Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(33)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/loader/DocumentThreadableLoader.cpp

Issue 399543002: [ServiceWorker] Make fetch() method better conformance with the spec. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: incorporated falken's comment Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Source/core/fetch/ResourceFetcher.cpp ('k') | Source/modules/serviceworkers/FetchHeaderList.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved.
3 * Copyright (C) 2013, Intel Corporation 3 * Copyright (C) 2013, Intel Corporation
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are 6 * modification, are permitted provided that the following conditions are
7 * met: 7 * met:
8 * 8 *
9 * * Redistributions of source code must retain the above copyright 9 * * Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
(...skipping 168 matching lines...) Expand 10 before | Expand all | Expand 10 after
179 if (resource()) 179 if (resource())
180 resource()->setDefersLoading(value); 180 resource()->setDefersLoading(value);
181 } 181 }
182 182
183 void DocumentThreadableLoader::redirectReceived(Resource* resource, ResourceRequ est& request, const ResourceResponse& redirectResponse) 183 void DocumentThreadableLoader::redirectReceived(Resource* resource, ResourceRequ est& request, const ResourceResponse& redirectResponse)
184 { 184 {
185 ASSERT(m_client); 185 ASSERT(m_client);
186 ASSERT_UNUSED(resource, resource == this->resource()); 186 ASSERT_UNUSED(resource, resource == this->resource());
187 187
188 RefPtr<DocumentThreadableLoader> protect(this); 188 RefPtr<DocumentThreadableLoader> protect(this);
189
190 // FIXME: Support redirect in Fetch API.
191 if (resource->resourceRequest().requestContext() == blink::WebURLRequest::Re questContextFetch) {
192 m_client->didFailRedirectCheck();
193 request = ResourceRequest();
194 return;
195 }
196
189 if (!isAllowedByPolicy(request.url())) { 197 if (!isAllowedByPolicy(request.url())) {
190 m_client->didFailRedirectCheck(); 198 m_client->didFailRedirectCheck();
191 request = ResourceRequest(); 199 request = ResourceRequest();
192 return; 200 return;
193 } 201 }
194 202
195 // Allow same origin requests to continue after allowing clients to audit th e redirect. 203 // Allow same origin requests to continue after allowing clients to audit th e redirect.
196 if (isAllowedRedirect(request.url())) { 204 if (isAllowedRedirect(request.url())) {
197 if (m_client->isDocumentThreadableLoaderClient()) 205 if (m_client->isDocumentThreadableLoaderClient())
198 static_cast<DocumentThreadableLoaderClient*>(m_client)->willSendRequ est(request, redirectResponse); 206 static_cast<DocumentThreadableLoaderClient*>(m_client)->willSendRequ est(request, redirectResponse);
(...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after
315 323
316 void DocumentThreadableLoader::handleResponse(unsigned long identifier, const Re sourceResponse& response) 324 void DocumentThreadableLoader::handleResponse(unsigned long identifier, const Re sourceResponse& response)
317 { 325 {
318 ASSERT(m_client); 326 ASSERT(m_client);
319 327
320 if (m_actualRequest) { 328 if (m_actualRequest) {
321 handlePreflightResponse(identifier, response); 329 handlePreflightResponse(identifier, response);
322 return; 330 return;
323 } 331 }
324 332
325 // FIXME: When response.wasFetchedViaServiceWorker() is true, we need to che ck the URL of the response for CSP and CORS. 333 // If the response is fetched via ServiceWorker, the original URL of the res ponse could be different from the URL of the request.
326 334 bool isCrossOriginResponse = false;
327 if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessC ontrol) { 335 if (response.wasFetchedViaServiceWorker()) {
336 if (!isAllowedByPolicy(response.url())) {
337 m_client->didFailRedirectCheck();
338 return;
339 }
340 isCrossOriginResponse = !securityOrigin()->canRequest(response.url());
341 if (m_options.crossOriginRequestPolicy == DenyCrossOriginRequests && isC rossOriginResponse) {
342 m_client->didFail(ResourceError(errorDomainBlinkInternal, 0, respons e.url().string(), "Cross origin requests are not supported."));
343 return;
344 }
345 if (isCrossOriginResponse && m_resourceLoaderOptions.credentialsRequeste d == ClientDidNotRequestCredentials) {
346 // Since the request is no longer same-origin, if the user didn't re quest credentials in
347 // the first place, update our state so we neither request them nor expect they must be allowed.
348 m_forceDoNotAllowStoredCredentials = true;
349 }
350 } else {
351 isCrossOriginResponse = !m_sameOriginRequest;
352 }
353 if (isCrossOriginResponse && m_options.crossOriginRequestPolicy == UseAccess Control) {
328 String accessControlErrorDescription; 354 String accessControlErrorDescription;
329 if (!passesAccessControlCheck(response, effectiveAllowCredentials(), sec urityOrigin(), accessControlErrorDescription)) { 355 if (!passesAccessControlCheck(response, effectiveAllowCredentials(), sec urityOrigin(), accessControlErrorDescription)) {
330 m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkIn ternal, 0, response.url().string(), accessControlErrorDescription)); 356 m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkIn ternal, 0, response.url().string(), accessControlErrorDescription));
331 return; 357 return;
332 } 358 }
333 } 359 }
334 360
335 m_client->didReceiveResponse(identifier, response); 361 m_client->didReceiveResponse(identifier, response);
336 } 362 }
337 363
(...skipping 165 matching lines...) Expand 10 before | Expand all | Expand 10 after
503 return DoNotAllowStoredCredentials; 529 return DoNotAllowStoredCredentials;
504 return m_resourceLoaderOptions.allowCredentials; 530 return m_resourceLoaderOptions.allowCredentials;
505 } 531 }
506 532
507 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const 533 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const
508 { 534 {
509 return m_securityOrigin ? m_securityOrigin.get() : m_document.securityOrigin (); 535 return m_securityOrigin ? m_securityOrigin.get() : m_document.securityOrigin ();
510 } 536 }
511 537
512 } // namespace blink 538 } // namespace blink
OLDNEW
« no previous file with comments | « Source/core/fetch/ResourceFetcher.cpp ('k') | Source/modules/serviceworkers/FetchHeaderList.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698