Diff
Modified: trunk/Source/WebCore/CMakeLists.txt (201923 => 201924)
--- trunk/Source/WebCore/CMakeLists.txt 2016-06-10 12:58:12 UTC (rev 201923)
+++ trunk/Source/WebCore/CMakeLists.txt 2016-06-10 13:26:30 UTC (rev 201924)
@@ -1900,6 +1900,7 @@
loader/ContentFilter.cpp
loader/CookieJar.cpp
loader/CrossOriginAccessControl.cpp
+ loader/CrossOriginPreflightChecker.cpp
loader/CrossOriginPreflightResultCache.cpp
loader/DocumentLoadTiming.cpp
loader/DocumentLoader.cpp
Modified: trunk/Source/WebCore/ChangeLog (201923 => 201924)
--- trunk/Source/WebCore/ChangeLog 2016-06-10 12:58:12 UTC (rev 201923)
+++ trunk/Source/WebCore/ChangeLog 2016-06-10 13:26:30 UTC (rev 201924)
@@ -1,3 +1,57 @@
+2016-06-10 Youenn Fablet <[email protected]>
+
+ Move preflight check code outside of DocumentThreadableLoader
+ https://bugs.webkit.org/show_bug.cgi?id=158425
+
+ Reviewed by Darin Adler.
+
+ Moving preflight check code in its own class.
+ This allows code to be easier to read, use/reuse and update.
+
+ Behavior should be the same as before except in the case of a preflight response
+ being a 3XX redirect response.
+ Before this patch, the 3XX response was directly passed to the code processing regular responses.
+ To keep compatibility with existing tests, a didFailRedirectCheck callback is called.
+ This should be change to a preflight failure.
+
+ Covered by existing tests.
+
+ * CMakeLists.txt:
+ * WebCore.xcodeproj/project.pbxproj:
+ * loader/CrossOriginPreflightChecker.cpp: Added.
+ (WebCore::CrossOriginPreflightChecker::CrossOriginPreflightChecker):
+ (WebCore::CrossOriginPreflightChecker::~CrossOriginPreflightChecker):
+ (WebCore::CrossOriginPreflightChecker::handleLoadingFailure):
+ (WebCore::CrossOriginPreflightChecker::validatePreflightResponse):
+ (WebCore::CrossOriginPreflightChecker::notifyFinished):
+ (WebCore::CrossOriginPreflightChecker::startPreflight):
+ (WebCore::CrossOriginPreflightChecker::doPreflight):
+ (WebCore::CrossOriginPreflightChecker::redirectReceived):
+ (WebCore::CrossOriginPreflightChecker::setDefersLoading):
+ (WebCore::CrossOriginPreflightChecker::isXMLHttpRequest):
+ * loader/CrossOriginPreflightChecker.h: Added.
+ * loader/DocumentThreadableLoader.cpp:
+ (WebCore::DocumentThreadableLoader::create):
+ (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest):
+ (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequestWithPreflight):
+ (WebCore::DocumentThreadableLoader::setDefersLoading):
+ (WebCore::DocumentThreadableLoader::clearResource):
+ (WebCore::DocumentThreadableLoader::didReceiveResponse):
+ (WebCore::DocumentThreadableLoader::didReceiveData):
+ (WebCore::DocumentThreadableLoader::notifyFinished):
+ (WebCore::DocumentThreadableLoader::didFinishLoading):
+ (WebCore::DocumentThreadableLoader::didFail):
+ (WebCore::DocumentThreadableLoader::preflightSuccess):
+ (WebCore::DocumentThreadableLoader::preflightFailure):
+ (WebCore::DocumentThreadableLoader::loadRequest):
+ (WebCore::DocumentThreadableLoader::responseReceived): Deleted.
+ (WebCore::DocumentThreadableLoader::dataReceived): Deleted.
+ (WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy): Deleted.
