OLD | NEW |
1 /* | 1 /* |
2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) | 2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) |
3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) | 3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) |
4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) | 4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) |
5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All
rights reserved. | 5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All
rights reserved. |
6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ | 6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ |
7 | 7 |
8 This library is free software; you can redistribute it and/or | 8 This library is free software; you can redistribute it and/or |
9 modify it under the terms of the GNU Library General Public | 9 modify it under the terms of the GNU Library General Public |
10 License as published by the Free Software Foundation; either | 10 License as published by the Free Software Foundation; either |
(...skipping 260 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
271 options.synchronousPolicy = RequestSynchronously; | 271 options.synchronousPolicy = RequestSynchronously; |
272 request.setOptions(options); | 272 request.setOptions(options); |
273 return requestResource(Resource::Raw, request); | 273 return requestResource(Resource::Raw, request); |
274 } | 274 } |
275 | 275 |
276 ResourcePtr<ImageResource> ResourceFetcher::fetchImage(FetchRequest& request) | 276 ResourcePtr<ImageResource> ResourceFetcher::fetchImage(FetchRequest& request) |
277 { | 277 { |
278 if (Frame* f = frame()) { | 278 if (Frame* f = frame()) { |
279 if (f->document()->pageDismissalEventBeingDispatched() != Document::NoDi
smissal) { | 279 if (f->document()->pageDismissalEventBeingDispatched() != Document::NoDi
smissal) { |
280 KURL requestURL = request.resourceRequest().url(); | 280 KURL requestURL = request.resourceRequest().url(); |
281 if (requestURL.isValid() && canRequest(Resource::Image, requestURL,
request.options(), request.forPreload())) | 281 if (requestURL.isValid() && canRequest(Resource::Image, requestURL,
request.options(), request.forPreload(), request.originRestriction())) |
282 PingLoader::loadImage(f, requestURL); | 282 PingLoader::loadImage(f, requestURL); |
283 return 0; | 283 return 0; |
284 } | 284 } |
285 } | 285 } |
286 | 286 |
287 if (request.resourceRequest().url().protocolIsData()) | 287 if (request.resourceRequest().url().protocolIsData()) |
288 preCacheDataURIImage(request); | 288 preCacheDataURIImage(request); |
289 | 289 |
290 request.setDefer(clientDefersImage(request.resourceRequest().url()) ? FetchR
equest::DeferredByClient : FetchRequest::NoDefer); | 290 request.setDefer(clientDefersImage(request.resourceRequest().url()) ? FetchR
equest::DeferredByClient : FetchRequest::NoDefer); |
291 return static_cast<ImageResource*>(requestResource(Resource::Image, request)
.get()); | 291 return static_cast<ImageResource*>(requestResource(Resource::Image, request)
.get()); |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
326 ResourcePtr<CSSStyleSheetResource> ResourceFetcher::fetchUserCSSStyleSheet(Fetch
Request& request) | 326 ResourcePtr<CSSStyleSheetResource> ResourceFetcher::fetchUserCSSStyleSheet(Fetch
Request& request) |
327 { | 327 { |
328 KURL url = MemoryCache::removeFragmentIdentifierIfNeeded(request.resourceReq
uest().url()); | 328 KURL url = MemoryCache::removeFragmentIdentifierIfNeeded(request.resourceReq
uest().url()); |
329 | 329 |
330 if (Resource* existing = memoryCache()->resourceForURL(url)) { | 330 if (Resource* existing = memoryCache()->resourceForURL(url)) { |
331 if (existing->type() == Resource::CSSStyleSheet) | 331 if (existing->type() == Resource::CSSStyleSheet) |
332 return static_cast<CSSStyleSheetResource*>(existing); | 332 return static_cast<CSSStyleSheetResource*>(existing); |
333 memoryCache()->remove(existing); | 333 memoryCache()->remove(existing); |
334 } | 334 } |
335 | 335 |
336 request.setOptions(ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, B
