OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. |
3 * Copyright (C) 2013, Intel Corporation | 3 * Copyright (C) 2013, Intel Corporation |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions are | 6 * modification, are permitted provided that the following conditions are |
7 * met: | 7 * met: |
8 * | 8 * |
9 * * Redistributions of source code must retain the above copyright | 9 * * Redistributions of source code must retain the above copyright |
10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
(...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
92 if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == DenyCrossO
riginRequests) { | 92 if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == DenyCrossO
riginRequests) { |
93 m_client->didFail(ResourceError(errorDomainBlinkInternal, 0, request.url
().string(), "Cross origin requests are not supported.")); | 93 m_client->didFail(ResourceError(errorDomainBlinkInternal, 0, request.url
().string(), "Cross origin requests are not supported.")); |
94 return; | 94 return; |
95 } | 95 } |
96 | 96 |
97 m_requestStartedSeconds = monotonicallyIncreasingTime(); | 97 m_requestStartedSeconds = monotonicallyIncreasingTime(); |
98 | 98 |
99 // Save any CORS simple headers on the request here. If this request redirec
ts cross-origin, we cancel the old request | 99 // Save any CORS simple headers on the request here. If this request redirec
ts cross-origin, we cancel the old request |
100 // create a new one, and copy these headers. | 100 // create a new one, and copy these headers. |
101 const HTTPHeaderMap& headerMap = request.httpHeaderFields(); | 101 const HTTPHeaderMap& headerMap = request.httpHeaderFields(); |
102 HTTPHeaderMap::const_iterator end = headerMap.end(); | 102 for (const auto& header : headerMap) { |
103 for (HTTPHeaderMap::const_iterator it = headerMap.begin(); it != end; ++it)
{ | 103 if (FetchUtils::isSimpleHeader(header.key, header.value)) |
104 if (FetchUtils::isSimpleHeader(it->key, it->value)) | 104 m_simpleRequestHeaders.add(header.key, header.value); |
105 m_simpleRequestHeaders.add(it->key, it->value); | |
106 } | 105 } |
107 | 106 |
108 // If the fetch request will be handled by the ServiceWorker, the | 107 // If the fetch request will be handled by the ServiceWorker, the |
109 // FetchRequestMode of the request must be FetchRequestModeCORS or | 108 // FetchRequestMode of the request must be FetchRequestModeCORS or |
110 // FetchRequestModeCORSWithForcedPreflight. Otherwise the ServiceWorker can | 109 // FetchRequestModeCORSWithForcedPreflight. Otherwise the ServiceWorker can |
111 // return a opaque response which is from the other origin site and the | 110 // return a opaque response which is from the other origin site and the |
112 // script in the page can read the content. | 111 // script in the page can read the content. |
113 // | 112 // |
114 // We assume that ServiceWorker is skipped for sync requests and non-HTTP | 113 // We assume that ServiceWorker is skipped for sync requests and non-HTTP |
115 // familiy requests by content/ code. | 114 // familiy requests by content/ code. |
(...skipping 196 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
312 // Since the request is no longer same-origin, if the user didn't re
quest credentials in | 311 // Since the request is no longer same-origin, if the user didn't re
quest credentials in |
313 // the first place, update our state so we neither request them nor
expect they must be allowed. | 312 // the first place, update our state so we neither request them nor
expect they must be allowed. |
314 if (m_resourceLoaderOptions.credentialsRequested == ClientDidNotRequ
estCredentials) | 313 if (m_resourceLoaderOptions.credentialsRequested == ClientDidNotRequ
estCredentials) |
315 m_forceDoNotAllowStoredCredentials = true; | 314 m_forceDoNotAllowStoredCredentials = true; |
316 | 315 |
317 // Remove any headers that may have been added by the network layer
that cause access control to fail. | 316 // Remove any headers that may have been added by the network layer
that cause access control to fail. |
318 request.clearHTTPReferrer(); | 317 request.clearHTTPReferrer(); |
319 request.clearHTTPOrigin(); | 318 request.clearHTTPOrigin(); |
320 request.clearHTTPUserAgent(); | 319 request.clearHTTPUserAgent(); |
321 // Add any CORS simple request headers which we previously saved fro
m the original request. | 320 // Add any CORS simple request headers which we previously saved fro
m the original request. |
322 HTTPHeaderMap::const_iterator end = m_simpleRequestHeaders.end(); | 321 for (const auto& header : m_simpleRequestHeaders) |
323 for (HTTPHeaderMap::const_iterator it = m_simpleRequestHeaders.begin
(); it != end; ++it) { | 322 request.setHTTPHeaderField(header.key, header.value); |
324 request.setHTTPHeaderField(it->key, it->value); | |
325 } | |
326 makeCrossOriginAccessRequest(request); | 323 makeCrossOriginAccessRequest(request); |
327 return; | 324 return; |
328 } | 325 } |
329 | 326 |
330 ResourceError error(errorDomainBlinkInternal, 0, redirectResponse.url().
string(), accessControlErrorDescription); | 327 ResourceError error(errorDomainBlinkInternal, 0, redirectResponse.url().
string(), accessControlErrorDescription); |
331 m_client->didFailAccessControlCheck(error); | 328 m_client->didFailAccessControlCheck(error); |
332 } else { | 329 } else { |
333 m_client->didFailRedirectCheck(); | 330 m_client->didFailRedirectCheck(); |
334 } | 331 } |
335 | 332 |
(...skipping 288 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
624 return DoNotAllowStoredCredentials; | 621 return DoNotAllowStoredCredentials; |
625 return m_resourceLoaderOptions.allowCredentials; | 622 return m_resourceLoaderOptions.allowCredentials; |
626 } | 623 } |
627 | 624 |
628 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const | 625 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const |
629 { | 626 { |
630 return m_securityOrigin ? m_securityOrigin.get() : m_document.securityOrigin
(); | 627 return m_securityOrigin ? m_securityOrigin.get() : m_document.securityOrigin
(); |
631 } | 628 } |
632 | 629 |
633 } // namespace blink | 630 } // namespace blink |
OLD | NEW |