Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(220)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/loader/DocumentThreadableLoader.cpp

Issue 538473002: DevTools: NetworkPanel: headers missing for cors-cancelled requests. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Source/core/loader/DocumentThreadableLoader.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved.
3 * Copyright (C) 2013, Intel Corporation 3 * Copyright (C) 2013, Intel Corporation
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are 6 * modification, are permitted provided that the following conditions are
7 * met: 7 * met:
8 * 8 *
9 * * Redistributions of source code must retain the above copyright 9 * * Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
(...skipping 299 matching lines...) Expand 10 before | Expand all | Expand 10 after
310 310
311 m_client->didDownloadData(dataLength); 311 m_client->didDownloadData(dataLength);
312 } 312 }
313 313
314 void DocumentThreadableLoader::responseReceived(Resource* resource, const Resour ceResponse& response) 314 void DocumentThreadableLoader::responseReceived(Resource* resource, const Resour ceResponse& response)
315 { 315 {
316 ASSERT_UNUSED(resource, resource == this->resource()); 316 ASSERT_UNUSED(resource, resource == this->resource());
317 handleResponse(resource->identifier(), response); 317 handleResponse(resource->identifier(), response);
318 } 318 }
319 319
320 void DocumentThreadableLoader::handlePreflightResponse(unsigned long identifier, const ResourceResponse& response) 320 void DocumentThreadableLoader::handlePreflightResponse(const ResourceResponse& r esponse)
321 { 321 {
322 // Notifying the inspector here is necessary because a call to handlePreflig htFailure() might synchronously
323 // cause the underlying ResourceLoader to be cancelled before it tells the i nspector about the response.
324 // In that case, if we don't tell the inspector about the response now, the resource type in the inspector
325 // will default to "other" instead of something more descriptive.
326 DocumentLoader* loader = m_document.frame()->loader().documentLoader();
327 TRACE_EVENT_INSTANT1(TRACE_DISABLED_BY_DEFAULT("devtools.timeline"), "Resour ceReceiveResponse", "data", InspectorReceiveResponseEvent::data(identifier, m_do cument.frame(), response));
328 // FIXME(361045): remove InspectorInstrumentation calls once DevTools Timeli ne migrates to tracing.
329 LocalFrame* frame = m_document.frame();
330 InspectorInstrumentation::didReceiveResourceResponse(frame, identifier, load er, response, resource() ? resource()->loader() : 0);
331 // It is essential that inspector gets resource response BEFORE console.
332 frame->console().reportResourceResponseReceived(loader, identifier, response );
333
334 String accessControlErrorDescription; 322 String accessControlErrorDescription;
335 323
336 if (!passesAccessControlCheck(response, effectiveAllowCredentials(), securit yOrigin(), accessControlErrorDescription)) { 324 if (!passesAccessControlCheck(response, effectiveAllowCredentials(), securit yOrigin(), accessControlErrorDescription)) {
337 handlePreflightFailure(response.url().string(), accessControlErrorDescri ption); 325 handlePreflightFailure(response.url().string(), accessControlErrorDescri ption);
338 return; 326 return;
339 } 327 }
340 328
341 if (!passesPreflightStatusCheck(response, accessControlErrorDescription)) { 329 if (!passesPreflightStatusCheck(response, accessControlErrorDescription)) {
342 handlePreflightFailure(response.url().string(), accessControlErrorDescri ption); 330 handlePreflightFailure(response.url().string(), accessControlErrorDescri ption);
343 return; 331 return;
344 } 332 }
345 333
346 OwnPtr<CrossOriginPreflightResultCacheItem> preflightResult = adoptPtr(new C rossOriginPreflightResultCacheItem(effectiveAllowCredentials())); 334 OwnPtr<CrossOriginPreflightResultCacheItem> preflightResult = adoptPtr(new C rossOriginPreflightResultCacheItem(effectiveAllowCredentials()));
347 if (!preflightResult->parse(response, accessControlErrorDescription) 335 if (!preflightResult->parse(response, accessControlErrorDescription)
348 || !preflightResult->allowsCrossOriginMethod(m_actualRequest->httpMethod (), accessControlErrorDescription) 336 || !preflightResult->allowsCrossOriginMethod(m_actualRequest->httpMethod (), accessControlErrorDescription)
349 || !preflightResult->allowsCrossOriginHeaders(m_actualRequest->httpHeade rFields(), accessControlErrorDescription)) { 337 || !preflightResult->allowsCrossOriginHeaders(m_actualRequest->httpHeade rFields(), accessControlErrorDescription)) {
350 handlePreflightFailure(response.url().string(), accessControlErrorDescri ption); 338 handlePreflightFailure(response.url().string(), accessControlErrorDescri ption);
351 return; 339 return;
352 } 340 }
353 341
354 CrossOriginPreflightResultCache::shared().appendEntry(securityOrigin()->toSt ring(), m_actualRequest->url(), preflightResult.release()); 342 CrossOriginPreflightResultCache::shared().appendEntry(securityOrigin()->toSt ring(), m_actualRequest->url(), preflightResult.release());
355 } 343 }
356 344
345 void DocumentThreadableLoader::notifyResponseReceived(unsigned long identifier, const ResourceResponse& response)
346 {
347 DocumentLoader* loader = m_document.frame()->loader().documentLoader();
348 TRACE_EVENT_INSTANT1(TRACE_DISABLED_BY_DEFAULT("devtools.timeline"), "Resour ceReceiveResponse", "data", InspectorReceiveResponseEvent::data(identifier, m_do cument.frame(), response));
349 LocalFrame* frame = m_document.frame();
350 InspectorInstrumentation::didReceiveResourceResponse(frame, identifier, load er, response, resource() ? resource()->loader() : 0);
351 // It is essential that inspector gets resource response BEFORE console.
