Diff
Modified: trunk/Source/WebCore/ChangeLog (202814 => 202815)
--- trunk/Source/WebCore/ChangeLog 2016-07-05 06:43:42 UTC (rev 202814)
+++ trunk/Source/WebCore/ChangeLog 2016-07-05 07:59:20 UTC (rev 202815)
@@ -1,3 +1,46 @@
+2016-07-05 Youenn Fablet <[email protected]>
+
+ Remove CredentialRequest ResourceLoaderOptions
+ https://bugs.webkit.org/show_bug.cgi?id=159404
+
+ Reviewed by Sam Weinig.
+
+ No observable change of behavior.
+ Removing CredentialRequest from ResourceLoaderOptions and replacing it by FetchOptions::Credentials.
+ As per https://fetch.spec.whatwg.org/#http-fetch, credentials flag is set according FetchOptions::Credentials.
+
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::startLoadingMainResource): Set credentials mode to Include.
+ * loader/DocumentThreadableLoader.cpp:
+ (WebCore::DocumentThreadableLoader::redirectReceived): Disable credentials if credentials mode is SameOrigin
+ (request being cross origin).
+ * loader/MediaResourceLoader.cpp: Refqctoring to use CachedResourceReauest::setAsPotentiallyCrossOrigin.
+ Removed unnecessary ResourceRequest copy by using the mutable request of CachedResourceRequest.
+ (WebCore::MediaResourceLoader::requestResource):
+ * loader/NetscapePlugInStreamLoader.cpp:
+ (WebCore::NetscapePlugInStreamLoader::NetscapePlugInStreamLoader): Set credential mode to Include
+ * loader/ResourceLoaderOptions.h: Removing CredentialRequest option.
+ (WebCore::ResourceLoaderOptions::ResourceLoaderOptions):
+ (WebCore::ResourceLoaderOptions::credentialRequest): Deleted.
+ (WebCore::ResourceLoaderOptions::setCredentialRequest): Deleted.
+ * loader/cache/CachedResourceLoader.cpp:
+ (WebCore::CachedResourceLoader::requestUserCSSStyleSheet): Set credential mode to Include.
+ (WebCore::CachedResourceLoader::defaultCachedResourceOptions): Ditto.
+ * loader/cache/CachedResourceRequest.cpp:
+ (WebCore::CachedResourceRequest::setAsPotentiallyCrossOrigin): Set credential mode according crossorigin
+ atribute value.
+ * loader/icon/IconLoader.cpp:
+ (WebCore::IconLoader::startLoading): Set credential mode to Omit.
+ * page/EventSource.cpp:
+ (WebCore::EventSource::connect): Set credential mode according crossorigin atribute value.
+ * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
+ (WebCore::WebCoreAVCFResourceLoader::startLoading): Set credential mode to Omit.
+ * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
+ (WebCore::WebCoreAVFResourceLoader::startLoading): Ditto.
+ * platform/network/ResourceHandleTypes.h: Removed definition of CredentialRequest.
+ * xml/XMLHttpRequest.cpp:
+ (WebCore::XMLHttpRequest::createRequest): Set credential mode according crossorigin atribute value.
+
2016-07-04 Fujii Hironori <[email protected]>
[GTK] Null Node dereference in FrameSelection::notifyAccessibilityForSelectionChange of FrameSelectionAtk.cpp
Modified: trunk/Source/WebCore/loader/DocumentLoader.cpp (202814 => 202815)
--- trunk/Source/WebCore/loader/DocumentLoader.cpp 2016-07-05 06:43:42 UTC (rev 202814)
+++ trunk/Source/WebCore/loader/DocumentLoader.cpp 2016-07-05 07:59:20 UTC (rev 202815)
@@ -1510,7 +1510,7 @@
// If this is a reload the cache layer might have made the previous request conditional. DocumentLoader can't handle 304 responses itself.