ufferData, AllowStoredCredentials, ClientRequestedCredentials, AskClientForCross
OriginCredentials, SkipSecurityCheck, CheckContentSecurityPolicy, UseDefaultOrig
inRestrictionsForType, DocumentContext)); | 336 request.setOptions(ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, B
ufferData, AllowStoredCredentials, ClientRequestedCredentials, AskClientForCross
OriginCredentials, SkipSecurityCheck, CheckContentSecurityPolicy, DocumentContex
t)); |
337 return static_cast<CSSStyleSheetResource*>(requestResource(Resource::CSSStyl
eSheet, request).get()); | 337 return static_cast<CSSStyleSheetResource*>(requestResource(Resource::CSSStyl
eSheet, request).get()); |
338 } | 338 } |
339 | 339 |
340 ResourcePtr<ScriptResource> ResourceFetcher::fetchScript(FetchRequest& request) | 340 ResourcePtr<ScriptResource> ResourceFetcher::fetchScript(FetchRequest& request) |
341 { | 341 { |
342 return static_cast<ScriptResource*>(requestResource(Resource::Script, reques
t).get()); | 342 return static_cast<ScriptResource*>(requestResource(Resource::Script, reques
t).get()); |
343 } | 343 } |
344 | 344 |
345 ResourcePtr<XSLStyleSheetResource> ResourceFetcher::fetchXSLStyleSheet(FetchRequ
est& request) | 345 ResourcePtr<XSLStyleSheetResource> ResourceFetcher::fetchXSLStyleSheet(FetchRequ
est& request) |
346 { | 346 { |
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
415 Frame* top = f->tree().top(); | 415 Frame* top = f->tree().top(); |
416 if (!top->loader().mixedContentChecker()->canDisplayInsecureContent(
top->document()->securityOrigin(), url)) | 416 if (!top->loader().mixedContentChecker()->canDisplayInsecureContent(
top->document()->securityOrigin(), url)) |
417 return false; | 417 return false; |
418 } | 418 } |
419 } else { | 419 } else { |
420 ASSERT(treatment == TreatAsAlwaysAllowedContent); | 420 ASSERT(treatment == TreatAsAlwaysAllowedContent); |
421 } | 421 } |
422 return true; | 422 return true; |
423 } | 423 } |
424 | 424 |
425 bool ResourceFetcher::canRequest(Resource::Type type, const KURL& url, const Res
ourceLoaderOptions& options, bool forPreload) | 425 bool ResourceFetcher::canRequest(Resource::Type type, const KURL& url, const Res
ourceLoaderOptions& options, bool forPreload, FetchRequest::OriginRestriction or
iginRestriction) |
426 { | 426 { |
427 if (document() && !document()->securityOrigin()->canDisplay(url)) { | 427 if (document() && !document()->securityOrigin()->canDisplay(url)) { |
428 if (!forPreload) | 428 if (!forPreload) |
429 context().reportLocalLoadFailed(url); | 429 context().reportLocalLoadFailed(url); |
430 LOG(ResourceLoading, "ResourceFetcher::requestResource URL was not allow
ed by SecurityOrigin::canDisplay"); | 430 LOG(ResourceLoading, "ResourceFetcher::requestResource URL was not allow
ed by SecurityOrigin::canDisplay"); |
431 return 0; | 431 return 0; |
432 } | 432 } |
433 | 433 |
434 // FIXME: Convert this to check the isolated world's Content Security Policy
once webkit.org/b/104520 is solved. | 434 // FIXME: Convert this to check the isolated world's Content Security Policy
once webkit.org/b/104520 is solved. |
435 bool shouldBypassMainWorldContentSecurityPolicy = (frame() && frame()->scrip
t().shouldBypassMainWorldContentSecurityPolicy()) || (options.contentSecurityPol
icyOption == DoNotCheckContentSecurityPolicy); | 435 bool shouldBypassMainWorldContentSecurityPolicy = (frame() && frame()->scrip
t().shouldBypassMainWorldContentSecurityPolicy()) || (options.contentSecurityPol
icyOption == DoNotCheckContentSecurityPolicy); |
436 | 436 |
437 // Some types of resources can be loaded only from the same origin. Other | 437 // Some types of resources can be loaded only from the same origin. Other |
438 // types of resources, like Images, Scripts, and CSS, can be loaded from | 438 // types of resources, like Images, Scripts, and CSS, can be loaded from |
439 // any URL. | 439 // any URL. |
440 switch (type) { | 440 switch (type) { |
441 case Resource::MainResource: | 441 case Resource::MainResource: |
442 case Resource::Image: | 442 case Resource::Image: |