+ * loader/DocumentThreadableLoader.h:
+ (WebCore::DocumentThreadableLoader::options):
+ (WebCore::DocumentThreadableLoader::isLoading):
+ (WebCore::DocumentThreadableLoader::document):
+
2016-06-10 Adam Bergkvist <[email protected]>
WebRTC: Imlement MediaEndpointPeerConnection::createAnswer()
Modified: trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj (201923 => 201924)
--- trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2016-06-10 12:58:12 UTC (rev 201923)
+++ trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2016-06-10 13:26:30 UTC (rev 201924)
@@ -1569,6 +1569,8 @@
419BE7591BC7F42B00E1C85B /* WebCoreBuiltinNames.h in Headers */ = {isa = PBXBuildFile; fileRef = 419BE7521BC7F3DB00E1C85B /* WebCoreBuiltinNames.h */; };
41A3D58E101C152D00316D07 /* DedicatedWorkerThread.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 41A3D58C101C152D00316D07 /* DedicatedWorkerThread.cpp */; };
41A3D58F101C152D00316D07 /* DedicatedWorkerThread.h in Headers */ = {isa = PBXBuildFile; fileRef = 41A3D58D101C152D00316D07 /* DedicatedWorkerThread.h */; };
+ 41ABE67B1D0580DB006D862D /* CrossOriginPreflightChecker.h in Headers */ = {isa = PBXBuildFile; fileRef = 41ABE67A1D0580D5006D862D /* CrossOriginPreflightChecker.h */; };
+ 41ABE67C1D0580E0006D862D /* CrossOriginPreflightChecker.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 41ABE6791D0580D5006D862D /* CrossOriginPreflightChecker.cpp */; };
41AD753A1CEF6BD100A31486 /* FetchOptions.h in Headers */ = {isa = PBXBuildFile; fileRef = 41AD75391CEF6BCE00A31486 /* FetchOptions.h */; settings = {ATTRIBUTES = (Private, ); }; };
41BF700C0FE86F49005E8DEC /* MessagePortChannel.h in Headers */ = {isa = PBXBuildFile; fileRef = 41BF700A0FE86F49005E8DEC /* MessagePortChannel.h */; settings = {ATTRIBUTES = (Private, ); }; };
41BF700F0FE86F61005E8DEC /* PlatformMessagePortChannel.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 41BF700D0FE86F61005E8DEC /* PlatformMessagePortChannel.cpp */; };
@@ -9083,6 +9085,8 @@
41A023ED1A39DB7900F722DF /* WritableStream.idl */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = WritableStream.idl; sourceTree = "<group>"; };
41A3D58C101C152D00316D07 /* DedicatedWorkerThread.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DedicatedWorkerThread.cpp; sourceTree = "<group>"; };
41A3D58D101C152D00316D07 /* DedicatedWorkerThread.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DedicatedWorkerThread.h; sourceTree = "<group>"; };
+ 41ABE6791D0580D5006D862D /* CrossOriginPreflightChecker.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CrossOriginPreflightChecker.cpp; sourceTree = "<group>"; };
+ 41ABE67A1D0580D5006D862D /* CrossOriginPreflightChecker.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CrossOriginPreflightChecker.h; sourceTree = "<group>"; };
41AD75391CEF6BCE00A31486 /* FetchOptions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = FetchOptions.h; sourceTree = "<group>"; };
41BF700A0FE86F49005E8DEC /* MessagePortChannel.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MessagePortChannel.h; sourceTree = "<group>"; };
