Chromium Code Reviews Chromium Code Reviews
Issue 399543002:
[ServiceWorker] Make fetch() method better conformance with the spec. (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. |
| 3 * Copyright (C) 2013, Intel Corporation | 3 * Copyright (C) 2013, Intel Corporation |
| 4 * | 4 * |
| 5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
| 6 * modification, are permitted provided that the following conditions are | 6 * modification, are permitted provided that the following conditions are |
| 7 * met: | 7 * met: |
| 8 * | 8 * |
| 9 * * Redistributions of source code must retain the above copyright | 9 * * Redistributions of source code must retain the above copyright |
| 10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
| (...skipping 168 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 179 if (resource()) | 179 if (resource()) |
| 180 resource()->setDefersLoading(value); | 180 resource()->setDefersLoading(value); |
| 181 } | 181 } |
| 182 | 182 |
| 183 void DocumentThreadableLoader::redirectReceived(Resource* resource, ResourceRequ est& request, const ResourceResponse& redirectResponse) | 183 void DocumentThreadableLoader::redirectReceived(Resource* resource, ResourceRequ est& request, const ResourceResponse& redirectResponse) |
| 184 { | 184 { |
| 185 ASSERT(m_client); | 185 ASSERT(m_client); |
| 186 ASSERT_UNUSED(resource, resource == this->resource()); | 186 ASSERT_UNUSED(resource, resource == this->resource()); |
| 187 | 187 |
| 188 RefPtr<DocumentThreadableLoader> protect(this); | 188 RefPtr<DocumentThreadableLoader> protect(this); |
| 189 | |
| 190 // We don't support redirect in Fech API yet. | |
| 191 // FIXME: Support redirect in Fech API. | |
|
falken
2014/07/25 01:46:40
s/Fech/Fetch. These two comments say the same thin
horo
2014/07/25 02:24:49
Done.
| |
| 192 if (resource->resourceRequest().requestContext() == blink::WebURLRequest::Re questContextFetch) { | |
| 193 m_client->didFailRedirectCheck(); | |
| 194 request = ResourceRequest(); | |
| 195 return; | |
| 196 } | |
| 197 | |
| 189 if (!isAllowedByPolicy(request.url())) { | 198 if (!isAllowedByPolicy(request.url())) { |
| 190 m_client->didFailRedirectCheck(); | 199 m_client->didFailRedirectCheck(); |
| 191 request = ResourceRequest(); | 200 request = ResourceRequest(); |
| 192 return; | 201 return; |
| 193 } | 202 } |
| 194 | 203 |
| 195 // Allow same origin requests to continue after allowing clients to audit th e redirect. | 204 // Allow same origin requests to continue after allowing clients to audit th e redirect. |
| 196 if (isAllowedRedirect(request.url())) { | 205 if (isAllowedRedirect(request.url())) { |
| 197 if (m_client->isDocumentThreadableLoaderClient()) | 206 if (m_client->isDocumentThreadableLoaderClient()) |
| 198 static_cast<DocumentThreadableLoaderClient*>(m_client)->willSendRequ est(request, redirectResponse); | 207 static_cast<DocumentThreadableLoaderClient*>(m_client)->willSendRequ est(request, redirectResponse); |
| (...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 315 | 324 |
| 316 void DocumentThreadableLoader::handleResponse(unsigned long identifier, const Re sourceResponse& response) | 325 void DocumentThreadableLoader::handleResponse(unsigned long identifier, const Re sourceResponse& response) |
| 317 { | 326 { |
| 318 ASSERT(m_client); | 327 ASSERT(m_client); |
| 319 | 328 |
| 320 if (m_actualRequest) { | 329 if (m_actualRequest) { |
| 321 handlePreflightResponse(identifier, response); | 330 handlePreflightResponse(identifier, response); |
| 322 return; | 331 return; |
| 323 } | 332 } |
| 324 | 333 |
| 325 // FIXME: When response.wasFetchedViaServiceWorker() is true, we need to che ck the URL of the response for CSP and CORS. | 334 // If the response is fetched via ServiceWorker, the original URL of the res ponse could be different from the URL of the request. |
| 326 | 335 bool isCrossOriginResponse = false; |
| 327 if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessC ontrol) { | 336 if (response.wasFetchedViaServiceWorker()) { |
| 337 if (!isAllowedByPolicy(response.url())) { | |
| 338 m_client->didFailRedirectCheck(); | |
| 339 return; | |
| 340 } | |
| 341 isCrossOriginResponse = !securityOrigin()->canRequest(response.url()); | |
| 342 if (m_options.crossOriginRequestPolicy == DenyCrossOriginRequests && isC rossOriginResponse) { | |
| 343 m_client->didFail(ResourceError(errorDomainBlinkInternal, 0, respons e.url().string(), "Cross origin requests are not supported.")); | |
| 344 return; | |
| 345 } | |
| 346 if (isCrossOriginResponse && m_resourceLoaderOptions.credentialsRequeste d == ClientDidNotRequestCredentials) { | |
| 347 // Since the request is no longer same-origin, if the user didn't re quest credentials in | |
| 348 // the first place, update our state so we neither request them nor expect they must be allowed. | |
| 349 m_forceDoNotAllowStoredCredentials = true; | |
| 350 } | |
| 351 } else { | |
| 352 isCrossOriginResponse = !m_sameOriginRequest; | |
| 353 } | |
| 354 if (isCrossOriginResponse && m_options.crossOriginRequestPolicy == UseAccess Control) { | |
| 328 String accessControlErrorDescription; | 355 String accessControlErrorDescription; |
| 329 if (!passesAccessControlCheck(response, effectiveAllowCredentials(), sec urityOrigin(), accessControlErrorDescription)) { | 356 if (!passesAccessControlCheck(response, effectiveAllowCredentials(), sec urityOrigin(), accessControlErrorDescription)) { |
| 330 m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkIn ternal, 0, response.url().string(), accessControlErrorDescription)); | 357 m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkIn ternal, 0, response.url().string(), accessControlErrorDescription)); |
| 331 return; | 358 return; |
| 332 } | 359 } |
| 333 } | 360 } |
| 334 | 361 |
| 335 m_client->didReceiveResponse(identifier, response); | 362 m_client->didReceiveResponse(identifier, response); |
| 336 } | 363 } |
| 337 | 364 |
| (...skipping 165 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 503 return DoNotAllowStoredCredentials; | 530 return DoNotAllowStoredCredentials; |
| 504 return m_resourceLoaderOptions.allowCredentials; | 531 return m_resourceLoaderOptions.allowCredentials; |
| 505 } | 532 } |
| 506 | 533 |
| 507 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const | 534 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const |
| 508 { | 535 { |
| 509 return m_securityOrigin ? m_securityOrigin.get() : m_document.securityOrigin (); | 536 return m_securityOrigin ? m_securityOrigin.get() : m_document.securityOrigin (); |
| 510 } | 537 } |
| 511 | 538 |
| 512 } // namespace blink | 539 } // namespace blink |
| OLD | NEW |
