Merge from Chromium at DEPS revision r200144
This commit was generated by merge_to_master.py.
Change-Id: I52995489013675af682cee321f417f624396b584
diff --git a/Source/core/loader/CrossOriginAccessControl.cpp b/Source/core/loader/CrossOriginAccessControl.cpp
index db496c7..e77bf5d 100644
--- a/Source/core/loader/CrossOriginAccessControl.cpp
+++ b/Source/core/loader/CrossOriginAccessControl.cpp
@@ -33,7 +33,7 @@
#include "core/platform/network/HTTPParsers.h"
#include "core/platform/network/ResourceRequest.h"
#include "core/platform/network/ResourceResponse.h"
-#include "origin/SecurityOrigin.h"
+#include "weborigin/SecurityOrigin.h"
namespace WebCore {
diff --git a/Source/core/loader/DocumentLoadTiming.cpp b/Source/core/loader/DocumentLoadTiming.cpp
index 99defb6..fc6970c 100644
--- a/Source/core/loader/DocumentLoadTiming.cpp
+++ b/Source/core/loader/DocumentLoadTiming.cpp
@@ -32,7 +32,7 @@
#include "core/loader/DocumentLoader.h"
#include "core/page/Frame.h"
#include "core/page/Page.h"
-#include "origin/SecurityOrigin.h"
+#include "weborigin/SecurityOrigin.h"
namespace WebCore {
diff --git a/Source/core/loader/DocumentLoader.cpp b/Source/core/loader/DocumentLoader.cpp
index 1aac7ce..b18718a 100644
--- a/Source/core/loader/DocumentLoader.cpp
+++ b/Source/core/loader/DocumentLoader.cpp
@@ -63,8 +63,8 @@
#include "core/page/Page.h"
#include "core/page/Settings.h"
#include "core/platform/Logging.h"
-#include "origin/SchemeRegistry.h"
-#include "origin/SecurityPolicy.h"
+#include "weborigin/SchemeRegistry.h"
+#include "weborigin/SecurityPolicy.h"
namespace WebCore {
@@ -477,9 +477,9 @@
if (newRequest.cachePolicy() == UseProtocolCachePolicy && isPostOrRedirectAfterPost(newRequest, redirectResponse))
newRequest.setCachePolicy(ReloadIgnoringCacheData);
- Frame* top = m_frame->tree()->top();
- if (top != m_frame) {
- if (!frameLoader()->mixedContentChecker()->canDisplayInsecureContent(top->document()->securityOrigin(), newRequest.url())) {
+ Frame* parent = m_frame->tree()->parent();
+ if (parent) {
+ if (!parent->loader()->mixedContentChecker()->canRunInsecureContent(parent->document()->securityOrigin(), newRequest.url())) {
cancelMainResourceLoad(frameLoader()->cancelledError(newRequest));
return;
}
@@ -647,8 +647,6 @@
if (frameLoader()->stateMachine()->creatingInitialEmptyDocument())
return;
- if (frameLoader()->stateMachine()->isDisplayingInitialEmptyDocument())
- frameLoader()->stateMachine()->advanceTo(FrameLoaderStateMachine::CommittedFirstRealLoad);
// The origin is the MHTML file, we need to set the base URL to the document encoded in the MHTML so
// relative URLs are resolved properly.
@@ -1077,7 +1075,7 @@
ResourceRequest request(m_request);
DEFINE_STATIC_LOCAL(ResourceLoaderOptions, mainResourceLoadOptions,
- (SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForCrossOriginCredentials, SkipSecurityCheck));
+ (SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, ClientRequestedCredentials, AskClientForCrossOriginCredentials, SkipSecurityCheck));
CachedResourceRequest cachedResourceRequest(request, mainResourceLoadOptions);
m_mainResource = m_cachedResourceLoader->requestMainResource(cachedResourceRequest);
if (!m_mainResource) {
diff --git a/Source/core/loader/DocumentThreadableLoader.cpp b/Source/core/loader/DocumentThreadableLoader.cpp
index 58beed3..6f4a6be 100644
--- a/Source/core/loader/DocumentThreadableLoader.cpp
+++ b/Source/core/loader/DocumentThreadableLoader.cpp
@@ -31,8 +31,7 @@
#include "config.h"
#include "core/loader/DocumentThreadableLoader.h"
-#include <wtf/Assertions.h>
-#include <wtf/UnusedParam.h>
+#include "bindings/v8/ScriptController.h"
#include "core/dom/Document.h"
#include "core/inspector/InspectorInstrumentation.h"
#include "core/loader/CrossOriginAccessControl.h"
@@ -45,11 +44,15 @@
#include "core/loader/cache/CachedRawResource.h"
#include "core/loader/cache/CachedResourceLoader.h"
#include "core/loader/cache/CachedResourceRequest.h"
+#include "core/loader/cache/CachedResourceRequestInitiators.h"
+#include "core/page/ContentSecurityPolicy.h"
#include "core/page/Frame.h"
#include "core/platform/network/ResourceError.h"
#include "core/platform/network/ResourceRequest.h"
-#include "origin/SchemeRegistry.h"
-#include "origin/SecurityOrigin.h"
+#include "weborigin/SchemeRegistry.h"
+#include "weborigin/SecurityOrigin.h"
+#include "wtf/Assertions.h"
+#include "wtf/UnusedParam.h"
namespace WebCore {
@@ -179,6 +182,12 @@
ASSERT_UNUSED(resource, resource == m_resource);
RefPtr<DocumentThreadableLoader> protect(this);
+ if (!isAllowedByPolicy(request.url())) {
+ m_client->didFailRedirectCheck();
+ request = ResourceRequest();
+ return;
+ }
+
// Allow same origin requests to continue after allowing clients to audit the redirect.
if (isAllowedRedirect(request.url())) {
if (m_client->isDocumentThreadableLoaderClient())
@@ -187,7 +196,8 @@
}
// When using access control, only simple cross origin requests are allowed to redirect. The new request URL must have a supported
- // scheme and not contain the userinfo production. In addition, the redirect response must pass the access control check.
