| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) | 2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) |
| 3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) | 3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) |
| 4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) | 4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) |
| 5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All
rights reserved. | 5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All
rights reserved. |
| 6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ | 6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ |
| 7 | 7 |
| 8 This library is free software; you can redistribute it and/or | 8 This library is free software; you can redistribute it and/or |
| 9 modify it under the terms of the GNU Library General Public | 9 modify it under the terms of the GNU Library General Public |
| 10 License as published by the Free Software Foundation; either | 10 License as published by the Free Software Foundation; either |
| (...skipping 557 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 568 ASSERT(parentFrame); | 568 ASSERT(parentFrame); |
| 569 if (parentFrame->isLocalFrame()) | 569 if (parentFrame->isLocalFrame()) |
| 570 effectiveFrame = toLocalFrame(parentFrame); | 570 effectiveFrame = toLocalFrame(parentFrame); |
| 571 } | 571 } |
| 572 | 572 |
| 573 MixedContentChecker::ReportingStatus mixedContentReporting = forPreload ? | 573 MixedContentChecker::ReportingStatus mixedContentReporting = forPreload ? |
| 574 MixedContentChecker::SuppressReport : MixedContentChecker::SendReport; | 574 MixedContentChecker::SuppressReport : MixedContentChecker::SendReport; |
| 575 return !MixedContentChecker::shouldBlockFetch(effectiveFrame, resourceReques
t, url, mixedContentReporting); | 575 return !MixedContentChecker::shouldBlockFetch(effectiveFrame, resourceReques
t, url, mixedContentReporting); |
| 576 } | 576 } |
| 577 | 577 |
| 578 bool ResourceFetcher::canAccessResource(Resource* resource, SecurityOrigin* sour
ceOrigin, const KURL& url) const | 578 bool ResourceFetcher::canAccessResource(Resource* resource, SecurityOrigin* sour
ceOrigin, const KURL& url, AccessControlLoggingDecision logErrorsDecision) const |
| 579 { | 579 { |
| 580 // Redirects can change the response URL different from one of request. | 580 // Redirects can change the response URL different from one of request. |
| 581 bool forPreload = resource->isUnusedPreload(); | 581 bool forPreload = resource->isUnusedPreload(); |
| 582 if (!canRequest(resource->type(), resource->resourceRequest(), url, resource
->options(), forPreload, FetchRequest::UseDefaultOriginRestrictionForType)) | 582 if (!canRequest(resource->type(), resource->resourceRequest(), url, resource
->options(), forPreload, FetchRequest::UseDefaultOriginRestrictionForType)) |
| 583 return false; | 583 return false; |
| 584 | 584 |
| 585 if (!sourceOrigin && document()) | 585 if (!sourceOrigin && document()) |
| 586 sourceOrigin = document()->securityOrigin(); | 586 sourceOrigin = document()->securityOrigin(); |
| 587 | 587 |
| 588 if (sourceOrigin->canRequest(url)) | 588 if (sourceOrigin->canRequest(url)) |
| 589 return true; | 589 return true; |
| 590 | 590 |
| 591 String errorDescription; | 591 String errorDescription; |
| 592 if (!resource->passesAccessControlCheck(document(), sourceOrigin, errorDescr
iption)) { | 592 if (!resource->passesAccessControlCheck(document(), sourceOrigin, errorDescr
iption)) { |
| 593 if (resource->type() == Resource::Font) | 593 if (resource->type() == Resource::Font) |
| 594 toFontResource(resource)->setCORSFailed(); | 594 toFontResource(resource)->setCORSFailed(); |
| 595 if (!forPreload && frame() && frame()->document()) { | 595 if (!forPreload && (logErrorsDecision == ShouldLogAccessControlErrors) &
& frame() && frame()->document()) { |
| 596 String resourceType = Resource::resourceTypeToString(resource->type(
), resource->options().initiatorInfo); | 596 String resourceType = Resource::resourceTypeToString(resource->type(
), resource->options().initiatorInfo); |
| 597 frame()->document()->addConsoleMessage(ConsoleMessage::create(JSMess
ageSource, ErrorMessageLevel, resourceType + " from origin '" + SecurityOrigin::
create(url)->toString() + "' has been blocked from loading by Cross-Origin Resou
rce Sharing policy: " + errorDescription)); | 597 frame()->document()->addConsoleMessage(ConsoleMessage::create(JSMess
ageSource, ErrorMessageLevel, resourceType + " from origin '" + SecurityOrigin::
create(url)->toString() + "' has been blocked from loading by Cross-Origin Resou
rce Sharing policy: " + errorDescription)); |
| 598 } | 598 } |
| 599 return false; | 599 return false; |
| 600 } | 600 } |
| 601 return true; | 601 return true; |
| 602 } | 602 } |
| 603 | 603 |
| 604 bool ResourceFetcher::isControlledByServiceWorker() const | 604 bool ResourceFetcher::isControlledByServiceWorker() const |
| 605 { | 605 { |
| (...skipping 982 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1588 ResourceLoaderHost::trace(visitor); | 1588 ResourceLoaderHost::trace(visitor); |
| 1589 } | 1589 } |
| 1590 | 1590 |
| 1591 ResourceFetcher* ResourceFetcher::toResourceFetcher(ResourceLoaderHost* host) | 1591 ResourceFetcher* ResourceFetcher::toResourceFetcher(ResourceLoaderHost* host) |
| 1592 { | 1592 { |
| 1593 ASSERT(host->objectType() == ResourceLoaderHost::ResourceFetcherType); | 1593 ASSERT(host->objectType() == ResourceLoaderHost::ResourceFetcherType); |
| 1594 return static_cast<ResourceFetcher*>(host); | 1594 return static_cast<ResourceFetcher*>(host); |
| 1595 } | 1595 } |
| 1596 | 1596 |
| 1597 } | 1597 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 954233003:
Enable SRI only for same origin and CORS content. (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master