Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1380)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/core/loader/DocumentThreadableLoader.cpp

Issue 399543002: [ServiceWorker] Make fetch() method better conformance with the spec. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« Source/core/fetch/ResourceFetcher.cpp ('K') | « Source/core/fetch/ResourceFetcher.cpp ('k') | Source/core/timing/Performance.cpp » ('j') | Source/modules/serviceworkers/FetchManager.cpp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/loader/DocumentThreadableLoader.cpp
diff --git a/Source/core/loader/DocumentThreadableLoader.cpp b/Source/core/loader/DocumentThreadableLoader.cpp
index 34c86a52a5fb88db350b7f51faee097dd2028d26..a23e7c75d9e773ffc96d2ed058fa3709def68d8c 100644
--- a/Source/core/loader/DocumentThreadableLoader.cpp
+++ b/Source/core/loader/DocumentThreadableLoader.cpp
@@ -186,6 +186,15 @@ void DocumentThreadableLoader::redirectReceived(Resource* resource, ResourceRequ
ASSERT_UNUSED(resource, resource == this->resource());
RefPtr<DocumentThreadableLoader> protect(this);
+
+ // We don't support redirect in Fech API yet.
+ // FIXME: Support redirect in Fech API.
+ if (resource->resourceRequest().requestContext() == blink::WebURLRequest::RequestContextFetch) {
+ m_client->didFailRedirectCheck();
+ request = ResourceRequest();
+ return;
+ }
+
if (!isAllowedByPolicy(request.url())) {
m_client->didFailRedirectCheck();
request = ResourceRequest();
@@ -322,7 +331,26 @@ void DocumentThreadableLoader::handleResponse(unsigned long identifier, const Re
return;
}
- // FIXME: When response.wasFetchedViaServiceWorker() is true, we need to check the URL of the response for CSP and CORS.
+ // If the response is fetched via ServiceWorker, the original URL of the response could be different from the URL of the request.
+ if (response.wasFetchedViaServiceWorker()) {
+ if (!isAllowedByPolicy(response.url())) {
+ m_client->didFailRedirectCheck();
+ return;
+ }
+ if (!isAllowedRedirect(response.url())) {
+ if (m_options.crossOriginRequestPolicy == DenyCrossOriginRequests) {
+ m_client->didFail(ResourceError(errorDomainBlinkInternal, 0, response.url().string(), "Cross origin requests are not supported."));
+ return;
+ }
+ if (m_options.crossOriginRequestPolicy == UseAccessControl) {
yhirano 2014/07/16 13:12:27 This block is very similar to one from L355. The o
horo 2014/07/18 09:12:18 Done.
+ String accessControlErrorDescription;
+ if (!passesAccessControlCheck(response, effectiveAllowCredentials(), securityOrigin(), accessControlErrorDescription)) {
+ m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkInternal, 0, response.url().string(), accessControlErrorDescription));
+ return;
+ }
+ }
+ }
+ }
if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessControl) {
String accessControlErrorDescription;
« Source/core/fetch/ResourceFetcher.cpp ('K') | « Source/core/fetch/ResourceFetcher.cpp ('k') | Source/core/timing/Performance.cpp » ('j') | Source/modules/serviceworkers/FetchManager.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698