SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(request.url().protoco l())) { |
| 119 m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkIntern al, 0, request.url().string(), "Cross origin requests are only supported for pro tocol schemes: " + SchemeRegistry::listOfCORSEnabledURLSchemes() + ".")); | 119 m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkIntern al, 0, request.url().string(), "Cross origin requests are only supported for pro tocol schemes: " + SchemeRegistry::listOfCORSEnabledURLSchemes() + ".")); |
| 120 return; | 120 return; |
| 121 } | 121 } |
| 122 | 122 |
| 123 if ((m_options.preflightPolicy == ConsiderPreflight && isSimpleCrossOriginAc cessRequest(request.httpMethod(), request.httpHeaderFields())) || m_options.pref lightPolicy == PreventPreflight) { | 123 if ((m_options.preflightPolicy == ConsiderPreflight && CrossOriginAccessCont rol::isSimpleOrForbiddenRequest(request.httpMethod(), request.httpHeaderFields() )) || m_options.preflightPolicy == PreventPreflight) { |
|
sof
2014/07/17 08:18:09
Could we keep this as isSimpleRequest() ?
yhirano
2014/08/06 08:48:03
I think we can't.
Blink sometimes insert forbidden
| |
| 124 ResourceRequest crossOriginRequest(request); | 124 ResourceRequest crossOriginRequest(request); |
| 125 ResourceLoaderOptions crossOriginOptions(m_resourceLoaderOptions); | 125 ResourceLoaderOptions crossOriginOptions(m_resourceLoaderOptions); |
| 126 updateRequestForAccessControl(crossOriginRequest, securityOrigin(), effe ctiveAllowCredentials()); | 126 updateRequestForAccessControl(crossOriginRequest, securityOrigin(), effe ctiveAllowCredentials()); |
| 127 loadRequest(crossOriginRequest, crossOriginOptions); | 127 loadRequest(crossOriginRequest, crossOriginOptions); |
| 128 } else { | 128 } else { |
| 129 m_simpleRequest = false; | 129 m_simpleRequest = false; |
| 130 | 130 |
| 131 OwnPtr<ResourceRequest> crossOriginRequest = adoptPtr(new ResourceReques t(request)); | 131 OwnPtr<ResourceRequest> crossOriginRequest = adoptPtr(new ResourceReques t(request)); |
| 132 OwnPtr<ResourceLoaderOptions> crossOriginOptions = adoptPtr(new Resource LoaderOptions(m_resourceLoaderOptions)); | 132 OwnPtr<ResourceLoaderOptions> crossOriginOptions = adoptPtr(new Resource LoaderOptions(m_resourceLoaderOptions)); |
| 133 // Do not set the Origin header for preflight requests. | 133 // Do not set the Origin header for preflight requests. |
| (...skipping 227 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 361 else | 361 else |
| 362 handleSuccessfulFinish(resource->identifier(), resource->loadFinishTime( )); | 362 handleSuccessfulFinish(resource->identifier(), resource->loadFinishTime( )); |
| 363 } | 363 } |
| 364 | 364 |
| 365 void DocumentThreadableLoader::handleSuccessfulFinish(unsigned long identifier, double finishTime) | 365 void DocumentThreadableLoader::handleSuccessfulFinish(unsigned long identifier, double finishTime) |
| 366 { | 366 { |
| 367 if (m_actualRequest) { | 367 if (m_actualRequest) { |
| 368 ASSERT(!m_sameOriginRequest); | 368 ASSERT(!m_sameOriginRequest); |
| 369 ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl); | 369 ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl); |
| 370 loadActualRequest(); | 370 loadActualRequest(); |
| 371 } else | 371 } else { |
| 372 m_client->didFinishLoading(identifier, finishTime); | 372 m_client->didFinishLoading(identifier, finishTime); |
| 373 } | |
| 373 } | 374 } |
| 374 | 375 |
| 375 void DocumentThreadableLoader::didTimeout(Timer<DocumentThreadableLoader>* timer ) | 376 void DocumentThreadableLoader::didTimeout(Timer<DocumentThreadableLoader>* timer ) |
| 376 { | 377 { |
| 377 ASSERT_UNUSED(timer, timer == &m_timeoutTimer); | 378 ASSERT_UNUSED(timer, timer == &m_timeoutTimer); |
| 378 | 379 |
| 379 // Using values from net/base/net_error_list.h ERR_TIMED_OUT, | 380 // Using values from net/base/net_error_list.h ERR_TIMED_OUT, |
| 380 // Same as existing FIXME above - this error should be coming from FrameLoad erClient to be identifiable. | 381 // Same as existing FIXME above - this error should be coming from FrameLoad erClient to be identifiable. |
| 381 static const int timeoutError = -7; | 382 static const int timeoutError = -7; |
| 382 ResourceError error("net", timeoutError, resource()->url(), String()); | 383 ResourceError error("net", timeoutError, resource()->url(), String()); |
| (...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 503 return DoNotAllowStoredCredentials; | 504 return DoNotAllowStoredCredentials; |
| 504 return m_resourceLoaderOptions.allowCredentials; | 505 return m_resourceLoaderOptions.allowCredentials; |
| 505 } | 506 } |
| 506 | 507 |
| 507 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const | 508 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const |
| 508 { | 509 { |
| 509 return m_securityOrigin ? m_securityOrigin.get() : m_document.securityOrigin (); | 510 return m_securityOrigin ? m_securityOrigin.get() : m_document.securityOrigin (); |
| 510 } | 511 } |
| 511 | 512 |
| 512 } // namespace WebCore | 513 } // namespace WebCore |
| OLD | NEW |
