Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(487)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/loader/DocumentThreadableLoader.cpp

Issue 732323004: Add use counter for credentialed CORS access from null origins. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: tweak spelling Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Source/core/imagebitmap/ImageBitmapFactories.cpp ('k') | Source/core/rendering/shapes/ShapeOutsideInfo.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved.
3 * Copyright (C) 2013, Intel Corporation 3 * Copyright (C) 2013, Intel Corporation
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are 6 * modification, are permitted provided that the following conditions are
7 * met: 7 * met:
8 * 8 *
9 * * Redistributions of source code must retain the above copyright 9 * * Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
(...skipping 281 matching lines...) Expand 10 before | Expand all | Expand 10 after
292 // original request was not same-origin. 292 // original request was not same-origin.
293 if (m_options.crossOriginRequestPolicy == UseAccessControl) { 293 if (m_options.crossOriginRequestPolicy == UseAccessControl) {
294 294
295 InspectorInstrumentation::didReceiveCORSRedirectResponse(m_document.fram e(), resource->identifier(), m_document.frame()->loader().documentLoader(), redi rectResponse, 0); 295 InspectorInstrumentation::didReceiveCORSRedirectResponse(m_document.fram e(), resource->identifier(), m_document.frame()->loader().documentLoader(), redi rectResponse, 0);
296 296
297 bool allowRedirect = false; 297 bool allowRedirect = false;
298 String accessControlErrorDescription; 298 String accessControlErrorDescription;
299 299
300 if (m_simpleRequest) { 300 if (m_simpleRequest) {
301 allowRedirect = CrossOriginAccessControl::isLegalRedirectLocation(re quest.url(), accessControlErrorDescription) 301 allowRedirect = CrossOriginAccessControl::isLegalRedirectLocation(re quest.url(), accessControlErrorDescription)
302 && (m_sameOriginRequest || passesAccessControlCheck(redirectResp onse, effectiveAllowCredentials(), securityOrigin(), accessControlErrorDescripti on)); 302 && (m_sameOriginRequest || passesAccessControlCheck(&m_document, redirectResponse, effectiveAllowCredentials(), securityOrigin(), accessControlE rrorDescription));
303 } else { 303 } else {
304 accessControlErrorDescription = "The request was redirected to '"+ r equest.url().string() + "', which is disallowed for cross-origin requests that r equire preflight."; 304 accessControlErrorDescription = "The request was redirected to '"+ r equest.url().string() + "', which is disallowed for cross-origin requests that r equire preflight.";
305 } 305 }
306 306
307 if (allowRedirect) { 307 if (allowRedirect) {
308 // FIXME: consider combining this with CORS redirect handling perfor med by 308 // FIXME: consider combining this with CORS redirect handling perfor med by
309 // CrossOriginAccessControl::handleRedirect(). 309 // CrossOriginAccessControl::handleRedirect().
310 clearResource(); 310 clearResource();
311 311
312 RefPtr<SecurityOrigin> originalOrigin = SecurityOrigin::create(redir ectResponse.url()); 312 RefPtr<SecurityOrigin> originalOrigin = SecurityOrigin::create(redir ectResponse.url());
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after
373 ASSERT_UNUSED(resource, resource == this->resource()); 373 ASSERT_UNUSED(resource, resource == this->resource());
374 ASSERT(m_async); 374 ASSERT(m_async);
375 375
376 handleResponse(resource->identifier(), response, handle); 376 handleResponse(resource->identifier(), response, handle);
377 } 377 }
378 378
379 void DocumentThreadableLoader::handlePreflightResponse(const ResourceResponse& r esponse) 379 void DocumentThreadableLoader::handlePreflightResponse(const ResourceResponse& r esponse)
380 { 380 {
381 String accessControlErrorDescription; 381 String accessControlErrorDescription;
382 382
383 if (!passesAccessControlCheck(response, effectiveAllowCredentials(), securit yOrigin(), accessControlErrorDescription)) { 383 if (!passesAccessControlCheck(&m_document, response, effectiveAllowCredentia ls(), securityOrigin(), accessControlErrorDescription)) {
384 handlePreflightFailure(response.url().string(), accessControlErrorDescri ption); 384 handlePreflightFailure(response.url().string(), accessControlErrorDescri ption);
385 return; 385 return;
386 } 386 }
387 387
388 if (!passesPreflightStatusCheck(response, accessControlErrorDescription)) { 388 if (!passesPreflightStatusCheck(response, accessControlErrorDescription)) {
389 handlePreflightFailure(response.url().string(), accessControlErrorDescri ption); 389 handlePreflightFailure(response.url().string(), accessControlErrorDescri ption);
390 return; 390 return;
391 } 391 }
392 392
393 OwnPtr<CrossOriginPreflightResultCacheItem> preflightResult = adoptPtr(new C rossOriginPreflightResultCacheItem(effectiveAllowCredentials())); 393 OwnPtr<CrossOriginPreflightResultCacheItem> preflightResult = adoptPtr(new C rossOriginPreflightResultCacheItem(effectiveAllowCredentials()));
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after
429 } 429 }
430 m_fallbackRequestForServiceWorker = nullptr; 430 m_fallbackRequestForServiceWorker = nullptr;
431 m_client->didReceiveResponse(identifier, response, handle); 431 m_client->didReceiveResponse(identifier, response, handle);
432 return; 432 return;
433 } 433 }
434 434
435 ASSERT(!m_fallbackRequestForServiceWorker); 435 ASSERT(!m_fallbackRequestForServiceWorker);
436 436
437 if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessC ontrol) { 437 if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessC ontrol) {
438 String accessControlErrorDescription; 438 String accessControlErrorDescription;
439 if (!passesAccessControlCheck(response, effectiveAllowCredentials(), sec urityOrigin(), accessControlErrorDescription)) { 439 if (!passesAccessControlCheck(&m_document, response, effectiveAllowCrede ntials(), securityOrigin(), accessControlErrorDescription)) {
440 reportResponseReceived(identifier, response); 440 reportResponseReceived(identifier, response);
441 m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkIn ternal, 0, response.url().string(), accessControlErrorDescription)); 441 m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkIn ternal, 0, response.url().string(), accessControlErrorDescription));
442 return; 442 return;
443 } 443 }
444 } 444 }
445 445
446 m_client->didReceiveResponse(identifier, response, handle); 446 m_client->didReceiveResponse(identifier, response, handle);
447 } 447 }
448 448
449 void DocumentThreadableLoader::dataReceived(Resource* resource, const char* data , unsigned dataLength) 449 void DocumentThreadableLoader::dataReceived(Resource* resource, const char* data , unsigned dataLength)
(...skipping 184 matching lines...) Expand 10 before | Expand all | Expand 10 after
634 return DoNotAllowStoredCredentials; 634 return DoNotAllowStoredCredentials;
635 return m_resourceLoaderOptions.allowCredentials; 635 return m_resourceLoaderOptions.allowCredentials;
636 } 636 }
637 637
638 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const 638 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const
639 { 639 {
640 return m_securityOrigin ? m_securityOrigin.get() : m_document.securityOrigin (); 640 return m_securityOrigin ? m_securityOrigin.get() : m_document.securityOrigin ();
641 } 641 }
642 642
643 } // namespace blink 643 } // namespace blink
OLDNEW
« no previous file with comments | « Source/core/imagebitmap/ImageBitmapFactories.cpp ('k') | Source/core/rendering/shapes/ShapeOutsideInfo.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698