| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) | 2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) |
| 3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) | 3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) |
| 4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) | 4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) |
| 5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All
rights reserved. | 5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All
rights reserved. |
| 6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ | 6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ |
| 7 | 7 |
| 8 This library is free software; you can redistribute it and/or | 8 This library is free software; you can redistribute it and/or |
| 9 modify it under the terms of the GNU Library General Public | 9 modify it under the terms of the GNU Library General Public |
| 10 License as published by the Free Software Foundation; either | 10 License as published by the Free Software Foundation; either |
| (...skipping 564 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 575 // FIXME: Deal with RemoteFrames. | 575 // FIXME: Deal with RemoteFrames. |
| 576 if (frame()->tree().parent()->isLocalFrame()) | 576 if (frame()->tree().parent()->isLocalFrame()) |
| 577 effectiveFrame = toLocalFrame(frame()->tree().parent()); | 577 effectiveFrame = toLocalFrame(frame()->tree().parent()); |
| 578 } | 578 } |
| 579 | 579 |
| 580 MixedContentChecker::ReportingStatus mixedContentReporting = forPreload ? | 580 MixedContentChecker::ReportingStatus mixedContentReporting = forPreload ? |
| 581 MixedContentChecker::SuppressReport : MixedContentChecker::SendReport; | 581 MixedContentChecker::SuppressReport : MixedContentChecker::SendReport; |
| 582 return !MixedContentChecker::shouldBlockFetch(effectiveFrame, resourceReques
t, url, mixedContentReporting); | 582 return !MixedContentChecker::shouldBlockFetch(effectiveFrame, resourceReques
t, url, mixedContentReporting); |
| 583 } | 583 } |
| 584 | 584 |
| 585 bool ResourceFetcher::canAccessResource(Resource* resource, SecurityOrigin* sour
ceOrigin, const KURL& url) const | 585 bool ResourceFetcher::canAccessResource(Resource* resource, SecurityOrigin* sour
ceOrigin, const KURL& url, AccessControlLoggingDecision logErrorsDecision) const |
| 586 { | 586 { |
| 587 // Redirects can change the response URL different from one of request. | 587 // Redirects can change the response URL different from one of request. |
| 588 if (!canRequest(resource->type(), resource->resourceRequest(), url, resource
->options(), resource->isUnusedPreload(), FetchRequest::UseDefaultOriginRestrict
ionForType)) | 588 if (!canRequest(resource->type(), resource->resourceRequest(), url, resource
->options(), resource->isUnusedPreload(), FetchRequest::UseDefaultOriginRestrict
ionForType)) |
| 589 return false; | 589 return false; |
| 590 | 590 |
| 591 if (!sourceOrigin && document()) | 591 if (!sourceOrigin && document()) |
| 592 sourceOrigin = document()->securityOrigin(); | 592 sourceOrigin = document()->securityOrigin(); |
| 593 | 593 |
| 594 if (sourceOrigin->canRequest(url)) | 594 if (sourceOrigin->canRequest(url)) |
| 595 return true; | 595 return true; |
| 596 | 596 |
| 597 String errorDescription; | 597 String errorDescription; |
| 598 if (!resource->passesAccessControlCheck(document(), sourceOrigin, errorDescr
iption)) { | 598 if (!resource->passesAccessControlCheck(document(), sourceOrigin, errorDescr
iption)) { |
| 599 if (resource->type() == Resource::Font) | 599 if (resource->type() == Resource::Font) |
| 600 toFontResource(resource)->setCORSFailed(); | 600 toFontResource(resource)->setCORSFailed(); |
| 601 if (frame() && frame()->document()) { | 601 if ((logErrorsDecision == ShouldLogAccessControlErrors) && frame() && fr
ame()->document()) { |
| 602 String resourceType = Resource::resourceTypeToString(resource->type(
), resource->options().initiatorInfo); | 602 String resourceType = Resource::resourceTypeToString(resource->type(
), resource->options().initiatorInfo); |
| 603 frame()->document()->addConsoleMessage(ConsoleMessage::create(JSMess
ageSource, ErrorMessageLevel, resourceType + " from origin '" + SecurityOrigin::
create(url)->toString() + "' has been blocked from loading by Cross-Origin Resou
rce Sharing policy: " + errorDescription)); | 603 frame()->document()->addConsoleMessage(ConsoleMessage::create(JSMess
ageSource, ErrorMessageLevel, resourceType + " from origin '" + SecurityOrigin::
create(url)->toString() + "' has been blocked from loading by Cross-Origin Resou
rce Sharing policy: " + errorDescription)); |
| 604 } | 604 } |
| 605 return false; | 605 return false; |
| 606 } | 606 } |
| 607 return true; | 607 return true; |
| 608 } | 608 } |
| 609 | 609 |
| 610 bool ResourceFetcher::isControlledByServiceWorker() const | 610 bool ResourceFetcher::isControlledByServiceWorker() const |
| 611 { | 611 { |
| (...skipping 1025 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1637 ResourceLoaderHost::trace(visitor); | 1637 ResourceLoaderHost::trace(visitor); |
| 1638 } | 1638 } |
| 1639 | 1639 |
| 1640 ResourceFetcher* ResourceFetcher::toResourceFetcher(ResourceLoaderHost* host) | 1640 ResourceFetcher* ResourceFetcher::toResourceFetcher(ResourceLoaderHost* host) |
| 1641 { | 1641 { |
| 1642 ASSERT(host->objectType() == ResourceLoaderHost::ResourceFetcherType); | 1642 ASSERT(host->objectType() == ResourceLoaderHost::ResourceFetcherType); |
| 1643 return static_cast<ResourceFetcher*>(host); | 1643 return static_cast<ResourceFetcher*>(host); |
| 1644 } | 1644 } |
| 1645 | 1645 |
| 1646 } | 1646 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 954233003:
Enable SRI only for same origin and CORS content. (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master