request.makeUnconditional();
- static NeverDestroyed<ResourceLoaderOptions> mainResourceLoadOptions(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, ClientRequestedCredentials, SkipSecurityCheck, FetchOptions::Mode::NoCors, IncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching);
+ static NeverDestroyed<ResourceLoaderOptions> mainResourceLoadOptions(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, FetchOptions::Credentials::Include, SkipSecurityCheck, FetchOptions::Mode::NoCors, IncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching);
CachedResourceRequest cachedResourceRequest(request, mainResourceLoadOptions);
cachedResourceRequest.setInitiator(*this);
m_mainResource = m_cachedResourceLoader->requestMainResource(cachedResourceRequest);
Modified: trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp (202814 => 202815)
--- trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp 2016-07-05 06:43:42 UTC (rev 202814)
+++ trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp 2016-07-05 07:59:20 UTC (rev 202815)
@@ -244,9 +244,7 @@
// Force any subsequent request to use these checks.
m_sameOriginRequest = false;
- // Since the request is no longer same-origin, if the user didn't request credentials in
- // the first place, update our state so we neither request them nor expect they must be allowed.
- if (m_options.credentialRequest() == ClientDidNotRequestCredentials)
+ if (m_options.credentials == FetchOptions::Credentials::SameOrigin)
m_options.setAllowCredentials(DoNotAllowStoredCredentials);
cleanRedirectedRequestForAccessControl(request);
Modified: trunk/Source/WebCore/loader/MediaResourceLoader.cpp (202814 => 202815)
--- trunk/Source/WebCore/loader/MediaResourceLoader.cpp 2016-07-05 06:43:42 UTC (rev 202814)
+++ trunk/Source/WebCore/loader/MediaResourceLoader.cpp 2016-07-05 07:59:20 UTC (rev 202815)
@@ -63,27 +63,21 @@
return nullptr;
DataBufferingPolicy bufferingPolicy = options & LoadOption::BufferData ? WebCore::BufferData : WebCore::DoNotBufferData;
- FetchOptions::Mode corsPolicy = !m_crossOriginMode.isNull() ? FetchOptions::Mode::Cors : FetchOptions::Mode::NoCors;
auto cachingPolicy = options & LoadOption::DisallowCaching ? CachingPolicy::DisallowCaching : CachingPolicy::AllowCaching;
- StoredCredentials allowCredentials = m_crossOriginMode.isNull() || equalLettersIgnoringASCIICase(m_crossOriginMode, "use-credentials") ? AllowStoredCredentials : DoNotAllowStoredCredentials;
- auto updatedRequest = request;
- updatedRequest.setRequester(ResourceRequest::Requester::Media);
+ // FIXME: Skip Content Security Policy check if the element that inititated this request is in a user-agent shadow tree. See <https://bugs.webkit.org/show_bug.cgi?id=155505>.
+ CachedResourceRequest cacheRequest(request, ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, bufferingPolicy, AllowStoredCredentials, AskClientForAllCredentials, FetchOptions::Credentials::Include, DoSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, cachingPolicy));
+
+ cacheRequest.setAsPotentiallyCrossOrigin(m_crossOriginMode, *m_document);
+
+ cacheRequest.mutableResourceRequest().setRequester(ResourceRequest::Requester::Media);
#if HAVE(AVFOUNDATION_LOADER_DELEGATE) && PLATFORM(MAC)
// FIXME: Workaround for <rdar://problem/26071607>. We are not able to do CORS checking on 304 responses because they
// are usually missing the headers we need.
- if (corsPolicy == FetchOptions::Mode::Cors)
- updatedRequest.makeUnconditional();
+ if (cacheRequest.options().mode == FetchOptions::Mode::Cors)
+ cacheRequest.mutableResourceRequest().makeUnconditional();
#endif
- // FIXME: Skip Content Security Policy check if the element that inititated this request
- // is in a user-agent shadow tree. See <https://bugs.webkit.org/show_bug.cgi?id=155505>.