+ // scheme and not contain the userinfo production. In addition, the redirect response must pass the access control check if the
+ // original request was not same-origin.
if (m_options.crossOriginRequestPolicy == UseAccessControl) {
bool allowRedirect = false;
if (m_simpleRequest) {
@@ -195,7 +205,7 @@
allowRedirect = SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(request.url().protocol())
&& request.url().user().isEmpty()
&& request.url().pass().isEmpty()
- && passesAccessControlCheck(redirectResponse, m_options.allowCredentials, securityOrigin(), accessControlErrorDescription);
+ && (m_sameOriginRequest || passesAccessControlCheck(redirectResponse, m_options.allowCredentials, securityOrigin(), accessControlErrorDescription));
}
if (allowRedirect) {
@@ -204,12 +214,19 @@
RefPtr<SecurityOrigin> originalOrigin = SecurityOrigin::createFromString(redirectResponse.url());
RefPtr<SecurityOrigin> requestOrigin = SecurityOrigin::createFromString(request.url());
- // If the request URL origin is not same origin with the original URL origin, set source origin to a globally unique identifier.
- if (!originalOrigin->isSameSchemeHostPort(requestOrigin.get()))
+ // If the original request wasn't same-origin, then if the request URL origin is not same origin with the original URL origin,
+ // set the source origin to a globally unique identifier. (If the original request was same-origin, the origin of the new request
+ // should be the original URL origin.)
+ if (!m_sameOriginRequest && !originalOrigin->isSameSchemeHostPort(requestOrigin.get()))
m_options.securityOrigin = SecurityOrigin::createUnique();
// Force any subsequent requests to use these checks.
m_sameOriginRequest = false;
+ // Since the request is no longer same-origin, if the user didn't request credentials in
+ // the first place, update our state so we neither request them nor expect they must be allowed.
+ if (m_options.credentialsRequested == ClientDidNotRequestCredentials)
+ m_options.allowCredentials = DoNotAllowStoredCredentials;
+
// Remove any headers that may have been added by the network layer that cause access control to fail.
request.clearHTTPContentType();
request.clearHTTPReferrer();
@@ -394,7 +411,7 @@
unsigned long identifier = std::numeric_limits<unsigned long>::max();
if (Frame* frame = m_document->frame()) {
Frame* top = frame->tree()->top();
- if (!top->loader()->mixedContentChecker()->canDisplayInsecureContent(top->document()->securityOrigin(), requestURL)) {
+ if (!top->loader()->mixedContentChecker()->canRunInsecureContent(top->document()->securityOrigin(), requestURL)) {
m_client->didFail(error);
return;
}
@@ -413,7 +430,7 @@
// FIXME: FrameLoader::loadSynchronously() does not tell us whether a redirect happened or not, so we guess by comparing the
// request and response URLs. This isn't a perfect test though, since a server can serve a redirect to the same URL that was
// requested. Also comparing the request and response URLs as strings will fail if the requestURL still has its credentials.
- if (requestURL != response.url() && !isAllowedRedirect(response.url())) {
+ if (requestURL != response.url() && (!isAllowedByPolicy(response.url()) || !isAllowedRedirect(response.url()))) {
m_client->didFailRedirectCheck();
return;
}
@@ -427,7 +444,7 @@
didFinishLoading(identifier, 0.0);
}
-bool DocumentThreadableLoader::isAllowedRedirect(const KURL& url)
+bool DocumentThreadableLoader::isAllowedRedirect(const KURL& url) const
{
if (m_options.crossOriginRequestPolicy == AllowCrossOriginRequests)
return true;
@@ -435,6 +452,13 @@
return m_sameOriginRequest && securityOrigin()->canRequest(url);
}
+bool DocumentThreadableLoader::isAllowedByPolicy(const KURL& url) const
+{
+ if (m_options.contentSecurityPolicyEnforcement != EnforceConnectSrcDirective)
+ return true;
+ return m_document->contentSecurityPolicy()->allowConnectToSource(url);
+}
+
SecurityOrigin* DocumentThreadableLoader::securityOrigin() const
{
return m_options.securityOrigin ? m_options.securityOrigin.get() : m_document->securityOrigin();
diff --git a/Source/core/loader/DocumentThreadableLoader.h b/Source/core/loader/DocumentThreadableLoader.h
index 32402b0..da0afb6 100644
--- a/Source/core/loader/DocumentThreadableLoader.h
+++ b/Source/core/loader/DocumentThreadableLoader.h
@@ -95,7 +95,8 @@
void preflightFailure(unsigned long identifier, const String& url, const String& errorDescription);
void loadRequest(const ResourceRequest&, SecurityCheckPolicy);
- bool isAllowedRedirect(const KURL&);
+ bool isAllowedRedirect(const KURL&) const;
+ bool isAllowedByPolicy(const KURL&) const;
SecurityOrigin* securityOrigin() const;
diff --git a/Source/core/loader/DocumentWriter.cpp b/Source/core/loader/DocumentWriter.cpp
index b29d7da..9232db8 100644
--- a/Source/core/loader/DocumentWriter.cpp
+++ b/Source/core/loader/DocumentWriter.cpp
@@ -44,7 +44,7 @@
#include "core/page/FrameView.h"
#include "core/page/Settings.h"
#include "core/platform/text/SegmentedString.h"
-#include "origin/SecurityOrigin.h"
+#include "weborigin/SecurityOrigin.h"
namespace WebCore {
diff --git a/Source/core/loader/EmptyClients.h b/Source/core/loader/EmptyClients.h
index 5bc450f..137e8ec 100644
--- a/Source/core/loader/EmptyClients.h
+++ b/Source/core/loader/EmptyClients.h
@@ -139,7 +139,6 @@
virtual WebKit::WebScreenInfo screenInfo() const OVERRIDE { return WebKit::WebScreenInfo(); }
virtual void contentsSizeChanged(Frame*, const IntSize&) const OVERRIDE { }
- virtual void scrollbarsModeDidChange() const OVERRIDE { }
virtual void mouseDidMoveOverElement(const HitTestResult&, unsigned) OVERRIDE { }
virtual void setToolTip(const String&, TextDirection) OVERRIDE { }
diff --git a/Source/core/loader/FrameLoadRequest.h b/Source/core/loader/FrameLoadRequest.h
index 5e5185f..0d1c8cd 100644
--- a/Source/core/loader/FrameLoadRequest.h
+++ b/Source/core/loader/FrameLoadRequest.h
@@ -27,7 +27,7 @@
#define FrameLoadRequest_h
#include "core/loader/SubstituteData.h"
-#include "origin/SecurityOrigin.h"
+#include "weborigin/SecurityOrigin.h"
#include "core/platform/network/ResourceRequest.h"
namespace WebCore {
diff --git a/Source/core/loader/FrameLoader.cpp b/Source/core/loader/FrameLoader.cpp
index 10c9a76..c985192 100644
--- a/Source/core/loader/FrameLoader.cpp
+++ b/Source/core/loader/FrameLoader.cpp
@@ -104,9 +104,9 @@
#include "core/plugins/PluginData.h"
#include "core/xml/parser/XMLDocumentParser.h"
#include "modules/webdatabase/DatabaseManager.h"
-#include "origin/SchemeRegistry.h"
-#include "origin/SecurityOrigin.h"
-#include "origin/SecurityPolicy.h"
+#include "weborigin/SchemeRegistry.h"
+#include "weborigin/SecurityOrigin.h"
+#include "weborigin/SecurityPolicy.h"
#if ENABLE(SVG)
#include "SVGNames.h"
@@ -480,7 +480,7 @@
// Calling document.open counts as committing the first real document load.