443 case Resource::CSSStyleSheet: | 443 case Resource::CSSStyleSheet: |
444 case Resource::Script: | 444 case Resource::Script: |
445 case Resource::Font: | 445 case Resource::Font: |
446 case Resource::Raw: | 446 case Resource::Raw: |
447 case Resource::LinkPrefetch: | 447 case Resource::LinkPrefetch: |
448 case Resource::LinkSubresource: | 448 case Resource::LinkSubresource: |
449 case Resource::TextTrack: | 449 case Resource::TextTrack: |
450 case Resource::Shader: | 450 case Resource::Shader: |
451 case Resource::ImportResource: | 451 case Resource::ImportResource: |
452 // By default these types of resources can be loaded from any origin. | 452 // By default these types of resources can be loaded from any origin. |
453 // FIXME: Are we sure about Resource::Font? | 453 // FIXME: Are we sure about Resource::Font? |
454 if (options.requestOriginPolicy == RestrictToSameOrigin && !m_document->
securityOrigin()->canRequest(url)) { | 454 if (originRestriction == FetchRequest::RestrictToSameOrigin && !m_docume
nt->securityOrigin()->canRequest(url)) { |
455 printAccessDeniedMessage(url); | 455 printAccessDeniedMessage(url); |
456 return false; | 456 return false; |
457 } | 457 } |
458 break; | 458 break; |
459 case Resource::XSLStyleSheet: | 459 case Resource::XSLStyleSheet: |
460 ASSERT(RuntimeEnabledFeatures::xsltEnabled()); | 460 ASSERT(RuntimeEnabledFeatures::xsltEnabled()); |
461 case Resource::SVGDocument: | 461 case Resource::SVGDocument: |
462 if (!m_document->securityOrigin()->canRequest(url)) { | 462 if (!m_document->securityOrigin()->canRequest(url)) { |
463 printAccessDeniedMessage(url); | 463 printAccessDeniedMessage(url); |
464 return false; | 464 return false; |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
516 // folks block insecure content with a CSP policy, they don't get a warning. | 516 // folks block insecure content with a CSP policy, they don't get a warning. |
517 // They'll still get a warning in the console about CSP blocking the load. | 517 // They'll still get a warning in the console about CSP blocking the load. |
518 | 518 |
519 // FIXME: Should we consider forPreload here? | 519 // FIXME: Should we consider forPreload here? |
520 if (!checkInsecureContent(type, url, options.mixedContentBlockingTreatment)) | 520 if (!checkInsecureContent(type, url, options.mixedContentBlockingTreatment)) |
521 return false; | 521 return false; |
522 | 522 |
523 return true; | 523 return true; |
524 } | 524 } |
525 | 525 |
526 bool ResourceFetcher::canAccess(Resource* resource) | 526 bool ResourceFetcher::canAccess(Resource* resource, CORSEnabled corsEnabled, Fet
chRequest::OriginRestriction originRestriction) |
527 { | 527 { |
528 // Redirects can change the response URL different from one of request. | 528 // Redirects can change the response URL different from one of request. |
529 if (!canRequest(resource->type(), resource->response().url(), resource->opti
ons(), false)) | 529 if (!canRequest(resource->type(), resource->response().url(), resource->opti
ons(), false, originRestriction)) |
530 return false; | 530 return false; |
531 | 531 |
532 String error; | 532 String error; |
533 switch (resource->type()) { | 533 switch (resource->type()) { |
534 case Resource::Script: | 534 case Resource::Script: |
535 case Resource::ImportResource: | 535 case Resource::ImportResource: |
536 if (resource->options().requestOriginPolicy == PotentiallyCrossOriginEna
bled | 536 if (corsEnabled == PotentiallyCORSEnabled |
537 && !m_document->securityOrigin()->canRequest(resource->response().ur
l()) | 537 && !m_document->securityOrigin()->canRequest(resource->response().ur
l()) |
538 && !resource->passesAccessControlCheck(m_document->securityOrigin(),
error)) { | 538 && !resource->passesAccessControlCheck(m_document->securityOrigin(),
error)) { |
539 if (frame() && frame()->document()) | 539 if (frame() && frame()->document()) |
540 frame()->document()->addConsoleMessage(JSMessageSource, ErrorMes
sageLevel, "Script from origin '" + SecurityOrigin::create(resource->response().