- CachedResourceRequest cacheRequest(updatedRequest, ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, bufferingPolicy, allowCredentials, AskClientForAllCredentials, ClientDidNotRequestCredentials, DoSecurityCheck, corsPolicy, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, cachingPolicy));
-
- if (!m_crossOriginMode.isNull()) {
- ASSERT(m_document->securityOrigin());
- updateRequestForAccessControl(cacheRequest.mutableResourceRequest(), *m_document->securityOrigin(), allowCredentials);
- }
CachedResourceHandle<CachedRawResource> resource = m_document->cachedResourceLoader().requestMedia(cacheRequest);
if (!resource)
return nullptr;
Modified: trunk/Source/WebCore/loader/NetscapePlugInStreamLoader.cpp (202814 => 202815)
--- trunk/Source/WebCore/loader/NetscapePlugInStreamLoader.cpp 2016-07-05 06:43:42 UTC (rev 202814)
+++ trunk/Source/WebCore/loader/NetscapePlugInStreamLoader.cpp 2016-07-05 07:59:20 UTC (rev 202815)
@@ -43,7 +43,7 @@
// FIXME: Skip Content Security Policy check when associated plugin element is in a user agent shadow tree.
// See <https://bugs.webkit.org/show_bug.cgi?id=146663>.
NetscapePlugInStreamLoader::NetscapePlugInStreamLoader(Frame& frame, NetscapePlugInStreamLoaderClient& client)
- : ResourceLoader(frame, ResourceLoaderOptions(SendCallbacks, SniffContent, DoNotBufferData, AllowStoredCredentials, AskClientForAllCredentials, ClientRequestedCredentials, SkipSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching))
+ : ResourceLoader(frame, ResourceLoaderOptions(SendCallbacks, SniffContent, DoNotBufferData, AllowStoredCredentials, AskClientForAllCredentials, FetchOptions::Credentials::Include, SkipSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching))
, m_client(&client)
{
#if ENABLE(CONTENT_EXTENSIONS)
Modified: trunk/Source/WebCore/loader/ResourceLoaderOptions.h (202814 => 202815)
--- trunk/Source/WebCore/loader/ResourceLoaderOptions.h 2016-07-05 06:43:42 UTC (rev 202814)
+++ trunk/Source/WebCore/loader/ResourceLoaderOptions.h 2016-07-05 07:59:20 UTC (rev 202815)
@@ -82,19 +82,17 @@
, m_dataBufferingPolicy(BufferData)
, m_allowCredentials(DoNotAllowStoredCredentials)
, m_clientCredentialPolicy(DoNotAskClientForAnyCredentials)
- , m_credentialRequest(ClientDidNotRequestCredentials)
, m_securityCheck(DoSecurityCheck)
, m_certificateInfoPolicy(DoNotIncludeCertificateInfo)
{
}
- ResourceLoaderOptions(SendCallbackPolicy sendLoadCallbacks, ContentSniffingPolicy sniffContent, DataBufferingPolicy dataBufferingPolicy, StoredCredentials allowCredentials, ClientCredentialPolicy credentialPolicy, CredentialRequest credentialRequest, SecurityCheckPolicy securityCheck, FetchOptions::Mode mode, CertificateInfoPolicy certificateInfoPolicy, ContentSecurityPolicyImposition contentSecurityPolicyImposition, DefersLoadingPolicy defersLoadingPolicy, CachingPolicy cachingPolicy)
+ ResourceLoaderOptions(SendCallbackPolicy sendLoadCallbacks, ContentSniffingPolicy sniffContent, DataBufferingPolicy dataBufferingPolicy, StoredCredentials allowCredentials, ClientCredentialPolicy credentialPolicy, FetchOptions::Credentials credentials, SecurityCheckPolicy securityCheck, FetchOptions::Mode mode, CertificateInfoPolicy certificateInfoPolicy, ContentSecurityPolicyImposition contentSecurityPolicyImposition, DefersLoadingPolicy defersLoadingPolicy, CachingPolicy cachingPolicy)
: m_sendLoadCallbacks(sendLoadCallbacks)
, m_sniffContent(sniffContent)
, m_dataBufferingPolicy(dataBufferingPolicy)
, m_allowCredentials(allowCredentials)
, m_clientCredentialPolicy(credentialPolicy)
- , m_credentialRequest(credentialRequest)
, m_securityCheck(securityCheck)
, m_certificateInfoPolicy(certificateInfoPolicy)