if (!m_stateMachine.committedFirstRealDocumentLoad())
- m_stateMachine.advanceTo(FrameLoaderStateMachine::CommittedFirstRealLoad);
+ m_stateMachine.advanceTo(FrameLoaderStateMachine::DisplayingInitialEmptyDocumentPostCommit);
// Prevent window.open(url) -- eg window.open("about:blank") -- from blowing away results
// from a subsequent window.document.open / window.document.write call.
@@ -543,6 +543,9 @@
m_checkTimer.stop();
m_shouldCallCheckCompleted = false;
m_shouldCallCheckLoadComplete = false;
+
+ if (m_stateMachine.isDisplayingInitialEmptyDocument() && m_stateMachine.committedFirstRealDocumentLoad())
+ m_stateMachine.advanceTo(FrameLoaderStateMachine::CommittedFirstRealLoad);
}
void FrameLoader::receivedFirstData()
@@ -774,7 +777,7 @@
m_frame->document()->implicitClose();
}
-void FrameLoader::loadURLIntoChildFrame(const KURL& url, const String& referer, Frame* childFrame)
+void FrameLoader::loadURLIntoChildFrame(const ResourceRequest& request, Frame* childFrame)
{
ASSERT(childFrame);
@@ -789,27 +792,7 @@
return;
}
}
-
- childFrame->loader()->loadURL(url, referer, "_self", FrameLoadTypeInitialInChildFrame, 0, 0);
-}
-
-ObjectContentType FrameLoader::defaultObjectContentType(const KURL& url, const String& mimeTypeIn, bool shouldPreferPlugInsForImages)
-{
- String mimeType = mimeTypeIn;
-
- if (mimeType.isEmpty())
- mimeType = mimeTypeFromURL(url);
-
- if (mimeType.isEmpty())
- return ObjectContentFrame; // Go ahead and hope that we can display the content.
-
- if (MIMETypeRegistry::isSupportedImageMIMEType(mimeType))
- return WebCore::ObjectContentImage;
-
- if (MIMETypeRegistry::isSupportedNonImageMIMEType(mimeType))
- return WebCore::ObjectContentFrame;
-
- return WebCore::ObjectContentNone;
+ childFrame->loader()->loadURL(request, "_self", FrameLoadTypeInitialInChildFrame, 0, 0);
}
String FrameLoader::outgoingReferrer() const
@@ -990,6 +973,7 @@
frame()->page()->backForward()->setCurrentItem(currentItem.get());
ASSERT(stateMachine()->isDisplayingInitialEmptyDocument());
+ stateMachine()->advanceTo(FrameLoaderStateMachine::DisplayingInitialEmptyDocumentPostCommit);
stateMachine()->advanceTo(FrameLoaderStateMachine::CommittedFirstRealLoad);
}
}
@@ -1028,26 +1012,34 @@
return;
}
- String argsReferrer = request.resourceRequest().httpReferrer();
+ ResourceRequest resourceRequest(request.resourceRequest());
+ String argsReferrer = resourceRequest.httpReferrer();
if (argsReferrer.isEmpty())
argsReferrer = outgoingReferrer();
String referrer = SecurityPolicy::generateReferrerHeader(m_frame->document()->referrerPolicy(), url, argsReferrer);
if (shouldSendReferrer == NeverSendReferrer)
referrer = String();
-
+
+ if (!referrer.isEmpty()) {
+ resourceRequest.setHTTPReferrer(referrer);
+ RefPtr<SecurityOrigin> referrerOrigin = SecurityOrigin::createFromString(referrer);
+ addHTTPOriginIfNeeded(resourceRequest, referrerOrigin->toString());
+ } else
+ resourceRequest.clearHTTPReferrer();
+
FrameLoadType loadType;
- if (request.resourceRequest().cachePolicy() == ReloadIgnoringCacheData)
+ if (resourceRequest.cachePolicy() == ReloadIgnoringCacheData)
loadType = FrameLoadTypeReload;
else if (lockBackForwardList || history()->currentItemShouldBeReplaced())
loadType = FrameLoadTypeRedirectWithLockedBackForwardList;
else
loadType = FrameLoadTypeStandard;
- if (request.resourceRequest().httpMethod() == "POST")
- loadPostRequest(request.resourceRequest(), referrer, request.frameName(), loadType, event, formState.get());
- else
- loadURL(request.resourceRequest().url(), referrer, request.frameName(), loadType, event, formState.get());
+ if (loadType == FrameLoadTypeReload || loadType == FrameLoadTypeReloadFromOrigin)
+ resourceRequest.setCachePolicy(ReloadIgnoringCacheData);
+
+ loadURL(resourceRequest, request.frameName(), loadType, event, formState.get());
// FIXME: It's possible this targetFrame will not be the same frame that was targeted by the actual
// load if frame names have changed.