41BF700D0FE86F61005E8DEC /* PlatformMessagePortChannel.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = PlatformMessagePortChannel.cpp; path = default/PlatformMessagePortChannel.cpp; sourceTree = "<group>"; };
@@ -22760,6 +22764,8 @@
E1424C92164B52C800F32D40 /* CookieJar.h */,
E1C416160F6563180092D2FB /* CrossOriginAccessControl.cpp */,
E1C416110F6562FD0092D2FB /* CrossOriginAccessControl.h */,
+ 41ABE6791D0580D5006D862D /* CrossOriginPreflightChecker.cpp */,
+ 41ABE67A1D0580D5006D862D /* CrossOriginPreflightChecker.h */,
E1C415DD0F655D7C0092D2FB /* CrossOriginPreflightResultCache.cpp */,
E1C415D90F655D6F0092D2FB /* CrossOriginPreflightResultCache.h */,
93E227DB0AF589AD00D48324 /* DocumentLoader.cpp */,
@@ -25598,6 +25604,7 @@
5CD9F5681AA0F74600DA45FF /* DFABytecodeInterpreter.h in Headers */,
26A807851B18F97700E219BE /* DFACombiner.h in Headers */,
26A517FE1AB92238006335DF /* DFAMinimizer.h in Headers */,
+ 41ABE67B1D0580DB006D862D /* CrossOriginPreflightChecker.h in Headers */,
267725FF1A5B3AD9003C24DD /* DFANode.h in Headers */,
CD19A2681A13E700008D650E /* DiagnosticLoggingClient.h in Headers */,
46FCB6181A70820E00C5A21E /* DiagnosticLoggingKeys.h in Headers */,
@@ -29702,6 +29709,7 @@
15FCC9FC1B4DF7F200E72326 /* DOMURLMediaStream.cpp in Sources */,
BC1A37BF097C715F0019F3D8 /* DOMUtility.mm in Sources */,
15C770A5100D41CD005BA267 /* DOMValidityState.mm in Sources */,
+ 41ABE67C1D0580E0006D862D /* CrossOriginPreflightChecker.cpp in Sources */,
31C0FF4A0E4CEFDD007D6FE5 /* DOMWebKitAnimationEvent.mm in Sources */,
3106037A143281CD00ABF4BA /* DOMWebKitCSSFilterValue.mm in Sources */,
498391510F1E76B400C23782 /* DOMWebKitCSSMatrix.mm in Sources */,
Added: trunk/Source/WebCore/loader/CrossOriginPreflightChecker.cpp (0 => 201924)
--- trunk/Source/WebCore/loader/CrossOriginPreflightChecker.cpp (rev 0)
+++ trunk/Source/WebCore/loader/CrossOriginPreflightChecker.cpp 2016-06-10 13:26:30 UTC (rev 201924)
@@ -0,0 +1,160 @@
+/*
+ * Copyright (C) 2016 Canon Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Canon Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "CrossOriginPreflightChecker.h"
+
+#include "CachedRawResource.h"
+#include "CachedResourceLoader.h"
+#include "CachedResourceRequest.h"
+#include "ContentSecurityPolicy.h"
+#include "CrossOriginAccessControl.h"
+#include "CrossOriginPreflightResultCache.h"
+#include "DocumentThreadableLoader.h"
+#include "InspectorInstrumentation.h"
+#include "RuntimeEnabledFeatures.h"
+#include "ThreadableLoaderClient.h"
+
+namespace WebCore {
+
+CrossOriginPreflightChecker::CrossOriginPreflightChecker(DocumentThreadableLoader& loader, ResourceRequest&& request)
+ : m_loader(loader)
+ , m_request(WTFMove(request))
+{
+}
+
+CrossOriginPreflightChecker::~CrossOriginPreflightChecker()
+{
+ if (m_resource)
+ m_resource->removeClient(this);
+}
+
+void CrossOriginPreflightChecker::handleLoadingFailure(DocumentThreadableLoader& loader, unsigned long identifier, const ResourceError& error)
+{
+ // FIXME: We might want to call preflightFailure instead.
