[ServiceWorker] Set FetchRequestMode and handle wasFetchedViaServiceWorker.

Source/core/loader/DocumentThreadableLoader.cpp

 /*
  * Copyright (C) 2011, 2012 Google Inc. All rights reserved.
  * Copyright (C) 2013, Intel Corporation
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
@@ skipping 28 matching lines @@
 #include "core/fetch/Resource.h"
 #include "core/fetch/ResourceFetcher.h"
 #include "core/frame/FrameConsole.h"
 #include "core/frame/LocalFrame.h"
 #include "core/frame/csp/ContentSecurityPolicy.h"
 #include "core/inspector/InspectorInstrumentation.h"
 #include "core/inspector/InspectorTraceEvents.h"
 #include "core/loader/CrossOriginPreflightResultCache.h"
 #include "core/loader/DocumentThreadableLoaderClient.h"
 #include "core/loader/FrameLoader.h"
+#include "core/loader/FrameLoaderClient.h"
 #include "core/loader/ThreadableLoaderClient.h"
 #include "platform/SharedBuffer.h"
 #include "platform/network/ResourceRequest.h"
 #include "platform/weborigin/SchemeRegistry.h"
 #include "platform/weborigin/SecurityOrigin.h"
 #include "public/platform/WebURLRequest.h"
 #include "wtf/Assertions.h"
 
 namespace blink {
 
@@ skipping 33 matching lines @@
 
     // Save any CORS simple headers on the request here. If this request redirects cross-origin, we cancel the old request
     // create a new one, and copy these headers.
     const HTTPHeaderMap& headerMap = request.httpHeaderFields();
     HTTPHeaderMap::const_iterator end = headerMap.end();
     for (HTTPHeaderMap::const_iterator it = headerMap.begin(); it != end; ++it) {
         if (FetchUtils::isSimpleHeader(it->key, it->value))
             m_simpleRequestHeaders.add(it->key, it->value);
     }
 
+    if (m_async && !request.skipServiceWorker() && m_document.fetcher()->isControlledByServiceWorker()) {

[yhirano, 2014/10/07 08:03:14]

why m_async is needed, is it a workaround?

[yhirano, 2014/10/07 08:03:15]

Can you write a brief comment about this block?

[horo, 2014/10/08 02:34:56]

Done.

[horo, 2014/10/08 02:34:56]

ServiceWorker's onFetch event doesn't support sync requests.
http://crbug.com/413103

+        if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == DenyCrossOriginRequests) {
+            m_client->didFail(ResourceError(errorDomainBlinkInternal, 0, request.url().string(), "Cross origin requests are not supported."));
+            return;
+        }
+        ResourceRequest newRequest = ResourceRequest(request);

[yhirano, 2014/10/07 08:03:15]

ResourceRequest newRequest(request) is enough.

[horo, 2014/10/08 02:34:56]

Done.

+        if (options.preflightPolicy == ForcePreflight)

[yhirano, 2014/10/07 08:03:14]

Sorry I don't understand this flag manipulation. Where is it specified?

[horo, 2014/10/08 02:34:56]

Added the comment.

+            newRequest.setFetchRequestMode(WebURLRequest::FetchRequestModeCORSWithForcedPreflight);
+        else
+            newRequest.setFetchRequestMode(WebURLRequest::FetchRequestModeCORS);
+
+        if (resourceLoaderOptions.credentialsRequested == ClientRequestedCredentials)

[yhirano, 2014/10/07 08:03:14]

Ditto

[horo, 2014/10/08 02:34:56]

removed

+            newRequest.setFetchCredentialsMode(WebURLRequest::FetchCredentialsModeInclude);
+        else
+            newRequest.setFetchCredentialsMode(WebURLRequest::FetchCredentialsModeSameOrigin);
+

[yhirano, 2014/10/07 08:03:14]

Shouldn't we check the credentials flag correctness?

[horo, 2014/10/08 02:34:56]

removed setFetchCredentialsMode 

+        m_fallbackRequest = adoptPtr(new ResourceRequest(request));
+        m_fallbackRequest->setSkipServiceWorker(true);
+
+        loadRequest(newRequest, m_resourceLoaderOptions);
+        return;
+    }
+
     if (m_sameOriginRequest || m_options.crossOriginRequestPolicy == AllowCrossOriginRequests) {
         loadRequest(request, m_resourceLoaderOptions);
         return;
     }
 
     if (m_options.crossOriginRequestPolicy == DenyCrossOriginRequests) {
         m_client->didFail(ResourceError(errorDomainBlinkInternal, 0, request.url().string(), "Cross origin requests are not supported."));
         return;
     }
 
@@ skipping 246 matching lines @@
 
     if (m_actualRequest) {
         notifyResponseReceived(identifier, response);
         handlePreflightResponse(response);
         return;
     }
 
     // If the response is fetched via ServiceWorker, the original URL of the response could be different from the URL of the request.
     bool isCrossOriginResponse = false;
     if (response.wasFetchedViaServiceWorker()) {
-        if (!isAllowedByPolicy(response.url())) {
-            notifyResponseReceived(identifier, response);
-            m_client->didFailRedirectCheck();
+        if (response.wasFallbackRequiredByServiceWorker() && m_fallbackRequest) {

[yhirano, 2014/10/07 08:03:14]

What happens if wasFallbackRequiredByServiceWorker() is true but
m_fallbackRequest is null? It is correct to return the response?