, m_contentSecurityPolicyImposition(contentSecurityPolicyImposition)
@@ -101,6 +99,7 @@
, m_defersLoadingPolicy(defersLoadingPolicy)
, m_cachingPolicy(cachingPolicy)
{
+ this->credentials = credentials;
this->mode = mode;
}
@@ -114,8 +113,6 @@
void setAllowCredentials(StoredCredentials allow) { m_allowCredentials = allow; }
ClientCredentialPolicy clientCredentialPolicy() const { return static_cast<ClientCredentialPolicy>(m_clientCredentialPolicy); }
void setClientCredentialPolicy(ClientCredentialPolicy policy) { m_clientCredentialPolicy = policy; }
- CredentialRequest credentialRequest() { return static_cast<CredentialRequest>(m_credentialRequest); }
- void setCredentialRequest(CredentialRequest credentialRequest) { m_credentialRequest = credentialRequest; }
SecurityCheckPolicy securityCheck() const { return static_cast<SecurityCheckPolicy>(m_securityCheck); }
void setSecurityCheck(SecurityCheckPolicy check) { m_securityCheck = check; }
CertificateInfoPolicy certificateInfoPolicy() const { return static_cast<CertificateInfoPolicy>(m_certificateInfoPolicy); }
@@ -132,7 +129,6 @@
unsigned m_dataBufferingPolicy : 1;
unsigned m_allowCredentials : 1; // Whether HTTP credentials and cookies are sent with the request.
unsigned m_clientCredentialPolicy : 2; // When we should ask the client for credentials (if we allow credentials at all).
- unsigned m_credentialRequest: 1; // Whether the client (e.g. XHR) wanted credentials in the first place.
unsigned m_securityCheck : 1;
unsigned m_certificateInfoPolicy : 1; // Whether the response should include certificate info.
ContentSecurityPolicyImposition m_contentSecurityPolicyImposition { ContentSecurityPolicyImposition::DoPolicyCheck };
Modified: trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp (202814 => 202815)
--- trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2016-07-05 06:43:42 UTC (rev 202814)
+++ trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2016-07-05 07:59:20 UTC (rev 202815)
@@ -241,7 +241,7 @@
memoryCache.add(*userSheet);
// FIXME: loadResource calls setOwningCachedResourceLoader() if the resource couldn't be added to cache. Does this function need to call it, too?
- userSheet->load(*this, ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, ClientRequestedCredentials, SkipSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::SkipPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching));
+ userSheet->load(*this, ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, FetchOptions::Credentials::Include, SkipSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::SkipPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching));
return userSheet;
}
@@ -1157,7 +1157,7 @@
printf("HIT COMPLETE PRELOAD %s\n", resource->url().latin1().data());
else if (resource->preloadResult() == CachedResource::PreloadReferencedWhileLoading)
printf("HIT LOADING PRELOAD %s\n", resource->url().latin1().data());
-
+
if (resource->type() == CachedResource::Script) {
scripts++;
if (resource->preloadResult() < CachedResource::PreloadReferencedWhileLoading)
@@ -1171,14 +1171,14 @@
if (resource->preloadResult() < CachedResource::PreloadReferencedWhileLoading)
imageMisses++;
}
-
+
if (resource->errorOccurred() && resource->preloadResult() == CachedResource::PreloadNotReferenced)
MemoryCache::singleton().remove(resource);
-
+
resource->decreasePreloadCount();
}
m_preloads = nullptr;
-
+
if (scripts)
printf("SCRIPTS: %d (%d hits, hit rate %d%%)\n", scripts, scripts - scriptMisses, (scripts - scriptMisses) * 100 / scripts);
if (stylesheets)
@@ -1190,7 +1190,7 @@
const ResourceLoaderOptions& CachedResourceLoader::defaultCachedResourceOptions()
{
