OLD | NEW |
---|---|
1 /* | 1 /* |
2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) | 2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) |
3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) | 3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) |
4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) | 4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) |
5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved. | 5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved. |
6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ | 6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ |
7 | 7 |
8 This library is free software; you can redistribute it and/or | 8 This library is free software; you can redistribute it and/or |
9 modify it under the terms of the GNU Library General Public | 9 modify it under the terms of the GNU Library General Public |
10 License as published by the Free Software Foundation; either | 10 License as published by the Free Software Foundation; either |
(...skipping 514 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
525 // folks block insecure content with a CSP policy, they don't get a warning. | 525 // folks block insecure content with a CSP policy, they don't get a warning. |
526 // They'll still get a warning in the console about CSP blocking the load. | 526 // They'll still get a warning in the console about CSP blocking the load. |
527 | 527 |
528 // FIXME: Should we consider forPreload here? | 528 // FIXME: Should we consider forPreload here? |
529 if (!checkInsecureContent(type, url, options.mixedContentBlockingTreatment)) | 529 if (!checkInsecureContent(type, url, options.mixedContentBlockingTreatment)) |
530 return false; | 530 return false; |
531 | 531 |
532 return true; | 532 return true; |
533 } | 533 } |
534 | 534 |
535 bool ResourceFetcher::canAccess(Resource* resource) | 535 bool ResourceFetcher::canAccess(Resource* resource, bool isPotentiallyCORSEnable d) |
536 { | 536 { |
537 // Redirects can change the response URL different from one of request. | 537 // Redirects can change the response URL different from one of request. |
538 if (!canRequest(resource->type(), resource->response().url(), resource->opti ons(), false)) | 538 if (!canRequest(resource->type(), resource->response().url(), resource->opti ons(), false)) |
539 return false; | 539 return false; |
540 | 540 |
541 String error; | 541 String error; |
542 switch (resource->type()) { | 542 switch (resource->type()) { |
543 case Resource::Script: | 543 case Resource::Script: |
544 case Resource::ImportResource: | 544 case Resource::ImportResource: |
545 if (resource->options().requestOriginPolicy == PotentiallyCrossOriginEna bled | 545 if (isPotentiallyCORSEnabled |
abarth-chromium
2013/11/14 16:34:48
What's the reason for this part of the change? Wh
sof
2013/11/14 17:12:03
Yes, that's why. See the test LayoutTests/http/tes
| |
546 && !m_document->securityOrigin()->canRequest(resource->response().ur l()) | 546 && !m_document->securityOrigin()->canRequest(resource->response().ur l()) |
547 && !resource->passesAccessControlCheck(m_document->securityOrigin(), error)) { | 547 && !resource->passesAccessControlCheck(m_document->securityOrigin(), error)) { |
548 if (frame() && frame()->document()) | 548 if (frame() && frame()->document()) |
549 frame()->document()->addConsoleMessage(JSMessageSource, ErrorMes sageLevel, "Script from origin '" + SecurityOrigin::create(resource->response(). url())->toString() + "' has been blocked from loading by Cross-Origin Resource S haring policy: " + error); | 549 frame()->document()->addConsoleMessage(JSMessageSource, ErrorMes sageLevel, "Script from origin '" + SecurityOrigin::create(resource->response(). url())->toString() + "' has been blocked from loading by Cross-Origin Resource S haring policy: " + error); |
550 return false; | 550 return false; |
551 } | 551 } |
552 | 552 |
553 break; | 553 break; |
554 default: | 554 default: |
555 ASSERT_NOT_REACHED(); // FIXME: generalize to non-script resources | 555 ASSERT_NOT_REACHED(); // FIXME: generalize to non-script resources |
(...skipping 771 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1327 } | 1327 } |
1328 #endif | 1328 #endif |
1329 | 1329 |
1330 const ResourceLoaderOptions& ResourceFetcher::defaultResourceOptions() | 1330 const ResourceLoaderOptions& ResourceFetcher::defaultResourceOptions() |
1331 { | 1331 { |
1332 DEFINE_STATIC_LOCAL(ResourceLoaderOptions, options, (SendCallbacks, SniffCon tent, BufferData, AllowStoredCredentials, ClientRequestedCredentials, AskClientF orCrossOriginCredentials, DoSecurityCheck, CheckContentSecurityPolicy, UseDefaul tOriginRestrictionsForType, DocumentContext)); | 1332 DEFINE_STATIC_LOCAL(ResourceLoaderOptions, options, (SendCallbacks, SniffCon tent, BufferData, AllowStoredCredentials, ClientRequestedCredentials, AskClientF orCrossOriginCredentials, DoSecurityCheck, CheckContentSecurityPolicy, UseDefaul tOriginRestrictionsForType, DocumentContext)); |
1333 return options; | 1333 return options; |
1334 } | 1334 } |
1335 | 1335 |
1336 } | 1336 } |
OLD | NEW |