+ Frame* frame = loader.document().frame();
+ ASSERT(frame);
+ InspectorInstrumentation::didFailLoading(frame, frame->loader().documentLoader(), identifier, error);
+ loader.didFail(identifier, error);
+}
+
+void CrossOriginPreflightChecker::validatePreflightResponse(DocumentThreadableLoader& loader, ResourceRequest&& request, unsigned long identifier, const ResourceResponse& response)
+{
+ Frame* frame = loader.document().frame();
+ ASSERT(frame);
+ auto cookie = InspectorInstrumentation::willReceiveResourceResponse(frame);
+ InspectorInstrumentation::didReceiveResourceResponse(cookie, identifier, frame->loader().documentLoader(), response, 0);
+
+ String description;
+ if (!passesAccessControlCheck(response, loader.options().allowCredentials(), loader.securityOrigin(), description)) {
+ loader.preflightFailure(identifier, ResourceError(errorDomainWebKitInternal, 0, response.url(), description));
+ return;
+ }
+
+ auto result = std::make_unique<CrossOriginPreflightResultCacheItem>(loader.options().allowCredentials());
+ if (!result->parse(response, description)
+ || !result->allowsCrossOriginMethod(request.httpMethod(), description)
+ || !result->allowsCrossOriginHeaders(request.httpHeaderFields(), description)) {
+ loader.preflightFailure(identifier, ResourceError(errorDomainWebKitInternal, 0, response.url(), description));
+ return;
+ }
+
+ CrossOriginPreflightResultCache::singleton().appendEntry(loader.securityOrigin()->toString(), request.url(), WTFMove(result));
+ loader.preflightSuccess(WTFMove(request));
+}
+
+void CrossOriginPreflightChecker::notifyFinished(CachedResource* resource)
+{
+ ASSERT_UNUSED(resource, resource == m_resource);
+ if (m_resource->loadFailedOrCanceled()) {
+ handleLoadingFailure(m_loader, m_resource->identifier(), m_resource->resourceError());
+ return;
+ }
+ validatePreflightResponse(m_loader, WTFMove(m_request), m_resource->identifier(), m_resource->response());
+}
+
+void CrossOriginPreflightChecker::startPreflight()
+{
+ auto options = m_loader.options();
+ options.setClientCredentialPolicy(DoNotAskClientForCrossOriginCredentials);
+ options.setSecurityCheck(DoSecurityCheck);
+ // Don't sniff content or send load callbacks for the preflight request.
+ options.setSendLoadCallbacks(DoNotSendCallbacks);
+ options.setSniffContent(DoNotSniffContent);
+ // Keep buffering the data for the preflight request.
+ options.setDataBufferingPolicy(BufferData);
+
+ CachedResourceRequest preflightRequest(createAccessControlPreflightRequest(m_request, m_loader.securityOrigin()), options);
+ if (RuntimeEnabledFeatures::sharedFeatures().resourceTimingEnabled())
+ preflightRequest.setInitiator(m_loader.options().initiator);
+
+ ASSERT(!m_resource);
+ m_resource = m_loader.document().cachedResourceLoader().requestRawResource(preflightRequest);
+ if (m_resource)
+ m_resource->addClient(this);
+}
+
+void CrossOriginPreflightChecker::doPreflight(DocumentThreadableLoader& loader, ResourceRequest&& request)
+{
+ if (!loader.document().frame())
+ return;
+
+ ResourceRequest preflightRequest = createAccessControlPreflightRequest(request, loader.securityOrigin());
+ ResourceError error;
+ ResourceResponse response;
+ RefPtr<SharedBuffer> data;
+ unsigned identifier = loader.document().frame()->loader().loadResourceSynchronously(preflightRequest, loader.options().allowCredentials(), loader.options().clientCredentialPolicy(), error, response, data);
+
+ if (!error.isNull() && response.httpStatusCode() <= 0) {
+ handleLoadingFailure(loader, identifier, error);
+ return;
+ }
+ validatePreflightResponse(loader, WTFMove(request), identifier, response);
+}
+
+void CrossOriginPreflightChecker::redirectReceived(CachedResource*, ResourceRequest&, const ResourceResponse&)
+{
+ // FIXME: We should call preflightFailure or set redirect mode to error.