@@ -1061,28 +1053,20 @@
}
}
-void FrameLoader::loadURL(const KURL& newURL, const String& referrer, const String& frameName, FrameLoadType newLoadType,
- PassRefPtr<Event> event, PassRefPtr<FormState> prpFormState)
+void FrameLoader::loadURL(const ResourceRequest& request, const String& frameName, FrameLoadType newLoadType,
+ PassRefPtr<Event> event, PassRefPtr<FormState> formState)
{
if (m_inStopAllLoaders)
return;
- RefPtr<FormState> formState = prpFormState;
bool isFormSubmission = formState;
-
- ResourceRequest request(newURL);
- if (!referrer.isEmpty()) {
- request.setHTTPReferrer(referrer);
- RefPtr<SecurityOrigin> referrerOrigin = SecurityOrigin::createFromString(referrer);
- addHTTPOriginIfNeeded(request, referrerOrigin->toString());
- }
ASSERT(newLoadType != FrameLoadTypeSame);
// The search for a target frame is done earlier in the case of form submission.
Frame* targetFrame = isFormSubmission ? 0 : findFrameForNavigation(frameName);
if (targetFrame && targetFrame != m_frame) {
- targetFrame->loader()->loadURL(newURL, referrer, "_self", newLoadType, event, formState.release());
+ targetFrame->loader()->loadURL(request, "_self", newLoadType, event, formState);
return;
}
@@ -1092,16 +1076,16 @@
NavigationAction action(request, newLoadType, isFormSubmission, event);
if (!targetFrame && !frameName.isEmpty()) {
- checkNewWindowPolicyAndContinue(formState.release(), frameName, action);
+ checkNewWindowPolicyAndContinue(formState, frameName, action);
return;
}
- bool sameURL = shouldTreatURLAsSameAsCurrent(newURL);
- loadWithNavigationAction(request, action, newLoadType, formState.release(), defaultSubstituteDataForURL(request.url()));
+ bool sameURL = shouldTreatURLAsSameAsCurrent(request.url());
+ loadWithNavigationAction(request, action, newLoadType, formState, defaultSubstituteDataForURL(request.url()));
// Example of this case are sites that reload the same URL with a different cookie
// driving the generated content, or a master frame with links that drive a target
// frame, where the user has clicked on the same link repeatedly.
- if (sameURL && newLoadType != FrameLoadTypeReload && newLoadType != FrameLoadTypeReloadFromOrigin)
+ if (sameURL && newLoadType != FrameLoadTypeReload && newLoadType != FrameLoadTypeReloadFromOrigin && request.httpMethod() != "POST")
m_loadType = FrameLoadTypeSame;
}
@@ -1137,35 +1121,22 @@
const KURL& unreachableURL = request.substituteData().failingURL();
FrameLoadType type;
- if (shouldTreatURLAsSameAsCurrent(r.url()))
+ if (shouldTreatURLAsSameAsCurrent(r.url())) {
+ r.setCachePolicy(ReloadIgnoringCacheData);
type = FrameLoadTypeSame;
- else if (shouldTreatURLAsSameAsCurrent(unreachableURL) && m_loadType == FrameLoadTypeReload)
+ } else if (shouldTreatURLAsSameAsCurrent(unreachableURL) && m_loadType == FrameLoadTypeReload)
type = FrameLoadTypeReload;
else
type = FrameLoadTypeStandard;
-
- // When we loading alternate content for an unreachable URL that we're
- // visiting in the history list, we treat it as a reload so the history list
- // is appropriately maintained.
- //
- // FIXME: This seems like a dangerous overloading of the meaning of "FrameLoadTypeReload" ...
- // shouldn't a more explicit type of reload be defined, that means roughly
- // "load without affecting history" ?
- if (shouldReloadToHandleUnreachableURL(unreachableURL)) {
- // shouldReloadToHandleUnreachableURL() returns true only when the original load type is back-forward.
- // In this case we should save the document state now. Otherwise the state can be lost because load type is
- // changed and updateForBackForwardNavigation() will not be called when loading is committed.
- history()->saveDocumentAndScrollState();
-
- ASSERT(type == FrameLoadTypeStandard);
- type = FrameLoadTypeReload;
- }
-
loadWithNavigationAction(r, NavigationAction(r, type, false), type, 0, request.substituteData());
}
void FrameLoader::loadWithNavigationAction(const ResourceRequest& request, const NavigationAction& action, FrameLoadType type, PassRefPtr<FormState> formState, const SubstituteData& substituteData, const String& overrideEncoding)
{
+ ASSERT(m_client->hasWebView());
+ if (m_pageDismissalEventBeingDispatched != NoDismissal)
+ return;
+
RefPtr<DocumentLoader> loader = m_client->createDocumentLoader(request, substituteData);
loader->setTriggeringAction(action);
@@ -1179,22 +1150,6 @@
if (type == FrameLoadTypeRedirectWithLockedBackForwardList)
loader->setIsClientRedirect(true);
- // Retain because dispatchBeforeLoadEvent may release the last reference to it.
- RefPtr<Frame> protect(m_frame);
-
- ASSERT(m_client->hasWebView());
-
- // Unfortunately the view must be non-nil, this is ultimately due
- // to parser requiring a FrameView. We should fix this dependency.