[horo, 2014/10/08 02:34:56]

m_fallbackRequest must not be null when wasFallbackRequiredByServiceWorker() is
true.
I changed to use ASSERT().

+            loadFallbackRequest();
             return;
         }
-        isCrossOriginResponse = !securityOrigin()->canRequest(response.url());
-        if (m_options.crossOriginRequestPolicy == DenyCrossOriginRequests && isCrossOriginResponse) {
-            notifyResponseReceived(identifier, response);
-            m_client->didFail(ResourceError(errorDomainBlinkInternal, 0, response.url().string(), "Cross origin requests are not supported."));
-            return;
-        }
-        if (isCrossOriginResponse && m_resourceLoaderOptions.credentialsRequested == ClientDidNotRequestCredentials) {
-            // Since the request is no longer same-origin, if the user didn't request credentials in
-            // the first place, update our state so we neither request them nor expect they must be allowed.
-            m_forceDoNotAllowStoredCredentials = true;
-        }
+        m_fallbackRequest = nullptr;
+        m_client->didReceiveResponse(identifier, response);
+        return;
     } else {
         isCrossOriginResponse = !m_sameOriginRequest;
     }
     if (isCrossOriginResponse && m_options.crossOriginRequestPolicy == UseAccessControl) {
         String accessControlErrorDescription;
         if (!passesAccessControlCheck(response, effectiveAllowCredentials(), securityOrigin(), accessControlErrorDescription)) {
             notifyResponseReceived(identifier, response);
             m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkInternal, 0, response.url().string(), accessControlErrorDescription));
             return;
         }
     }
 
     m_client->didReceiveResponse(identifier, response);
 }
 
 void DocumentThreadableLoader::dataReceived(Resource* resource, const char* data, unsigned dataLength)
 {
     ASSERT_UNUSED(resource, resource == this->resource());
     handleReceivedData(data, dataLength);
 }
 
 void DocumentThreadableLoader::handleReceivedData(const char* data, unsigned dataLength)
 {
     ASSERT(m_client);
     // Preflight data should be invisible to clients.
-    if (!m_actualRequest)
+    if (!m_actualRequest && !m_fallbackRequest)
         m_client->didReceiveData(data, dataLength);
 }
 
 void DocumentThreadableLoader::notifyFinished(Resource* resource)
 {
     ASSERT(m_client);
     ASSERT(resource == this->resource());
 
     m_timeoutTimer.stop();
 
@@ skipping 21 matching lines @@
     ASSERT_UNUSED(timer, timer == &m_timeoutTimer);
 
     // Using values from net/base/net_error_list.h ERR_TIMED_OUT,
     // Same as existing FIXME above - this error should be coming from FrameLoaderClient to be identifiable.
     static const int timeoutError = -7;
     ResourceError error("net", timeoutError, resource()->url(), String());
     error.setIsTimeout(true);
     cancelWithError(error);
 }
 
+void DocumentThreadableLoader::loadFallbackRequest()
+{
+    clearResource();
+    OwnPtr<ResourceRequest> fallbackRequest;

[yhirano, 2014/10/07 08:03:15]

fallbackRequest(m_fallbackRequest.release());

[horo, 2014/10/08 02:34:56]

Done.

+    fallbackRequest.swap(m_fallbackRequest);
+    if (m_sameOriginRequest || m_options.crossOriginRequestPolicy == AllowCrossOriginRequests) {
+        loadRequest(*fallbackRequest, m_resourceLoaderOptions);
+        return;
+    }

[yhirano, 2014/10/07 08:03:15]

makeCrossOriginAccessRequest expects that the policy is USE. Please assert that
here as well.

[horo, 2014/10/08 02:34:56]

Done.

+    makeCrossOriginAccessRequest(*fallbackRequest);
+}
+
 void DocumentThreadableLoader::loadActualRequest()
 {
     OwnPtr<ResourceRequest> actualRequest;
     actualRequest.swap(m_actualRequest);
     OwnPtr<ResourceLoaderOptions> actualOptions;
     actualOptions.swap(m_actualOptions);
 
     actualRequest->setHTTPOrigin(securityOrigin()->toAtomicString());
 
     clearResource();
@@ skipping 106 matching lines @@
         return DoNotAllowStoredCredentials;
     return m_resourceLoaderOptions.allowCredentials;
 }
 
 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const
 {
     return m_securityOrigin ? m_securityOrigin.get() : m_document.securityOrigin();
 }
 
 } // namespace blink