+ ASSERT(m_loader.m_client);
+ m_loader.m_client->didFailRedirectCheck();
+}
+
+void CrossOriginPreflightChecker::setDefersLoading(bool value)
+{
+ if (m_resource)
+ m_resource->setDefersLoading(value);
+}
+
+bool CrossOriginPreflightChecker::isXMLHttpRequest() const
+{
+ return m_loader.isXMLHttpRequest();
+}
+
+} // namespace WebCore
Added: trunk/Source/WebCore/loader/CrossOriginPreflightChecker.h (0 => 201924)
--- trunk/Source/WebCore/loader/CrossOriginPreflightChecker.h (rev 0)
+++ trunk/Source/WebCore/loader/CrossOriginPreflightChecker.h 2016-06-10 13:26:30 UTC (rev 201924)
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2016, Canon Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Canon Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include "CachedRawResourceClient.h"
+#include "CachedResourceHandle.h"
+#include "ResourceRequest.h"
+
+namespace WebCore {
+
+class CachedRawResource;
+class Document;
+class DocumentThreadableLoader;
+class ResourceError;
+
+class CrossOriginPreflightChecker final : private CachedRawResourceClient {
+public:
+ static void doPreflight(DocumentThreadableLoader&, ResourceRequest&&);
+
+ CrossOriginPreflightChecker(DocumentThreadableLoader&, ResourceRequest&&);
+ ~CrossOriginPreflightChecker();
+
+ void startPreflight();
+
+ void setDefersLoading(bool);
+
+private:
+ void notifyFinished(CachedResource*) final;
+ void redirectReceived(CachedResource*, ResourceRequest&, const ResourceResponse&) final;
+
+ static void handleLoadingFailure(DocumentThreadableLoader&, unsigned long, const ResourceError&);
+ static void validatePreflightResponse(DocumentThreadableLoader&, ResourceRequest&&, unsigned long, const ResourceResponse&);
+
+ bool isXMLHttpRequest() const final;
+
+ DocumentThreadableLoader& m_loader;
+ CachedResourceHandle<CachedRawResource> m_resource;
+ ResourceRequest m_request;
+};
+
+} // namespace WebCore
Modified: trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp (201923 => 201924)
--- trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp 2016-06-10 12:58:12 UTC (rev 201923)
+++ trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp 2016-06-10 13:26:30 UTC (rev 201924)
@@ -37,6 +37,7 @@
#include "CachedResourceRequestInitiators.h"
#include "ContentSecurityPolicy.h"
#include "CrossOriginAccessControl.h"
+#include "CrossOriginPreflightChecker.h"
#include "CrossOriginPreflightResultCache.h"
#include "Document.h"
#include "Frame.h"
@@ -70,7 +71,7 @@
RefPtr<DocumentThreadableLoader> DocumentThreadableLoader::create(Document& document, ThreadableLoaderClient& client, const ResourceRequest& request, const ThreadableLoaderOptions& options, std::unique_ptr<ContentSecurityPolicy>&& contentSecurityPolicy)
{
RefPtr<DocumentThreadableLoader> loader = adoptRef(new DocumentThreadableLoader(document, client, LoadAsynchronously, request, options, WTFMove(contentSecurityPolicy)));
- if (!loader->m_resource)
+ if (!loader->isLoading())
loader = nullptr;
return loader;
}
@@ -111,19 +112,17 @@
{
ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl);
- auto crossOriginRequest = std::make_unique<ResourceRequest>(request);
- updateRequestForAccessControl(*crossOriginRequest, securityOrigin(), m_options.allowCredentials());
+ auto crossOriginRequest = request;
+ updateRequestForAccessControl(crossOriginRequest, securityOrigin(), m_options.allowCredentials());
- if ((m_options.preflightPolicy == ConsiderPreflight && isSimpleCrossOriginAccessRequest(crossOriginRequest->httpMethod(), crossOriginRequest->httpHeaderFields())) || m_options.preflightPolicy == PreventPreflight)
- makeSimpleCrossOriginAccessRequest(*crossOriginRequest);
+ if ((m_options.preflightPolicy == ConsiderPreflight && isSimpleCrossOriginAccessRequest(crossOriginRequest.httpMethod(), crossOriginRequest.httpHeaderFields())) || m_options.preflightPolicy == PreventPreflight)
+ makeSimpleCrossOriginAccessRequest(crossOriginRequest);
else {
m_simpleRequest = false;
- m_actualRequest = WTFMove(crossOriginRequest);
-
- if (CrossOriginPreflightResultCache::singleton().canSkipPreflight(securityOrigin()->toString(), m_actualRequest->url(), m_options.allowCredentials(), m_actualRequest->httpMethod(), m_actualRequest->httpHeaderFields()))