-
- ASSERT(m_frame->view());
-
- if (m_pageDismissalEventBeingDispatched != NoDismissal)
- return;
-
- if (m_frame->document())
- m_previousURL = m_frame->document()->url();
-
m_loadType = type;
bool isFormSubmission = formState;
@@ -1215,11 +1170,6 @@
frame->document()->addConsoleMessage(SecurityMessageSource, ErrorMessageLevel, "Not allowed to load local resource: " + url);
}
-const ResourceRequest& FrameLoader::initialRequest() const
-{
- return activeDocumentLoader()->originalRequest();
-}
-
bool FrameLoader::willLoadMediaElementURL(KURL& url)
{
ResourceRequest request(url);
@@ -1234,23 +1184,6 @@
return error.isNull();
}
-bool FrameLoader::shouldReloadToHandleUnreachableURL(const KURL& unreachableURL)
-{
- if (unreachableURL.isEmpty())
- return false;
-
- if (!m_delegateIsHandlingProvisionalLoadError)
- return false;
-
- if (!isBackForwardLoadType(m_loadType))
- return false;
-
- // We only treat unreachableURLs specially during the delegate callbacks
- // for provisional load errors. Loading alternate content
- // at other times behaves like a standard load.
- return unreachableURL == m_provisionalDocumentLoader->request().url();
-}
-
void FrameLoader::reload(bool endToEndReload, const KURL& overrideURL, const String& overrideEncoding)
{
if (!m_documentLoader)
@@ -1263,8 +1196,16 @@
else if (!m_documentLoader->unreachableURL().isEmpty())
request.setURL(m_documentLoader->unreachableURL());
+ bool isFormSubmission = request.httpMethod() == "POST";
+ if (overrideEncoding.isEmpty())
+ request.setCachePolicy(ReloadIgnoringCacheData);
+ else if (isFormSubmission)
+ request.setCachePolicy(ReturnCacheDataDontLoad);
+ else
+ request.setCachePolicy(ReturnCacheDataElseLoad);
+
FrameLoadType type = endToEndReload ? FrameLoadTypeReloadFromOrigin : FrameLoadTypeReload;
- NavigationAction action(request, type, request.httpMethod() == "POST");
+ NavigationAction action(request, type, isFormSubmission);
loadWithNavigationAction(request, action, type, 0, defaultSubstituteDataForURL(request.url()), overrideEncoding);
}
@@ -1431,14 +1372,14 @@
if (m_loadType != FrameLoadTypeReplace)
closeOldDataSources();
- transitionToCommitted();
-
- if (pdl && m_documentLoader) {
- // Check if the destination page is allowed to access the previous page's timing information.
+ // Check if the destination page is allowed to access the previous page's timing information.
+ if (m_frame->document()) {
RefPtr<SecurityOrigin> securityOrigin = SecurityOrigin::create(pdl->request().url());
- m_documentLoader->timing()->setHasSameOriginAsPreviousDocument(securityOrigin->canRequest(m_previousURL));
+ pdl->timing()->setHasSameOriginAsPreviousDocument(securityOrigin->canRequest(m_frame->document()->url()));
}
+ transitionToCommitted();
+
// Call clientRedirectCancelledOrFinished() here so that the frame load delegate is notified that the redirect's
// status has changed, if there was a redirect.
if (pdl->isClientRedirect())
@@ -1491,6 +1432,9 @@
history()->updateForCommit();
m_client->transitionToCommittedForNewPage();
+
+ if (!m_stateMachine.creatingInitialEmptyDocument() && !m_stateMachine.committedFirstRealDocumentLoad())
+ m_stateMachine.advanceTo(FrameLoaderStateMachine::DisplayingInitialEmptyDocumentPostCommit);
}
void FrameLoader::clientRedirectCancelledOrFinished()
@@ -1906,6 +1850,30 @@
applyUserAgent(request);
+ if (!isMainResource) {
+ if (request.isConditional())
+ request.setCachePolicy(ReloadIgnoringCacheData);
+ else if (documentLoader()->isLoadingInAPISense()) {
+ // If we inherit cache policy from a main resource, we use the DocumentLoader's
+ // original request cache policy for two reasons:
+ // 1. For POST requests, we mutate the cache policy for the main resource,
+ // but we do not want this to apply to subresources
+ // 2. Delegates that modify the cache policy using willSendRequest: should
+ // not affect any other resources. Such changes need to be done
+ // per request.
+ ResourceRequestCachePolicy mainDocumentOriginalCachePolicy = documentLoader()->originalRequest().cachePolicy();
+ // Back-forward navigations try to load main resource from cache only to avoid re-submitting form data, and start over (with a warning dialog) if that fails.
+ // This policy is set on initial request too, but should not be inherited.
+ ResourceRequestCachePolicy subresourceCachePolicy = (mainDocumentOriginalCachePolicy == ReturnCacheDataDontLoad) ? ReturnCacheDataElseLoad : mainDocumentOriginalCachePolicy;
+ request.setCachePolicy(subresourceCachePolicy);
+ } else
+ request.setCachePolicy(UseProtocolCachePolicy);
+
+ // FIXME: Other FrameLoader functions have duplicated code for setting cache policy of main request when reloading.
+ // It seems better to manage it explicitly than to hide the logic inside addExtraFieldsToRequest().
+ } else if (m_loadType == FrameLoadTypeReload || m_loadType == FrameLoadTypeReloadFromOrigin || request.isConditional())
+ request.setCachePolicy(ReloadIgnoringCacheData);
+
if (request.cachePolicy() == ReloadIgnoringCacheData) {
if (m_loadType == FrameLoadTypeReload)
request.setHTTPHeaderField("Cache-Control", "max-age=0");
@@ -1949,40 +1917,6 @@
request.setHTTPOrigin(origin);
}
-void FrameLoader::loadPostRequest(const ResourceRequest& inRequest, const String& referrer, const String& frameName, FrameLoadType loadType, PassRefPtr<Event> event, PassRefPtr<FormState> prpFormState)
-{
- RefPtr<FormState> formState = prpFormState;
-
- // Previously when this method was reached, the original FrameLoadRequest had been deconstructed to build a
- // bunch of parameters that would come in here and then be built back up to a ResourceRequest. In case
- // any caller depends on the immutability of the original ResourceRequest, I'm rebuilding a ResourceRequest
- // from scratch as it did all along.