352 frame->console().reportResourceResponseReceived(loader, identifier, response );
353 }
354
357 void DocumentThreadableLoader::handleResponse(unsigned long identifier, const Re sourceResponse& response) 355 void DocumentThreadableLoader::handleResponse(unsigned long identifier, const Re sourceResponse& response)
358 { 356 {
359 ASSERT(m_client); 357 ASSERT(m_client);
360 358
361 if (m_actualRequest) { 359 if (m_actualRequest) {
362 handlePreflightResponse(identifier, response); 360 notifyResponseReceived(identifier, response);
361 handlePreflightResponse(response);
363 return; 362 return;
364 } 363 }
365 364
366 // If the response is fetched via ServiceWorker, the original URL of the res ponse could be different from the URL of the request. 365 // If the response is fetched via ServiceWorker, the original URL of the res ponse could be different from the URL of the request.
367 bool isCrossOriginResponse = false; 366 bool isCrossOriginResponse = false;
368 if (response.wasFetchedViaServiceWorker()) { 367 if (response.wasFetchedViaServiceWorker()) {
369 if (!isAllowedByPolicy(response.url())) { 368 if (!isAllowedByPolicy(response.url())) {
369 notifyResponseReceived(identifier, response);
370 m_client->didFailRedirectCheck(); 370 m_client->didFailRedirectCheck();
371 return; 371 return;
372 } 372 }
373 isCrossOriginResponse = !securityOrigin()->canRequest(response.url()); 373 isCrossOriginResponse = !securityOrigin()->canRequest(response.url());
374 if (m_options.crossOriginRequestPolicy == DenyCrossOriginRequests && isC rossOriginResponse) { 374 if (m_options.crossOriginRequestPolicy == DenyCrossOriginRequests && isC rossOriginResponse) {
375 notifyResponseReceived(identifier, response);
375 m_client->didFail(ResourceError(errorDomainBlinkInternal, 0, respons e.url().string(), "Cross origin requests are not supported.")); 376 m_client->didFail(ResourceError(errorDomainBlinkInternal, 0, respons e.url().string(), "Cross origin requests are not supported."));
376 return; 377 return;
377 } 378 }
378 if (isCrossOriginResponse && m_resourceLoaderOptions.credentialsRequeste d == ClientDidNotRequestCredentials) { 379 if (isCrossOriginResponse && m_resourceLoaderOptions.credentialsRequeste d == ClientDidNotRequestCredentials) {
379 // Since the request is no longer same-origin, if the user didn't re quest credentials in 380 // Since the request is no longer same-origin, if the user didn't re quest credentials in
380 // the first place, update our state so we neither request them nor expect they must be allowed. 381 // the first place, update our state so we neither request them nor expect they must be allowed.
381 m_forceDoNotAllowStoredCredentials = true; 382 m_forceDoNotAllowStoredCredentials = true;
382 } 383 }
383 } else { 384 } else {
384 isCrossOriginResponse = !m_sameOriginRequest; 385 isCrossOriginResponse = !m_sameOriginRequest;
385 } 386 }
386 if (isCrossOriginResponse && m_options.crossOriginRequestPolicy == UseAccess Control) { 387 if (isCrossOriginResponse && m_options.crossOriginRequestPolicy == UseAccess Control) {
387 String accessControlErrorDescription; 388 String accessControlErrorDescription;
388 if (!passesAccessControlCheck(response, effectiveAllowCredentials(), sec urityOrigin(), accessControlErrorDescription)) { 389 if (!passesAccessControlCheck(response, effectiveAllowCredentials(), sec urityOrigin(), accessControlErrorDescription)) {
390 notifyResponseReceived(identifier, response);
389 m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkIn ternal, 0, response.url().string(), accessControlErrorDescription)); 391 m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkIn ternal, 0, response.url().string(), accessControlErrorDescription));
390 return; 392 return;
391 } 393 }
392 } 394 }
393 395
394 m_client->didReceiveResponse(identifier, response); 396 m_client->didReceiveResponse(identifier, response);
395 } 397 }
396 398
397 void DocumentThreadableLoader::dataReceived(Resource* resource, const char* data , int dataLength) 399 void DocumentThreadableLoader::dataReceived(Resource* resource, const char* data , int dataLength)
398 { 400 {
(...skipping 166 matching lines...) Expand 10 before | Expand all | Expand 10 after
565 return DoNotAllowStoredCredentials; 567 return DoNotAllowStoredCredentials;
566 return m_resourceLoaderOptions.allowCredentials; 568 return m_resourceLoaderOptions.allowCredentials;
567 } 569 }
568 570
569 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const 571 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const
570 { 572 {
571 return m_securityOrigin ? m_securityOrigin.get() : m_document.securityOrigin (); 573 return m_securityOrigin ? m_securityOrigin.get() : m_document.securityOrigin ();
572 } 574 }
573 575
574 } // namespace blink 576 } // namespace blink
OLDNEW
« no previous file with comments | « Source/core/loader/DocumentThreadableLoader.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698