- static ResourceLoaderOptions options(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, ClientRequestedCredentials, DoSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching);
+ static ResourceLoaderOptions options(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, FetchOptions::Credentials::Include, DoSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching);
return options;
}
Modified: trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp (202814 => 202815)
--- trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp 2016-07-05 06:43:42 UTC (rev 202814)
+++ trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp 2016-07-05 07:59:20 UTC (rev 202815)
@@ -99,6 +99,7 @@
if (mode.isNull())
return;
m_options.mode = FetchOptions::Mode::Cors;
+ m_options.credentials = equalLettersIgnoringASCIICase(mode, "use-credentials") ? FetchOptions::Credentials::Include : FetchOptions::Credentials::SameOrigin;
m_options.setAllowCredentials(equalLettersIgnoringASCIICase(mode, "use-credentials") ? AllowStoredCredentials : DoNotAllowStoredCredentials);
ASSERT(document.securityOrigin());
Modified: trunk/Source/WebCore/loader/icon/IconLoader.cpp (202814 => 202815)
--- trunk/Source/WebCore/loader/icon/IconLoader.cpp 2016-07-05 06:43:42 UTC (rev 202814)
+++ trunk/Source/WebCore/loader/icon/IconLoader.cpp 2016-07-05 07:59:20 UTC (rev 202815)
@@ -59,7 +59,7 @@
return;
// ContentSecurityPolicyImposition::DoPolicyCheck is a placeholder value. It does not affect the request since Content Security Policy does not apply to raw resources.
- CachedResourceRequest request(ResourceRequest(m_frame.loader().icon().url()), ResourceLoaderOptions(SendCallbacks, SniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForAnyCredentials, ClientDidNotRequestCredentials, DoSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching));
+ CachedResourceRequest request(ResourceRequest(m_frame.loader().icon().url()), ResourceLoaderOptions(SendCallbacks, SniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForAnyCredentials, FetchOptions::Credentials::Omit, DoSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching));
request.mutableResourceRequest().setPriority(ResourceLoadPriority::Low);
request.setInitiator(cachedResourceRequestInitiators().icon);
Modified: trunk/Source/WebCore/page/EventSource.cpp (202814 => 202815)
--- trunk/Source/WebCore/page/EventSource.cpp 2016-07-05 06:43:42 UTC (rev 202814)
+++ trunk/Source/WebCore/page/EventSource.cpp 2016-07-05 07:59:20 UTC (rev 202815)
@@ -109,7 +109,7 @@
options.setSendLoadCallbacks(SendCallbacks);
options.setSniffContent(DoNotSniffContent);
options.setAllowCredentials((origin.canRequest(m_url) || m_withCredentials) ? AllowStoredCredentials : DoNotAllowStoredCredentials);
- options.setCredentialRequest(m_withCredentials ? ClientRequestedCredentials : ClientDidNotRequestCredentials);
+ options.credentials = m_withCredentials ? FetchOptions::Credentials::Include : FetchOptions::Credentials::SameOrigin;
options.preflightPolicy = PreventPreflight;
options.crossOriginRequestPolicy = UseAccessControl;
options.setDataBufferingPolicy(DoNotBufferData);
Modified: trunk/Source/WebCore/platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp (202814 => 202815)
--- trunk/Source/WebCore/platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp 2016-07-05 06:43:42 UTC (rev 202814)
+++ trunk/Source/WebCore/platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp 2016-07-05 07:59:20 UTC (rev 202815)
@@ -71,7 +71,7 @@
RetainPtr<CFURLRequestRef> urlRequest = AVCFAssetResourceLoadingRequestGetURLRequest(m_avRequest.get());
// ContentSecurityPolicyImposition::DoPolicyCheck is a placeholder value. It does not affect the request since Content Security Policy does not apply to raw resources.