- preflightSuccess();
+ if (CrossOriginPreflightResultCache::singleton().canSkipPreflight(securityOrigin()->toString(), crossOriginRequest.url(), m_options.allowCredentials(), crossOriginRequest.httpMethod(), crossOriginRequest.httpHeaderFields()))
+ preflightSuccess(WTFMove(crossOriginRequest));
else
- makeCrossOriginAccessRequestWithPreflight(*m_actualRequest);
+ makeCrossOriginAccessRequestWithPreflight(WTFMove(crossOriginRequest));
}
}
@@ -141,10 +140,14 @@
loadRequest(request, DoSecurityCheck);
}
-void DocumentThreadableLoader::makeCrossOriginAccessRequestWithPreflight(const ResourceRequest& request)
+void DocumentThreadableLoader::makeCrossOriginAccessRequestWithPreflight(ResourceRequest&& request)
{
- ResourceRequest preflightRequest = createAccessControlPreflightRequest(request, securityOrigin());
- loadRequest(preflightRequest, DoSecurityCheck);
+ if (m_async) {
+ m_preflightChecker = CrossOriginPreflightChecker(*this, WTFMove(request));
+ m_preflightChecker->startPreflight();
+ return;
+ }
+ CrossOriginPreflightChecker::doPreflight(*this, WTFMove(request));
}
DocumentThreadableLoader::~DocumentThreadableLoader()
@@ -171,6 +174,8 @@
{
if (m_resource)
m_resource->setDefersLoading(value);
+ if (m_preflightChecker)
+ m_preflightChecker->setDefersLoading(value);
}
void DocumentThreadableLoader::clearResource()
@@ -183,6 +188,8 @@
m_resource = nullptr;
resource->removeClient(this);
}
+ if (m_preflightChecker)
+ m_preflightChecker = Nullopt;
}
void DocumentThreadableLoader::redirectReceived(CachedResource* resource, ResourceRequest& request, const ResourceResponse& redirectResponse)
@@ -260,36 +267,14 @@
ASSERT(m_client);
String accessControlErrorDescription;
- if (m_actualRequest) {
- DocumentLoader* loader = m_document.frame()->loader().documentLoader();
- InspectorInstrumentationCookie cookie = InspectorInstrumentation::willReceiveResourceResponse(m_document.frame());
- InspectorInstrumentation::didReceiveResourceResponse(cookie, identifier, loader, response, 0);
-
+ if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessControl) {
if (!passesAccessControlCheck(response, m_options.allowCredentials(), securityOrigin(), accessControlErrorDescription)) {
- preflightFailure(identifier, response.url(), accessControlErrorDescription);
+ m_client->didFailAccessControlCheck(ResourceError(errorDomainWebKitInternal, 0, response.url(), accessControlErrorDescription));
return;
}
-
- StoredCredentials allowCredentials = m_options.allowCredentials();
- auto preflightResult = std::make_unique<CrossOriginPreflightResultCacheItem>(allowCredentials);
- if (!preflightResult->parse(response, accessControlErrorDescription)
- || !preflightResult->allowsCrossOriginMethod(m_actualRequest->httpMethod(), accessControlErrorDescription)
- || !preflightResult->allowsCrossOriginHeaders(m_actualRequest->httpHeaderFields(), accessControlErrorDescription)) {
- preflightFailure(identifier, response.url(), accessControlErrorDescription);
- return;
- }
-
- CrossOriginPreflightResultCache::singleton().appendEntry(securityOrigin()->toString(), m_actualRequest->url(), WTFMove(preflightResult));
- } else {
- if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessControl) {
- if (!passesAccessControlCheck(response, m_options.allowCredentials(), securityOrigin(), accessControlErrorDescription)) {
- m_client->didFailAccessControlCheck(ResourceError(errorDomainWebKitInternal, 0, response.url(), accessControlErrorDescription));
- return;
- }
- }
-
- m_client->didReceiveResponse(identifier, response);
}
+
+ m_client->didReceiveResponse(identifier, response);
}
void DocumentThreadableLoader::dataReceived(CachedResource* resource, const char* data, int dataLength)
@@ -298,16 +283,10 @@
didReceiveData(m_resource->identifier(), data, dataLength);
}
-void DocumentThreadableLoader::didReceiveData(unsigned long identifier, const char* data, int dataLength)
+void DocumentThreadableLoader::didReceiveData(unsigned long, const char* data, int dataLength)
{
ASSERT(m_client);
- // Preflight data should be invisible to clients.