url())->toString() + "' has been blocked from loading by Cross-Origin Resource S
haring policy: " + error); | 540 frame()->document()->addConsoleMessage(JSMessageSource, ErrorMes
sageLevel, "Script from origin '" + SecurityOrigin::create(resource->response().
url())->toString() + "' has been blocked from loading by Cross-Origin Resource S
haring policy: " + error); |
541 return false; | 541 return false; |
542 } | 542 } |
543 | 543 |
544 break; | 544 break; |
545 default: | 545 default: |
546 ASSERT_NOT_REACHED(); // FIXME: generalize to non-script resources | 546 ASSERT_NOT_REACHED(); // FIXME: generalize to non-script resources |
(...skipping 30 matching lines...) Expand all Loading... |
577 KURL url = request.resourceRequest().url(); | 577 KURL url = request.resourceRequest().url(); |
578 | 578 |
579 LOG(ResourceLoading, "ResourceFetcher::requestResource '%s', charset '%s', p
riority=%d, forPreload=%u, type=%s", url.elidedString().latin1().data(), request
.charset().latin1().data(), request.priority(), request.forPreload(), ResourceTy
peName(type)); | 579 LOG(ResourceLoading, "ResourceFetcher::requestResource '%s', charset '%s', p
riority=%d, forPreload=%u, type=%s", url.elidedString().latin1().data(), request
.charset().latin1().data(), request.priority(), request.forPreload(), ResourceTy
peName(type)); |
580 | 580 |
581 // If only the fragment identifiers differ, it is the same resource. | 581 // If only the fragment identifiers differ, it is the same resource. |
582 url = MemoryCache::removeFragmentIdentifierIfNeeded(url); | 582 url = MemoryCache::removeFragmentIdentifierIfNeeded(url); |
583 | 583 |
584 if (!url.isValid()) | 584 if (!url.isValid()) |
585 return 0; | 585 return 0; |
586 | 586 |
587 if (!canRequest(type, url, request.options(), request.forPreload())) | 587 if (!canRequest(type, url, request.options(), request.forPreload(), request.
originRestriction())) |
588 return 0; | 588 return 0; |
589 | 589 |
590 if (Frame* f = frame()) | 590 if (Frame* f = frame()) |
591 f->loader().client()->dispatchWillRequestResource(&request); | 591 f->loader().client()->dispatchWillRequestResource(&request); |
592 | 592 |
593 // See if we can use an existing resource from the cache. | 593 // See if we can use an existing resource from the cache. |
594 ResourcePtr<Resource> resource = memoryCache()->resourceForURL(url); | 594 ResourcePtr<Resource> resource = memoryCache()->resourceForURL(url); |
595 | 595 |
596 const RevalidationPolicy policy = determineRevalidationPolicy(type, request.
mutableResourceRequest(), request.forPreload(), resource.get(), request.defer())
; | 596 const RevalidationPolicy policy = determineRevalidationPolicy(type, request.
