Index: Source/core/fetch/ResourceFetcher.cpp |
diff --git a/Source/core/fetch/ResourceFetcher.cpp b/Source/core/fetch/ResourceFetcher.cpp |
index 4570574720574e4d0f0cd1bd2b1c0ea15a3159d9..4dce54e3d07b56a5f640568e193361adcca3cbe3 100644 |
--- a/Source/core/fetch/ResourceFetcher.cpp |
+++ b/Source/core/fetch/ResourceFetcher.cpp |
@@ -265,22 +265,22 @@ FetchContext& ResourceFetcher::context() const |
return FetchContext::nullInstance(); |
} |
-ResourcePtr<Resource> ResourceFetcher::fetchSynchronously(FetchRequest& request) |
+ResourcePtr<Resource> ResourceFetcher::fetchSynchronously(FetchRequest& request, OriginRestriction originRestriction) |
{ |
ASSERT(document()); |
request.mutableResourceRequest().setTimeoutInterval(10); |
ResourceLoaderOptions options(request.options()); |
options.synchronousPolicy = RequestSynchronously; |
request.setOptions(options); |
- return requestResource(Resource::Raw, request); |
+ return requestResource(Resource::Raw, request, originRestriction); |
} |
-ResourcePtr<ImageResource> ResourceFetcher::fetchImage(FetchRequest& request) |
+ResourcePtr<ImageResource> ResourceFetcher::fetchImage(FetchRequest& request, OriginRestriction originRestriction) |
{ |
if (Frame* f = frame()) { |
if (f->document()->pageDismissalEventBeingDispatched() != Document::NoDismissal) { |
KURL requestURL = request.resourceRequest().url(); |
- if (requestURL.isValid() && canRequest(Resource::Image, requestURL, request.options(), request.forPreload())) |
+ if (requestURL.isValid() && canRequest(Resource::Image, requestURL, request.options(), request.forPreload(), originRestriction)) |
PingLoader::loadImage(f, requestURL); |
return 0; |
} |
@@ -340,7 +340,7 @@ ResourcePtr<CSSStyleSheetResource> ResourceFetcher::fetchUserCSSStyleSheet(Fetch |
memoryCache()->remove(existing); |
} |
- request.setOptions(ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, BufferData, AllowStoredCredentials, ClientRequestedCredentials, AskClientForCrossOriginCredentials, SkipSecurityCheck, CheckContentSecurityPolicy, UseDefaultOriginRestrictionsForType, DocumentContext)); |
+ request.setOptions(ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, BufferData, AllowStoredCredentials, ClientRequestedCredentials, AskClientForCrossOriginCredentials, SkipSecurityCheck, CheckContentSecurityPolicy, DocumentContext)); |
return static_cast<CSSStyleSheetResource*>(requestResource(Resource::CSSStyleSheet, request).get()); |
} |
@@ -429,7 +429,7 @@ bool ResourceFetcher::checkInsecureContent(Resource::Type type, const KURL& url, |
return true; |
} |
-bool ResourceFetcher::canRequest(Resource::Type type, const KURL& url, const ResourceLoaderOptions& options, bool forPreload) |
+bool ResourceFetcher::canRequest(Resource::Type type, const KURL& url, const ResourceLoaderOptions& options, bool forPreload, OriginRestriction originRestriction) |
{ |
if (document() && !document()->securityOrigin()->canDisplay(url)) { |
if (!forPreload) |
@@ -458,7 +458,7 @@ bool ResourceFetcher::canRequest(Resource::Type type, const KURL& url, const Res |
case Resource::ImportResource: |
// By default these types of resources can be loaded from any origin. |
// FIXME: Are we sure about Resource::Font? |
- if (options.requestOriginPolicy == RestrictToSameOrigin && !m_document->securityOrigin()->canRequest(url)) { |
+ if (originRestriction == RestrictToSameOrigin && !m_document->securityOrigin()->canRequest(url)) { |
printAccessDeniedMessage(url); |
return false; |
} |
@@ -532,17 +532,17 @@ bool ResourceFetcher::canRequest(Resource::Type type, const KURL& url, const Res |
return true; |
} |
-bool ResourceFetcher::canAccess(Resource* resource) |
+bool ResourceFetcher::canAccess(Resource* resource, CrossOriginEnabled crossOriginEnabled, OriginRestriction originRestriction) |
{ |
// Redirects can change the response URL different from one of request. |
- if (!canRequest(resource->type(), resource->response().url(), resource->options(), false)) |
+ if (!canRequest(resource->type(), resource->response().url(), resource->options(), false, originRestriction)) |
return false; |
String error; |
switch (resource->type()) { |
case Resource::Script: |
case Resource::ImportResource: |
- if (resource->options().requestOriginPolicy == PotentiallyCrossOriginEnabled |
+ if (crossOriginEnabled == PotentiallyCrossOriginEnabled |
&& !m_document->securityOrigin()->canRequest(resource->response().url()) |
&& !resource->passesAccessControlCheck(m_document->securityOrigin(), error)) { |
if (frame() && frame()->document()) |
@@ -579,7 +579,7 @@ bool ResourceFetcher::resourceNeedsLoad(Resource* resource, const FetchRequest& |
return request.options().synchronousPolicy == RequestSynchronously && resource->isLoading(); |
} |
-ResourcePtr<Resource> ResourceFetcher::requestResource(Resource::Type type, FetchRequest& request) |
+ResourcePtr<Resource> ResourceFetcher::requestResource(Resource::Type type, FetchRequest& request, OriginRestriction originRestriction) |
{ |
ASSERT(request.options().synchronousPolicy == RequestAsynchronously || type == Resource::Raw); |
@@ -593,7 +593,7 @@ ResourcePtr<Resource> ResourceFetcher::requestResource(Resource::Type type, Fetc |
if (!url.isValid()) |
return 0; |
- if (!canRequest(type, url, request.options(), request.forPreload())) |
+ if (!canRequest(type, url, request.options(), request.forPreload(), originRestriction)) |
return 0; |
if (Frame* f = frame()) |
@@ -1261,7 +1261,7 @@ bool ResourceFetcher::isLoadedBy(ResourceLoaderHost* possibleOwner) const |
bool ResourceFetcher::shouldRequest(Resource* resource, const ResourceRequest& request, const ResourceLoaderOptions& options) |
{ |
- if (!canRequest(resource->type(), request.url(), options)) |
+ if (!canRequest(resource->type(), request.url(), options, false, UseDefaultOriginRestrictionForType)) |
return false; |
if (resource->type() == Resource::Image && shouldDeferImageLoad(request.url())) |
return false; |
@@ -1329,7 +1329,7 @@ void ResourceFetcher::printPreloadStats() |
const ResourceLoaderOptions& ResourceFetcher::defaultResourceOptions() |
{ |
- DEFINE_STATIC_LOCAL(ResourceLoaderOptions, options, (SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, ClientRequestedCredentials, AskClientForCrossOriginCredentials, DoSecurityCheck, CheckContentSecurityPolicy, UseDefaultOriginRestrictionsForType, DocumentContext)); |
+ DEFINE_STATIC_LOCAL(ResourceLoaderOptions, options, (SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, ClientRequestedCredentials, AskClientForCrossOriginCredentials, DoSecurityCheck, CheckContentSecurityPolicy, DocumentContext)); |
return options; |
} |