- if (m_actualRequest) {
- InspectorInstrumentation::didReceiveData(m_document.frame(), identifier, 0, 0, dataLength);
- return;
- }
-
m_client->didReceiveData(data, dataLength);
}
@@ -315,7 +294,7 @@
{
ASSERT(m_client);
ASSERT_UNUSED(resource, resource == m_resource);
-
+
if (m_resource->errorOccurred())
didFail(m_resource->identifier(), m_resource->resourceError());
else
@@ -324,44 +303,34 @@
void DocumentThreadableLoader::didFinishLoading(unsigned long identifier, double finishTime)
{
- if (m_actualRequest) {
- InspectorInstrumentation::didFinishLoading(m_document.frame(), m_document.frame()->loader().documentLoader(), identifier, finishTime);
-
- ASSERT(!m_sameOriginRequest);
- ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl);
- preflightSuccess();
- } else
- m_client->didFinishLoading(identifier, finishTime);
+ ASSERT(m_client);
+ m_client->didFinishLoading(identifier, finishTime);
}
-void DocumentThreadableLoader::didFail(unsigned long identifier, const ResourceError& error)
+void DocumentThreadableLoader::didFail(unsigned long, const ResourceError& error)
{
- if (m_actualRequest)
- InspectorInstrumentation::didFailLoading(m_document.frame(), m_document.frame()->loader().documentLoader(), identifier, error);
-
+ ASSERT(m_client);
m_client->didFail(error);
}
-void DocumentThreadableLoader::preflightSuccess()
+void DocumentThreadableLoader::preflightSuccess(ResourceRequest&& request)
{
- std::unique_ptr<ResourceRequest> actualRequest;
- actualRequest.swap(m_actualRequest);
+ ResourceRequest actualRequest(WTFMove(request));
+ actualRequest.setHTTPOrigin(securityOrigin()->toString());
- actualRequest->setHTTPOrigin(securityOrigin()->toString());
+ m_preflightChecker = Nullopt;
- clearResource();
-
// It should be ok to skip the security check since we already asked about the preflight request.
- loadRequest(*actualRequest, SkipSecurityCheck);
+ loadRequest(actualRequest, SkipSecurityCheck);
}
-void DocumentThreadableLoader::preflightFailure(unsigned long identifier, const URL& url, const String& errorDescription)
+void DocumentThreadableLoader::preflightFailure(unsigned long identifier, const ResourceError& error)
{
- ResourceError error(errorDomainWebKitInternal, 0, url, errorDescription);
- if (m_actualRequest)
- InspectorInstrumentation::didFailLoading(m_document.frame(), m_document.frame()->loader().documentLoader(), identifier, error);
+ m_preflightChecker = Nullopt;
- m_actualRequest = nullptr; // Prevent didFinishLoading() from bypassing access check.