mutableResourceRequest(), request.forPreload(), resource.get(), request.defer())
; |
597 switch (policy) { | 597 switch (policy) { |
(...skipping 650 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1248 return false; | 1248 return false; |
1249 } | 1249 } |
1250 | 1250 |
1251 bool ResourceFetcher::isLoadedBy(ResourceLoaderHost* possibleOwner) const | 1251 bool ResourceFetcher::isLoadedBy(ResourceLoaderHost* possibleOwner) const |
1252 { | 1252 { |
1253 return this == possibleOwner; | 1253 return this == possibleOwner; |
1254 } | 1254 } |
1255 | 1255 |
1256 bool ResourceFetcher::shouldRequest(Resource* resource, const ResourceRequest& r
equest, const ResourceLoaderOptions& options) | 1256 bool ResourceFetcher::shouldRequest(Resource* resource, const ResourceRequest& r
equest, const ResourceLoaderOptions& options) |
1257 { | 1257 { |
1258 if (!canRequest(resource->type(), request.url(), options)) | 1258 if (!canRequest(resource->type(), request.url(), options, false, FetchReques
t::UseDefaultOriginRestrictionForType)) |
1259 return false; | 1259 return false; |
1260 if (resource->type() == Resource::Image && shouldDeferImageLoad(request.url(
))) | 1260 if (resource->type() == Resource::Image && shouldDeferImageLoad(request.url(
))) |
1261 return false; | 1261 return false; |
1262 return true; | 1262 return true; |
1263 } | 1263 } |
1264 | 1264 |
1265 void ResourceFetcher::refResourceLoaderHost() | 1265 void ResourceFetcher::refResourceLoaderHost() |
1266 { | 1266 { |
1267 ref(); | 1267 ref(); |
1268 } | 1268 } |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1316 printf("SCRIPTS: %d (%d hits, hit rate %d%%)\n", scripts, scripts - scri
ptMisses, (scripts - scriptMisses) * 100 / scripts); | 1316 printf("SCRIPTS: %d (%d hits, hit rate %d%%)\n", scripts, scripts - scri
ptMisses, (scripts - scriptMisses) * 100 / scripts); |
1317 if (stylesheets) | 1317 if (stylesheets) |
1318 printf("STYLESHEETS: %d (%d hits, hit rate %d%%)\n", stylesheets, styles
heets - stylesheetMisses, (stylesheets - stylesheetMisses) * 100 / stylesheets); | 1318 printf("STYLESHEETS: %d (%d hits, hit rate %d%%)\n", stylesheets, styles
heets - stylesheetMisses, (stylesheets - stylesheetMisses) * 100 / stylesheets); |
1319 if (images) | 1319 if (images) |
1320 printf("IMAGES: %d (%d hits, hit rate %d%%)\n", images, images - imageM
isses, (images - imageMisses) * 100 / images); | 1320 printf("IMAGES: %d (%d hits, hit rate %d%%)\n", images, images - imageM
isses, (images - imageMisses) * 100 / images); |
1321 } | 1321 } |
1322 #endif | 1322 #endif |
1323 | 1323 |
1324 const ResourceLoaderOptions& ResourceFetcher::defaultResourceOptions() | 1324 const ResourceLoaderOptions& ResourceFetcher::defaultResourceOptions() |
1325 { | 1325 { |
1326 DEFINE_STATIC_LOCAL(ResourceLoaderOptions, options, (SendCallbacks, SniffCon
tent, BufferData, AllowStoredCredentials, ClientRequestedCredentials, AskClientF
orCrossOriginCredentials, DoSecurityCheck, CheckContentSecurityPolicy, UseDefaul
tOriginRestrictionsForType, DocumentContext)); | 1326 DEFINE_STATIC_LOCAL(ResourceLoaderOptions, options, (SendCallbacks, SniffCon
tent, BufferData, AllowStoredCredentials, ClientRequestedCredentials, AskClientF
orCrossOriginCredentials, DoSecurityCheck, CheckContentSecurityPolicy, DocumentC
ontext)); |
1327 return options; | 1327 return options; |
1328 } | 1328 } |
1329 | 1329 |
1330 } | 1330 } |
OLD | NEW |