Source/core/fetch/ResourceLoader.cpp - Issue 954233003: Enable SRI only for same origin and CORS content.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: Source/core/fetch/ResourceLoader.cpp

Issue 954233003: Enable SRI only for same origin and CORS content. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master

Patch Set: Created 5 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: Source/core/fetch/ResourceLoader.cpp

diff --git a/Source/core/fetch/ResourceLoader.cpp b/Source/core/fetch/ResourceLoader.cpp

index 3db591605e8b223ad9dbec8547ca80c2e8e5da46..d8da6b401a647c3b3b0e7d06ee7b2f599eb7d4d4 100644

--- a/Source/core/fetch/ResourceLoader.cpp

+++ b/Source/core/fetch/ResourceLoader.cpp

@@ -30,6 +30,7 @@

#include "config.h"

#include "core/fetch/ResourceLoader.h"

+#include "core/fetch/CSSStyleSheetResource.h"

#include "core/fetch/Resource.h"

#include "core/fetch/ResourceLoaderHost.h"

#include "core/fetch/ResourcePtr.h"

@@ -354,12 +355,15 @@ void ResourceLoader::didReceiveResponse(blink::WebURLLoader*, const blink::WebUR

resource = m_resource->resourceToRevalidate();

else

m_resource->setResponse(resourceResponse);

- if (!m_host->canAccessResource(resource, m_options.securityOrigin.get(), response.url())) {

+ if (!m_host->canAccessResource(resource, m_options.securityOrigin.get(), response.url(), true)) {

m_host->didReceiveResponse(m_resource, resourceResponse);

cancel(ResourceError::cancelledDueToAccessCheckError(KURL(response.url())));

return;

}

+ } else {

+ if (m_resource->type() == Resource::CSSStyleSheet && !m_host->canAccessResource(m_resource, m_options.securityOrigin.get(), response.url(), false))

Mike West 2015/02/26 08:44:53 1. I think we should only do this check if we actu

jww 2015/03/06 02:16:42 I think these are both addressed by the bigger ref

+ toCSSStyleSheetResource(m_resource)->setCORSNeededAndFailed();

}

// Reference the object in this method since the additional processing can do