- const KURL& url = inRequest.url();
- RefPtr<FormData> formData = inRequest.httpBody();
- const String& contentType = inRequest.httpContentType();
- String origin = inRequest.httpOrigin();
-
- ResourceRequest workingResourceRequest(url);
-
- if (!referrer.isEmpty())
- workingResourceRequest.setHTTPReferrer(referrer);
- workingResourceRequest.setHTTPOrigin(origin);
- workingResourceRequest.setHTTPMethod("POST");
- workingResourceRequest.setHTTPBody(formData);
- workingResourceRequest.setHTTPContentType(contentType);
-
- NavigationAction action(workingResourceRequest, loadType, true, event);
-
- if (!frameName.isEmpty()) {
- // The search for a target frame is done earlier in the case of form submission.
- if (Frame* targetFrame = formState ? 0 : findFrameForNavigation(frameName))
- targetFrame->loader()->loadWithNavigationAction(workingResourceRequest, action, loadType, formState.release(), defaultSubstituteDataForURL(workingResourceRequest.url()));
- else
- checkNewWindowPolicyAndContinue(formState.release(), frameName, action);
- } else
- loadWithNavigationAction(workingResourceRequest, action, loadType, formState.release(), defaultSubstituteDataForURL(workingResourceRequest.url()));
-}
-
unsigned long FrameLoader::loadResourceSynchronously(const ResourceRequest& request, StoredCredentials storedCredentials, ResourceError& error, ResourceResponse& response, Vector<char>& data)
{
ASSERT(m_frame->document());
@@ -2458,13 +2392,17 @@
RefPtr<FormData> formData = item->formData();
ResourceRequest request(item->url());
request.setHTTPReferrer(item->referrer());
+
+ NavigationAction action;
if (formData) {
request.setHTTPMethod("POST");
request.setHTTPBody(formData);
request.setHTTPContentType(item->formContentType());
RefPtr<SecurityOrigin> securityOrigin = SecurityOrigin::createFromString(item->referrer());
addHTTPOriginIfNeeded(request, securityOrigin->toString());
- }
+ request.setCachePolicy(ReturnCacheDataDontLoad);
+ } else
+ request.setCachePolicy(ReturnCacheDataElseLoad);
loadWithNavigationAction(request, NavigationAction(request, FrameLoadTypeBackForward, false), FrameLoadTypeBackForward, 0, defaultSubstituteDataForURL(request.url()));
}
@@ -2613,7 +2551,6 @@
info.addMember(m_openedFrames, "openedFrames");
info.addMember(m_outgoingReferrer, "outgoingReferrer");
info.addMember(m_networkingContext, "networkingContext");
- info.addMember(m_previousURL, "previousURL");
info.addMember(m_requestedHistoryItem, "requestedHistoryItem");
}
diff --git a/Source/core/loader/FrameLoader.h b/Source/core/loader/FrameLoader.h
index c291d54..c8942d5 100644
--- a/Source/core/loader/FrameLoader.h
+++ b/Source/core/loader/FrameLoader.h
@@ -95,7 +95,7 @@
void setupForReplace();
// FIXME: These are all functions which start loads. We have too many.
- void loadURLIntoChildFrame(const KURL&, const String& referer, Frame*);
+ void loadURLIntoChildFrame(const ResourceRequest&, Frame*);
void loadFrameRequest(const FrameLoadRequest&, bool lockBackForwardList, // Called by submitForm, calls loadPostRequest and loadURL.
PassRefPtr<Event>, PassRefPtr<FormState>, ShouldSendReferrer);
@@ -144,7 +144,6 @@
FrameState state() const { return m_state; }
const ResourceRequest& originalRequest() const;
- const ResourceRequest& initialRequest() const;
void receivedMainResourceError(const ResourceError&);
bool willLoadMediaElementURL(KURL&);
@@ -246,8 +245,6 @@
bool suppressOpenerInNewFrame() const { return m_suppressOpenerInNewFrame; }
- static ObjectContentType defaultObjectContentType(const KURL&, const String& mimeType, bool shouldPreferPlugInsForImages);
-
bool shouldClose();
void started();
@@ -262,8 +259,6 @@
NetworkingContext* networkingContext() const;
- const KURL& previousURL() const { return m_previousURL; }
-
void reportMemoryUsage(MemoryObjectInfo*) const;
private:
@@ -302,8 +297,6 @@
void closeOldDataSources();
- bool shouldReloadToHandleUnreachableURL(const KURL&);
-
void dispatchDidCommitLoad();
void urlSelected(const FrameLoadRequest&, PassRefPtr<Event>, bool lockBackForwardList, ShouldSendReferrer);
@@ -312,10 +305,8 @@
void loadWithNavigationAction(const ResourceRequest&, const NavigationAction&,
FrameLoadType, PassRefPtr<FormState>, const SubstituteData&, const String& overrideEncoding = String());
- void loadPostRequest(const ResourceRequest&, const String& referrer, // Called by loadFrameRequest, calls loadWithNavigationAction
- const String& frameName, FrameLoadType, PassRefPtr<Event>, PassRefPtr<FormState>);
- void loadURL(const KURL&, const String& referrer, const String& frameName, // Called by loadFrameRequest, calls loadWithNavigationAction or dispatches to navigation policy delegate
- FrameLoadType, PassRefPtr<Event>, PassRefPtr<FormState>);
+ // Called by loadFrameRequest, calls loadWithNavigationAction or checkNewWindowPolicyAndContinue
+ void loadURL(const ResourceRequest&, const String& frameName, FrameLoadType, PassRefPtr<Event>, PassRefPtr<FormState>);
bool shouldReload(const KURL& currentURL, const KURL& destinationURL);
@@ -393,7 +384,6 @@
RefPtr<FrameNetworkingContext> m_networkingContext;
- KURL m_previousURL;
RefPtr<HistoryItem> m_requestedHistoryItem;
};
diff --git a/Source/core/loader/FrameLoaderStateMachine.cpp b/Source/core/loader/FrameLoaderStateMachine.cpp
index ec335fd..c5a9efb 100644
--- a/Source/core/loader/FrameLoaderStateMachine.cpp
+++ b/Source/core/loader/FrameLoaderStateMachine.cpp
@@ -46,7 +46,7 @@
bool FrameLoaderStateMachine::committedFirstRealDocumentLoad() const
