OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "config.h" | 5 #include "config.h" |
6 #include "FetchManager.h" | 6 #include "FetchManager.h" |
7 | 7 |
8 #include "bindings/core/v8/ExceptionState.h" | 8 #include "bindings/core/v8/ExceptionState.h" |
9 #include "bindings/core/v8/ScriptPromiseResolver.h" | 9 #include "bindings/core/v8/ScriptPromiseResolver.h" |
10 #include "bindings/core/v8/ScriptState.h" | 10 #include "bindings/core/v8/ScriptState.h" |
11 #include "bindings/core/v8/V8ThrowException.h" | 11 #include "bindings/core/v8/V8ThrowException.h" |
12 #include "core/dom/ExceptionCode.h" | 12 #include "core/dom/ExceptionCode.h" |
13 #include "core/fetch/FetchUtils.h" | 13 #include "core/fetch/FetchUtils.h" |
14 #include "core/fileapi/Blob.h" | 14 #include "core/fileapi/Blob.h" |
15 #include "core/frame/csp/ContentSecurityPolicy.h" | |
15 #include "core/loader/ThreadableLoader.h" | 16 #include "core/loader/ThreadableLoader.h" |
16 #include "core/loader/ThreadableLoaderClient.h" | 17 #include "core/loader/ThreadableLoaderClient.h" |
17 #include "modules/serviceworkers/FetchRequestData.h" | 18 #include "modules/serviceworkers/FetchRequestData.h" |
18 #include "modules/serviceworkers/Response.h" | 19 #include "modules/serviceworkers/Response.h" |
19 #include "modules/serviceworkers/ResponseInit.h" | 20 #include "modules/serviceworkers/ResponseInit.h" |
20 #include "platform/network/ResourceRequest.h" | 21 #include "platform/network/ResourceRequest.h" |
21 #include "platform/weborigin/SecurityOrigin.h" | 22 #include "platform/weborigin/SecurityOrigin.h" |
22 #include "public/platform/WebURLRequest.h" | 23 #include "public/platform/WebURLRequest.h" |
23 #include "wtf/HashSet.h" | 24 #include "wtf/HashSet.h" |
24 | 25 |
(...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
150 // We set the referrer using workerGlobalScope's URL in | 151 // We set the referrer using workerGlobalScope's URL in |
151 // WorkerThreadableLoader. | 152 // WorkerThreadableLoader. |
152 | 153 |
153 // "3. If |request|'s synchronous flag is unset and fetch is not invoked | 154 // "3. If |request|'s synchronous flag is unset and fetch is not invoked |
154 // recursively, run the remaining steps asynchronously." | 155 // recursively, run the remaining steps asynchronously." |
155 // We don't support synchronous flag. | 156 // We don't support synchronous flag. |
156 | 157 |
157 // "4. Let response be the value corresponding to the first matching | 158 // "4. Let response be the value corresponding to the first matching |
158 // statement:" | 159 // statement:" |
159 | 160 |
160 // "- should fetching |request| be blocked as mixed content returns blocked | 161 // "- should fetching |request| be blocked as mixed content returns blocked" |
161 // - should fetching |request| be blocked as content security returns | 162 // We do mixed content checking in ResourceFetcher. |
162 // blocked | 163 |
163 // A network error." | 164 // "- should fetching |request| be blocked as content security returns |
164 // We do mixed content checking and CSP checking in ResourceFetcher. | 165 // blocked" |
166 if (!ContentSecurityPolicy::shouldBypassMainWorld(m_executionContext) && !m_ executionContext->contentSecurityPolicy()->allowConnectToSource(m_request->url() )) { | |
Mike West
2014/11/19 10:31:49
Why do we do the CSP check here, rather than in Re
horo
2014/11/19 12:35:41
The old comment was wrong.
