OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. |
3 * Copyright (C) 2013, Intel Corporation | 3 * Copyright (C) 2013, Intel Corporation |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions are | 6 * modification, are permitted provided that the following conditions are |
7 * met: | 7 * met: |
8 * | 8 * |
9 * * Redistributions of source code must retain the above copyright | 9 * * Redistributions of source code must retain the above copyright |
10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
(...skipping 281 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
292 // original request was not same-origin. | 292 // original request was not same-origin. |
293 if (m_options.crossOriginRequestPolicy == UseAccessControl) { | 293 if (m_options.crossOriginRequestPolicy == UseAccessControl) { |
294 | 294 |
295 InspectorInstrumentation::didReceiveCORSRedirectResponse(m_document.fram
e(), resource->identifier(), m_document.frame()->loader().documentLoader(), redi
rectResponse, 0); | 295 InspectorInstrumentation::didReceiveCORSRedirectResponse(m_document.fram
e(), resource->identifier(), m_document.frame()->loader().documentLoader(), redi
rectResponse, 0); |
296 | 296 |
297 bool allowRedirect = false; | 297 bool allowRedirect = false; |
298 String accessControlErrorDescription; | 298 String accessControlErrorDescription; |
299 | 299 |
300 if (m_simpleRequest) { | 300 if (m_simpleRequest) { |
301 allowRedirect = CrossOriginAccessControl::isLegalRedirectLocation(re
quest.url(), accessControlErrorDescription) | 301 allowRedirect = CrossOriginAccessControl::isLegalRedirectLocation(re
quest.url(), accessControlErrorDescription) |
302 && (m_sameOriginRequest || passesAccessControlCheck(redirectResp
onse, effectiveAllowCredentials(), securityOrigin(), accessControlErrorDescripti
on)); | 302 && (m_sameOriginRequest || passesAccessControlCheck(&m_document,
redirectResponse, effectiveAllowCredentials(), securityOrigin(), accessControlE
rrorDescription)); |
303 } else { | 303 } else { |
304 accessControlErrorDescription = "The request was redirected to '"+ r
equest.url().string() + "', which is disallowed for cross-origin requests that r
equire preflight."; | 304 accessControlErrorDescription = "The request was redirected to '"+ r
equest.url().string() + "', which is disallowed for cross-origin requests that r
equire preflight."; |
305 } | 305 } |
306 | 306 |
307 if (allowRedirect) { | 307 if (allowRedirect) { |
308 // FIXME: consider combining this with CORS redirect handling perfor
med by | 308 // FIXME: consider combining this with CORS redirect handling perfor
med by |
309 // CrossOriginAccessControl::handleRedirect(). | 309 // CrossOriginAccessControl::handleRedirect(). |
310 clearResource(); | 310 clearResource(); |
311 | 311 |
312 RefPtr<SecurityOrigin> originalOrigin = SecurityOrigin::create(redir
ectResponse.url()); | 312 RefPtr<SecurityOrigin> originalOrigin = SecurityOrigin::create(redir
ectResponse.url()); |
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
373 ASSERT_UNUSED(resource, resource == this->resource()); | 373 ASSERT_UNUSED(resource, resource == this->resource()); |
374 ASSERT(m_async); | 374 ASSERT(m_async); |
375 | 375 |
376 handleResponse(resource->identifier(), response, handle); | 376 handleResponse(resource->identifier(), response, handle); |
377 } | 377 } |
378 | 378 |
379 void DocumentThreadableLoader::handlePreflightResponse(const ResourceResponse& r
esponse) | 379 void DocumentThreadableLoader::handlePreflightResponse(const ResourceResponse& r
esponse) |
380 { | 380 { |
381 String accessControlErrorDescription; | 381 String accessControlErrorDescription; |
382 | 382 |
383 if (!passesAccessControlCheck(response, effectiveAllowCredentials(), securit
yOrigin(), accessControlErrorDescription)) { | 383 if (!passesAccessControlCheck(&m_document, response, effectiveAllowCredentia
ls(), securityOrigin(), accessControlErrorDescription)) { |
384 handlePreflightFailure(response.url().string(), accessControlErrorDescri
ption); | 384 handlePreflightFailure(response.url().string(), accessControlErrorDescri
ption); |
385 return; | 385 return; |
386 } | 386 } |
387 | 387 |
388 if (!passesPreflightStatusCheck(response, accessControlErrorDescription)) { | 388 if (!passesPreflightStatusCheck(response, accessControlErrorDescription)) { |
389 handlePreflightFailure(response.url().string(), accessControlErrorDescri
ption); | 389 handlePreflightFailure(response.url().string(), accessControlErrorDescri
ption); |
390 return; | 390 return; |
391 } | 391 } |
392 | 392 |
393 OwnPtr<CrossOriginPreflightResultCacheItem> preflightResult = adoptPtr(new C
rossOriginPreflightResultCacheItem(effectiveAllowCredentials())); | 393 OwnPtr<CrossOriginPreflightResultCacheItem> preflightResult = adoptPtr(new C
rossOriginPreflightResultCacheItem(effectiveAllowCredentials())); |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
429 } | 429 } |
430 m_fallbackRequestForServiceWorker = nullptr; | 430 m_fallbackRequestForServiceWorker = nullptr; |
431 m_client->didReceiveResponse(identifier, response, handle); | 431 m_client->didReceiveResponse(identifier, response, handle); |
432 return; | 432 return; |
433 } | 433 } |
434 | 434 |
435 ASSERT(!m_fallbackRequestForServiceWorker); | 435 ASSERT(!m_fallbackRequestForServiceWorker); |
436 | 436 |
437 if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessC
ontrol) { | 437 if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessC
ontrol) { |
438 String accessControlErrorDescription; | 438 String accessControlErrorDescription; |
439 if (!passesAccessControlCheck(response, effectiveAllowCredentials(), sec
urityOrigin(), accessControlErrorDescription)) { | 439 if (!passesAccessControlCheck(&m_document, response, effectiveAllowCrede
ntials(), securityOrigin(), accessControlErrorDescription)) { |
440 reportResponseReceived(identifier, response); | 440 reportResponseReceived(identifier, response); |
441 m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkIn
ternal, 0, response.url().string(), accessControlErrorDescription)); | 441 m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkIn
ternal, 0, response.url().string(), accessControlErrorDescription)); |
442 return; | 442 return; |
443 } | 443 } |
444 } | 444 } |
445 | 445 |
446 m_client->didReceiveResponse(identifier, response, handle); | 446 m_client->didReceiveResponse(identifier, response, handle); |
447 } | 447 } |
448 | 448 |
449 void DocumentThreadableLoader::dataReceived(Resource* resource, const char* data
, unsigned dataLength) | 449 void DocumentThreadableLoader::dataReceived(Resource* resource, const char* data
, unsigned dataLength) |
(...skipping 184 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
634 return DoNotAllowStoredCredentials; | 634 return DoNotAllowStoredCredentials; |
635 return m_resourceLoaderOptions.allowCredentials; | 635 return m_resourceLoaderOptions.allowCredentials; |
636 } | 636 } |
637 | 637 |
638 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const | 638 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const |
639 { | 639 { |
640 return m_securityOrigin ? m_securityOrigin.get() : m_document.securityOrigin
(); | 640 return m_securityOrigin ? m_securityOrigin.get() : m_document.securityOrigin
(); |
641 } | 641 } |
642 | 642 |
643 } // namespace blink | 643 } // namespace blink |
OLD | NEW |