{
- return m_state >= CommittedFirstRealLoad;
+ return m_state >= DisplayingInitialEmptyDocumentPostCommit;
}
bool FrameLoaderStateMachine::creatingInitialEmptyDocument() const
@@ -56,7 +56,7 @@
bool FrameLoaderStateMachine::isDisplayingInitialEmptyDocument() const
{
- return m_state == DisplayingInitialEmptyDocument;
+ return m_state == DisplayingInitialEmptyDocument || m_state == DisplayingInitialEmptyDocumentPostCommit;
}
void FrameLoaderStateMachine::advanceTo(State state)
diff --git a/Source/core/loader/FrameLoaderStateMachine.h b/Source/core/loader/FrameLoaderStateMachine.h
index 23d6d85..1402ebc 100644
--- a/Source/core/loader/FrameLoaderStateMachine.h
+++ b/Source/core/loader/FrameLoaderStateMachine.h
@@ -46,6 +46,7 @@
enum State {
CreatingInitialEmptyDocument,
DisplayingInitialEmptyDocument,
+ DisplayingInitialEmptyDocumentPostCommit,
CommittedFirstRealLoad
};
diff --git a/Source/core/loader/FrameNetworkingContext.h b/Source/core/loader/FrameNetworkingContext.h
index 274ee68..2cc05f7 100644
--- a/Source/core/loader/FrameNetworkingContext.h
+++ b/Source/core/loader/FrameNetworkingContext.h
@@ -22,7 +22,7 @@
#include "core/dom/Document.h"
#include "core/page/Frame.h"
-#include "origin/ReferrerPolicy.h"
+#include "weborigin/ReferrerPolicy.h"
#include "core/platform/network/NetworkingContext.h"
namespace WebCore {
diff --git a/Source/core/loader/ImageLoader.cpp b/Source/core/loader/ImageLoader.cpp
index bceddd1..db60677 100644
--- a/Source/core/loader/ImageLoader.cpp
+++ b/Source/core/loader/ImageLoader.cpp
@@ -38,7 +38,7 @@
#include "core/page/Frame.h"
#include "core/rendering/RenderImage.h"
#include "core/rendering/RenderVideo.h"
-#include "origin/SecurityOrigin.h"
+#include "weborigin/SecurityOrigin.h"
#if ENABLE(SVG)
#include "core/rendering/svg/RenderSVGImage.h"
@@ -211,8 +211,8 @@
clearFailedLoadURL();
} else if (!attr.isNull()) {
// Fire an error event if the url is empty.
- // FIXME: Should we fire this event asynchronoulsy via errorEventSender()?
- m_element->dispatchEvent(Event::create(eventNames().errorEvent, false, false));
+ m_hasPendingErrorEvent = true;
+ errorEventSender().dispatchEventSoon(this);
}
CachedImage* oldImage = m_image.get();
diff --git a/Source/core/loader/LinkLoader.cpp b/Source/core/loader/LinkLoader.cpp
index f1734be..3c0ec73 100644
--- a/Source/core/loader/LinkLoader.cpp
+++ b/Source/core/loader/LinkLoader.cpp
@@ -109,16 +109,8 @@
m_client->didSendDOMContentLoadedForLinkPrerender();
}
-bool LinkLoader::loadLink(const LinkRelAttribute& relAttribute, const String& type,
- const String& sizes, const KURL& href, Document* document)
+bool LinkLoader::loadLink(const LinkRelAttribute& relAttribute, const String& type, const KURL& href, Document* document)
{
- // We'll record this URL per document, even if we later only use it in top level frames
- if (relAttribute.iconType() != InvalidIcon && href.isValid() && !href.isEmpty()) {
- if (!m_client->shouldLoadLink())
- return false;
- document->addIconURL(href.string(), type, sizes, relAttribute.iconType());
- }
-
if (relAttribute.isDNSPrefetch()) {
Settings* settings = document->settings();
// FIXME: The href attribute of the link element can be in "//hostname" form, and we shouldn't attempt
diff --git a/Source/core/loader/LinkLoader.h b/Source/core/loader/LinkLoader.h
index b558857..d49f2ee 100644
--- a/Source/core/loader/LinkLoader.h
+++ b/Source/core/loader/LinkLoader.h
@@ -62,7 +62,7 @@
virtual void didSendDOMContentLoadedForPrerender() OVERRIDE;
void released();
- bool loadLink(const LinkRelAttribute&, const String& type, const String& sizes, const KURL&, Document*);
+ bool loadLink(const LinkRelAttribute&, const String& type, const KURL&, Document*);
private:
void linkLoadTimerFired(Timer<LinkLoader>*);
diff --git a/Source/core/loader/MixedContentChecker.cpp b/Source/core/loader/MixedContentChecker.cpp
index ddef5b2..4691de1 100644
--- a/Source/core/loader/MixedContentChecker.cpp
+++ b/Source/core/loader/MixedContentChecker.cpp
@@ -36,8 +36,8 @@
#include "core/page/DOMWindow.h"
#include "core/page/Frame.h"
#include "core/page/Settings.h"
-#include "origin/SchemeRegistry.h"
-#include "origin/SecurityOrigin.h"
+#include "weborigin/SchemeRegistry.h"
+#include "weborigin/SecurityOrigin.h"
#include "wtf/text/CString.h"
#include "wtf/text/WTFString.h"
diff --git a/Source/core/loader/PingLoader.cpp b/Source/core/loader/PingLoader.cpp
index 2ef5451..518f9fb 100644
--- a/Source/core/loader/PingLoader.cpp
+++ b/Source/core/loader/PingLoader.cpp
@@ -46,8 +46,8 @@
#include "core/platform/network/ResourceHandle.h"
#include "core/platform/network/ResourceRequest.h"
#include "core/platform/network/ResourceResponse.h"
-#include "origin/SecurityOrigin.h"
-#include "origin/SecurityPolicy.h"
+#include "weborigin/SecurityOrigin.h"
+#include "weborigin/SecurityPolicy.h"
namespace WebCore {
@@ -114,18 +114,18 @@
String referrer = SecurityPolicy::generateReferrerHeader(frame->document()->referrerPolicy(), reportURL, frame->loader()->outgoingReferrer());
if (!referrer.isEmpty())
request.setHTTPReferrer(referrer);
- OwnPtr<PingLoader> pingLoader = adoptPtr(new PingLoader(frame, request));
+ OwnPtr<PingLoader> pingLoader = adoptPtr(new PingLoader(frame, request, SecurityOrigin::create(reportURL)->isSameSchemeHostPort(frame->document()->securityOrigin()) ? AllowStoredCredentials : DoNotAllowStoredCredentials));
// Leak the ping loader, since it will kill itself as soon as it receives a response.