We don't check CSP for
Mike West
2014/11/19 12:40:45
We check in both XMLHTTPRequest and ResourceFetche
horo
2014/11/19 12:57:34
Are you saying "both XMLHTTPRequest and DocumentTh
| |
167 // "A network error." | |
168 performNetworkError(); | |
169 return; | |
170 } | |
165 | 171 |
166 // "- |request|'s url's origin is |request|'s origin and the |CORS flag| is | 172 // "- |request|'s url's origin is |request|'s origin and the |CORS flag| is |
167 // unset" | 173 // unset" |
168 // "- |request|'s url's scheme is 'data' and |request|'s same-origin data | 174 // "- |request|'s url's scheme is 'data' and |request|'s same-origin data |
169 // URL flag is set" | 175 // URL flag is set" |
170 // "- |request|'s url's scheme is 'about'" | 176 // "- |request|'s url's scheme is 'about'" |
171 if ((SecurityOrigin::create(m_request->url())->isSameSchemeHostPort(m_reques t->origin().get()) && !m_corsFlag) | 177 if ((SecurityOrigin::create(m_request->url())->isSameSchemeHostPort(m_reques t->origin().get()) && !m_corsFlag) |
172 || (m_request->url().protocolIsData() && m_request->sameOriginDataURLFla g()) | 178 || (m_request->url().protocolIsData() && m_request->sameOriginDataURLFla g()) |
173 || (m_request->url().protocolIsAbout())) { | 179 || (m_request->url().protocolIsAbout())) { |
174 // "The result of performing a basic fetch using request." | 180 // "The result of performing a basic fetch using request." |
(...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
304 // mode is |include|, or |HTTPRequest|'s credentials mode is |same-origin| | 310 // mode is |include|, or |HTTPRequest|'s credentials mode is |same-origin| |
305 // and the |CORS flag| is unset, and unset otherwise. | 311 // and the |CORS flag| is unset, and unset otherwise. |
306 ResourceLoaderOptions resourceLoaderOptions; | 312 ResourceLoaderOptions resourceLoaderOptions; |
307 resourceLoaderOptions.dataBufferingPolicy = DoNotBufferData; | 313 resourceLoaderOptions.dataBufferingPolicy = DoNotBufferData; |
308 if (m_request->credentials() == WebURLRequest::FetchCredentialsModeInclude | 314 if (m_request->credentials() == WebURLRequest::FetchCredentialsModeInclude |
309 || (m_request->credentials() == WebURLRequest::FetchCredentialsModeSameO rigin && !m_corsFlag)) { | 315 || (m_request->credentials() == WebURLRequest::FetchCredentialsModeSameO rigin && !m_corsFlag)) { |
310 resourceLoaderOptions.allowCredentials = AllowStoredCredentials; | 316 resourceLoaderOptions.allowCredentials = AllowStoredCredentials; |
311 } | 317 } |
312 | 318 |
313 ThreadableLoaderOptions threadableLoaderOptions; | 319 ThreadableLoaderOptions threadableLoaderOptions; |
320 threadableLoaderOptions.contentSecurityPolicyEnforcement = ContentSecurityPo licy::shouldBypassMainWorld(m_executionContext) ? DoNotEnforceContentSecurityPol icy : EnforceConnectSrcDirective; | |
314 if (m_corsPreflightFlag) | 321 if (m_corsPreflightFlag) |
315 threadableLoaderOptions.preflightPolicy = ForcePreflight; | 322 threadableLoaderOptions.preflightPolicy = ForcePreflight; |
316 if (m_corsFlag) | 323 if (m_corsFlag) |
317 threadableLoaderOptions.crossOriginRequestPolicy = UseAccessControl; | 324 threadableLoaderOptions.crossOriginRequestPolicy = UseAccessControl; |
318 else | 325 else |
319 threadableLoaderOptions.crossOriginRequestPolicy = AllowCrossOriginReque sts; | 326 threadableLoaderOptions.crossOriginRequestPolicy = AllowCrossOriginReque sts; |
320 | 327 |
321 | |
322 m_loader = ThreadableLoader::create(*m_executionContext, this, request, thre adableLoaderOptions, resourceLoaderOptions); | 328 m_loader = ThreadableLoader::create(*m_executionContext, this, request, thre adableLoaderOptions, resourceLoaderOptions); |
323 } | 329 } |
324 | 330 |
325 void FetchManager::Loader::failed() | 331 void FetchManager::Loader::failed() |
326 { | 332 { |
327 if (m_failed) | 333 if (m_failed) |
328 return; | 334 return; |
329 if (!m_resolver->executionContext() || m_resolver->executionContext()->activ eDOMObjectsAreStopped()) | 335 if (!m_resolver->executionContext() || m_resolver->executionContext()->activ eDOMObjectsAreStopped()) |
330 return; | 336 return; |
331 m_failed = true; | 337 m_failed = true; |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
363 loader->start(); | 369 loader->start(); |
364 return promise; | 370 return promise; |
365 } | 371 } |
366 | 372 |
367 void FetchManager::onLoaderFinished(Loader* loader) | 373 void FetchManager::onLoaderFinished(Loader* loader) |
368 { | 374 { |
369 m_loaders.remove(loader); | 375 m_loaders.remove(loader); |
370 } | 376 } |
371 | 377 |
372 } // namespace blink | 378 } // namespace blink |
OLD | NEW |