Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(905)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/core/loader/DocumentThreadableLoader.cpp

Issue 399543002: [ServiceWorker] Make fetch() method better conformance with the spec. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: incorporated falken's comment Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « Source/core/fetch/ResourceFetcher.cpp ('k') | Source/modules/serviceworkers/FetchHeaderList.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/loader/DocumentThreadableLoader.cpp
diff --git a/Source/core/loader/DocumentThreadableLoader.cpp b/Source/core/loader/DocumentThreadableLoader.cpp
index 43164d969815c555bf5c40d7126a170000fbedfc..f49558151d8a1e25d4e91e85b2909f2d7cfad76b 100644
--- a/Source/core/loader/DocumentThreadableLoader.cpp
+++ b/Source/core/loader/DocumentThreadableLoader.cpp
@@ -186,6 +186,14 @@ void DocumentThreadableLoader::redirectReceived(Resource* resource, ResourceRequ
ASSERT_UNUSED(resource, resource == this->resource());
RefPtr<DocumentThreadableLoader> protect(this);
+
+ // FIXME: Support redirect in Fetch API.
+ if (resource->resourceRequest().requestContext() == blink::WebURLRequest::RequestContextFetch) {
+ m_client->didFailRedirectCheck();
+ request = ResourceRequest();
+ return;
+ }
+
if (!isAllowedByPolicy(request.url())) {
m_client->didFailRedirectCheck();
request = ResourceRequest();
@@ -322,9 +330,27 @@ void DocumentThreadableLoader::handleResponse(unsigned long identifier, const Re
return;
}
- // FIXME: When response.wasFetchedViaServiceWorker() is true, we need to check the URL of the response for CSP and CORS.
-
- if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessControl) {
+ // If the response is fetched via ServiceWorker, the original URL of the response could be different from the URL of the request.
+ bool isCrossOriginResponse = false;
+ if (response.wasFetchedViaServiceWorker()) {
+ if (!isAllowedByPolicy(response.url())) {
+ m_client->didFailRedirectCheck();
+ return;
+ }
+ isCrossOriginResponse = !securityOrigin()->canRequest(response.url());
+ if (m_options.crossOriginRequestPolicy == DenyCrossOriginRequests && isCrossOriginResponse) {
+ m_client->didFail(ResourceError(errorDomainBlinkInternal, 0, response.url().string(), "Cross origin requests are not supported."));
+ return;
+ }
+ if (isCrossOriginResponse && m_resourceLoaderOptions.credentialsRequested == ClientDidNotRequestCredentials) {
+ // Since the request is no longer same-origin, if the user didn't request credentials in
+ // the first place, update our state so we neither request them nor expect they must be allowed.
+ m_forceDoNotAllowStoredCredentials = true;
+ }
+ } else {
+ isCrossOriginResponse = !m_sameOriginRequest;
+ }
+ if (isCrossOriginResponse && m_options.crossOriginRequestPolicy == UseAccessControl) {
String accessControlErrorDescription;
if (!passesAccessControlCheck(response, effectiveAllowCredentials(), securityOrigin(), accessControlErrorDescription)) {
m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkInternal, 0, response.url().string(), accessControlErrorDescription));
« no previous file with comments | « Source/core/fetch/ResourceFetcher.cpp ('k') | Source/modules/serviceworkers/FetchHeaderList.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698