+ InspectorInstrumentation::didFailLoading(m_document.frame(), m_document.frame()->loader().documentLoader(), identifier, error);
+
+ ASSERT(m_client);
m_client->didFailAccessControlCheck(error);
}
@@ -376,13 +345,6 @@
if (m_async) {
ThreadableLoaderOptions options = m_options;
options.setClientCredentialPolicy(DoNotAskClientForCrossOriginCredentials);
- if (m_actualRequest) {
- // Don't sniff content or send load callbacks for the preflight request.
- options.setSendLoadCallbacks(DoNotSendCallbacks);
- options.setSniffContent(DoNotSniffContent);
- // Keep buffering the data for the preflight request.
- options.setDataBufferingPolicy(BufferData);
- }
CachedResourceRequest newRequest(request, options);
if (RuntimeEnabledFeatures::sharedFeatures().resourceTimingEnabled())
@@ -394,7 +356,7 @@
return;
}
-
+
// FIXME: ThreadableLoaderOptions.sniffContent is not supported for synchronous requests.
RefPtr<SharedBuffer> data;
ResourceError error;
Modified: trunk/Source/WebCore/loader/DocumentThreadableLoader.h (201923 => 201924)
--- trunk/Source/WebCore/loader/DocumentThreadableLoader.h 2016-06-10 12:58:12 UTC (rev 201923)
+++ trunk/Source/WebCore/loader/DocumentThreadableLoader.h 2016-06-10 13:26:30 UTC (rev 201924)
@@ -31,16 +31,13 @@
#ifndef DocumentThreadableLoader_h
#define DocumentThreadableLoader_h
-#include "CachedRawResourceClient.h"
-#include "CachedResourceHandle.h"
+#include "CrossOriginPreflightChecker.h"
#include "ThreadableLoader.h"
namespace WebCore {
class CachedRawResource;
class ContentSecurityPolicy;
class Document;
- class URL;
- class ResourceRequest;
class SecurityOrigin;
class ThreadableLoaderClient;
@@ -58,6 +55,8 @@
void cancel() override;
virtual void setDefersLoading(bool);
+ friend CrossOriginPreflightChecker;
+
using RefCounted<DocumentThreadableLoader>::ref;
using RefCounted<DocumentThreadableLoader>::deref;
@@ -87,10 +86,10 @@
void didFinishLoading(unsigned long identifier, double finishTime);
void didFail(unsigned long identifier, const ResourceError&);
void makeCrossOriginAccessRequest(const ResourceRequest&);
- void makeSimpleCrossOriginAccessRequest(const ResourceRequest& request);
- void makeCrossOriginAccessRequestWithPreflight(const ResourceRequest& request);
- void preflightSuccess();
- void preflightFailure(unsigned long identifier, const URL&, const String& errorDescription);
+ void makeSimpleCrossOriginAccessRequest(const ResourceRequest&);
+ void makeCrossOriginAccessRequestWithPreflight(ResourceRequest&&);
+ void preflightSuccess(ResourceRequest&&);
+ void preflightFailure(unsigned long identifier, const ResourceError&);
void loadRequest(const ResourceRequest&, SecurityCheckPolicy);
bool isAllowedRedirect(const URL&);
@@ -101,6 +100,10 @@
SecurityOrigin* securityOrigin() const;
const ContentSecurityPolicy& contentSecurityPolicy() const;
+ Document& document() { return m_document; }
+ const ThreadableLoaderOptions& options() const { return m_options; }
+ bool isLoading() { return m_resource || m_preflightChecker; }
+
CachedResourceHandle<CachedRawResource> m_resource;
ThreadableLoaderClient* m_client;
Document& m_document;
@@ -108,8 +111,8 @@
bool m_sameOriginRequest;
bool m_simpleRequest;
bool m_async;
- std::unique_ptr<ResourceRequest> m_actualRequest; // non-null during Access Control preflight checks
std::unique_ptr<ContentSecurityPolicy> m_contentSecurityPolicy;
+ Optional<CrossOriginPreflightChecker> m_preflightChecker;
};
} // namespace WebCore
