Block execution of failed 'crossorigin' <script>s.

Source/core/fetch/ResourceFetcher.h

Index: Source/core/fetch/ResourceFetcher.h
diff --git a/Source/core/fetch/ResourceFetcher.h b/Source/core/fetch/ResourceFetcher.h
index 431bacd1ed022f8bd97e83cc244c1bc6f2f484ef..5041bec1bc0caa46e155b574bd87c58787e9f520 100644
--- a/Source/core/fetch/ResourceFetcher.h
+++ b/Source/core/fetch/ResourceFetcher.h
@@ -61,6 +61,16 @@ class KURL;
 class ResourceTimingInfo;
 class ResourceLoaderSet;
 
+enum OriginRestriction {

[sof, 2013/11/15 08:11:58]

Finding appropriate names for this one (and the one below) took quite some time.
I think they make sense now, but if people see better alternatives, I'll happily
rename.

+    UseDefaultOriginRestrictionForType,
+    RestrictToSameOrigin
+};
+
+enum CrossOriginEnabled {
+    NotCrossOriginEnabled,
+    PotentiallyCrossOriginEnabled // Indicates "potentially CORS-enabled fetch" in HTML standard.
+};
+
 // The ResourceFetcher provides a per-context interface to the MemoryCache
 // and enforces a bunch of security checks and rules for resource revalidation.
 // Its lifetime is roughly per-DocumentLoader, in that it is generally created
@@ -81,8 +91,8 @@ public:
     using RefCounted<ResourceFetcher>::ref;
     using RefCounted<ResourceFetcher>::deref;
 
-    ResourcePtr<Resource> fetchSynchronously(FetchRequest&);
-    ResourcePtr<ImageResource> fetchImage(FetchRequest&);
+    ResourcePtr<Resource> fetchSynchronously(FetchRequest&, OriginRestriction = UseDefaultOriginRestrictionForType);
+    ResourcePtr<ImageResource> fetchImage(FetchRequest&, OriginRestriction = UseDefaultOriginRestrictionForType);

[sof, 2013/11/15 08:11:58]

Notice that none of the other fetch{ResourceType}() methods take this extra
argument. They could, but there's no need for its functionality by their
callers, so I held off. (And requestResource() provides full control in any
case.) 

[abarth-chromium, 2013/11/15 15:47:52]

These functions used to take a large number of parameters.  We created the
FetchRequest object to hold all these parameters.  Can we add this value to
FetchRequest?  The FetchRequest doesn't get stored in the cache, so different
callers can have different values for the origin restriction.

[sof, 2013/11/15 17:05:18]

Done. Thank you, sorry for not picking up on that practice. That does remove a
wart added. 

     ResourcePtr<CSSStyleSheetResource> fetchCSSStyleSheet(FetchRequest&);
     ResourcePtr<CSSStyleSheetResource> fetchUserCSSStyleSheet(FetchRequest&);
     ResourcePtr<ScriptResource> fetchScript(FetchRequest&);
@@ -130,7 +140,7 @@ public:
     void preload(Resource::Type, FetchRequest&, const String& charset);
     void checkForPendingPreloads();
     void printPreloadStats();
-    bool canAccess(Resource*);
+    bool canAccess(Resource*, CrossOriginEnabled, OriginRestriction = UseDefaultOriginRestrictionForType);
 
     void setDefersLoading(bool);
     void stopFetching();
@@ -164,7 +174,7 @@ private:
 
     bool shouldLoadNewResource() const;
 
-    ResourcePtr<Resource> requestResource(Resource::Type, FetchRequest&);
+    ResourcePtr<Resource> requestResource(Resource::Type, FetchRequest&, OriginRestriction = UseDefaultOriginRestrictionForType);
     ResourcePtr<Resource> revalidateResource(const FetchRequest&, Resource*);
     ResourcePtr<Resource> loadResource(Resource::Type, FetchRequest&, const String& charset);
     void preCacheDataURIImage(const FetchRequest&);
@@ -178,7 +188,7 @@ private:
     ResourceRequestCachePolicy resourceRequestCachePolicy(const ResourceRequest&, Resource::Type);
     void addAdditionalRequestHeaders(ResourceRequest&, Resource::Type);
 
-    bool canRequest(Resource::Type, const KURL&, const ResourceLoaderOptions&, bool forPreload = false);
+    bool canRequest(Resource::Type, const KURL&, const ResourceLoaderOptions&, bool forPreload, OriginRestriction);
     bool checkInsecureContent(Resource::Type, const KURL&, MixedContentBlockingTreatment) const;
 
     static bool resourceNeedsLoad(Resource*, const FetchRequest&, RevalidationPolicy);