- CachedResourceRequest request(ResourceRequest(urlRequest.get()), ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForCrossOriginCredentials, ClientDidNotRequestCredentials, DoSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::DisallowCaching));
+ CachedResourceRequest request(ResourceRequest(urlRequest.get()), ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForCrossOriginCredentials, FetchOptions::Credentials::Omit, DoSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::DisallowCaching));
request.mutableResourceRequest().setPriority(ResourceLoadPriority::Low);
CachedResourceLoader* loader = m_parent->player()->cachedResourceLoader();
Modified: trunk/Source/WebCore/platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm (202814 => 202815)
--- trunk/Source/WebCore/platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm 2016-07-05 06:43:42 UTC (rev 202814)
+++ trunk/Source/WebCore/platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm 2016-07-05 07:59:20 UTC (rev 202815)
@@ -69,7 +69,7 @@
// FIXME: Skip Content Security Policy check if the element that inititated this request
// is in a user-agent shadow tree. See <https://bugs.webkit.org/show_bug.cgi?id=155505>.
- CachedResourceRequest request(nsRequest, ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForCrossOriginCredentials, ClientDidNotRequestCredentials, DoSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::DisallowCaching));
+ CachedResourceRequest request(nsRequest, ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForCrossOriginCredentials, FetchOptions::Credentials::Omit, DoSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::DisallowCaching));
request.mutableResourceRequest().setPriority(ResourceLoadPriority::Low);
if (auto* loader = m_parent->player()->cachedResourceLoader())
m_resource = loader->requestMedia(request);
Modified: trunk/Source/WebCore/platform/network/ResourceHandleTypes.h (202814 => 202815)
--- trunk/Source/WebCore/platform/network/ResourceHandleTypes.h 2016-07-05 06:43:42 UTC (rev 202814)
+++ trunk/Source/WebCore/platform/network/ResourceHandleTypes.h 2016-07-05 07:59:20 UTC (rev 202815)
@@ -39,15 +39,6 @@
DoNotAskClientForAnyCredentials
};
-// APIs like XMLHttpRequest and EventSource let the user decide
-// whether to send credentials, but they're always sent for
-// same-origin requests. Additional information is needed to handle
-// cross-origin redirects correctly.
-enum CredentialRequest {
- ClientRequestedCredentials,
- ClientDidNotRequestCredentials
-};
-
} // namespace WebCore
#endif // ResourceHandleTypes_h
Modified: trunk/Source/WebCore/xml/XMLHttpRequest.cpp (202814 => 202815)
--- trunk/Source/WebCore/xml/XMLHttpRequest.cpp 2016-07-05 06:43:42 UTC (rev 202814)
+++ trunk/Source/WebCore/xml/XMLHttpRequest.cpp 2016-07-05 07:59:20 UTC (rev 202815)
@@ -713,7 +713,7 @@
options.setSniffContent(DoNotSniffContent);
options.preflightPolicy = uploadEvents ? ForcePreflight : ConsiderPreflight;
options.setAllowCredentials((m_sameOriginRequest || m_includeCredentials) ? AllowStoredCredentials : DoNotAllowStoredCredentials);
- options.setCredentialRequest(m_includeCredentials ? ClientRequestedCredentials : ClientDidNotRequestCredentials);
+ options.credentials = m_includeCredentials ? FetchOptions::Credentials::Include : FetchOptions::Credentials::SameOrigin;
options.crossOriginRequestPolicy = UseAccessControl;
options.contentSecurityPolicyEnforcement = scriptExecutionContext()->shouldBypassMainWorldContentSecurityPolicy() ? ContentSecurityPolicyEnforcement::DoNotEnforce : ContentSecurityPolicyEnforcement::EnforceConnectSrcDirective;
options.initiator = cachedResourceRequestInitiators().xmlhttprequest;