PingLoader* leakedPingLoader = pingLoader.leakPtr();
UNUSED_PARAM(leakedPingLoader);
}
-PingLoader::PingLoader(Frame* frame, ResourceRequest& request)
+PingLoader::PingLoader(Frame* frame, ResourceRequest& request, StoredCredentials credentialsAllowed)
: m_timeout(this, &PingLoader::timeout)
{
unsigned long identifier = createUniqueIdentifier();
- m_handle = ResourceHandle::create(frame->loader()->networkingContext(), request, this, false, false, AllowStoredCredentials);
+ m_handle = ResourceHandle::create(frame->loader()->networkingContext(), request, this, false, false, credentialsAllowed);
InspectorInstrumentation::continueAfterPingLoader(frame, identifier, frame->loader()->activeDocumentLoader(), request, ResourceResponse());
diff --git a/Source/core/loader/PingLoader.h b/Source/core/loader/PingLoader.h
index a0f73db..d65842d 100644
--- a/Source/core/loader/PingLoader.h
+++ b/Source/core/loader/PingLoader.h
@@ -34,6 +34,7 @@
#include "core/platform/Timer.h"
#include "core/platform/network/ResourceHandleClient.h"
+#include "core/platform/network/ResourceHandleTypes.h"
#include <wtf/Noncopyable.h>
#include <wtf/RefPtr.h>
@@ -61,7 +62,7 @@
virtual ~PingLoader();
private:
- PingLoader(Frame*, ResourceRequest&);
+ PingLoader(Frame*, ResourceRequest&, StoredCredentials = AllowStoredCredentials);
virtual void didReceiveResponse(ResourceHandle*, const ResourceResponse&) OVERRIDE { delete this; }
virtual void didReceiveData(ResourceHandle*, const char*, int, int) OVERRIDE { delete this; }
diff --git a/Source/core/loader/Prerenderer.cpp b/Source/core/loader/Prerenderer.cpp
index 6f027b4..b3a5c4e 100644
--- a/Source/core/loader/Prerenderer.cpp
+++ b/Source/core/loader/Prerenderer.cpp
@@ -38,8 +38,8 @@
#include "core/loader/PrerendererClient.h"
#include "core/page/Frame.h"
#include "core/platform/PrerenderHandle.h"
-#include "origin/ReferrerPolicy.h"
-#include "origin/SecurityPolicy.h"
+#include "weborigin/ReferrerPolicy.h"
+#include "weborigin/SecurityPolicy.h"
#include <wtf/MemoryInstrumentationVector.h>
#include <wtf/PassOwnPtr.h>
diff --git a/Source/core/loader/ResourceLoader.cpp b/Source/core/loader/ResourceLoader.cpp
index b97e3de..34bff2a 100644
--- a/Source/core/loader/ResourceLoader.cpp
+++ b/Source/core/loader/ResourceLoader.cpp
@@ -43,7 +43,7 @@
#include "core/platform/Logging.h"
#include "core/platform/network/ResourceError.h"
#include "core/platform/network/ResourceHandle.h"
-#include "origin/SecurityOrigin.h"
+#include "weborigin/SecurityOrigin.h"
namespace WebCore {
diff --git a/Source/core/loader/ResourceLoaderOptions.h b/Source/core/loader/ResourceLoaderOptions.h
index ad1adaa..88c1fc0 100644
--- a/Source/core/loader/ResourceLoaderOptions.h
+++ b/Source/core/loader/ResourceLoaderOptions.h
@@ -61,12 +61,28 @@
};
struct ResourceLoaderOptions {
- ResourceLoaderOptions() : sendLoadCallbacks(DoNotSendCallbacks), sniffContent(DoNotSniffContent), dataBufferingPolicy(BufferData), allowCredentials(DoNotAllowStoredCredentials), crossOriginCredentialPolicy(DoNotAskClientForCrossOriginCredentials), securityCheck(DoSecurityCheck) { }
- ResourceLoaderOptions(SendCallbackPolicy sendLoadCallbacks, ContentSniffingPolicy sniffContent, DataBufferingPolicy dataBufferingPolicy, StoredCredentials allowCredentials, ClientCrossOriginCredentialPolicy crossOriginCredentialPolicy, SecurityCheckPolicy securityCheck)
+ ResourceLoaderOptions()
+ : sendLoadCallbacks(DoNotSendCallbacks)
+ , sniffContent(DoNotSniffContent)
+ , dataBufferingPolicy(BufferData)
+ , allowCredentials(DoNotAllowStoredCredentials)
+ , credentialsRequested(ClientDidNotRequestCredentials)
+ , crossOriginCredentialPolicy(DoNotAskClientForCrossOriginCredentials)
+ , securityCheck(DoSecurityCheck) { }
+
+ ResourceLoaderOptions(
+ SendCallbackPolicy sendLoadCallbacks,
+ ContentSniffingPolicy sniffContent,
+ DataBufferingPolicy dataBufferingPolicy,
+ StoredCredentials allowCredentials,
+ CredentialRequest credentialsRequested,
+ ClientCrossOriginCredentialPolicy crossOriginCredentialPolicy,
+ SecurityCheckPolicy securityCheck)
: sendLoadCallbacks(sendLoadCallbacks)
, sniffContent(sniffContent)
, dataBufferingPolicy(dataBufferingPolicy)
, allowCredentials(allowCredentials)
+ , credentialsRequested(credentialsRequested)
, crossOriginCredentialPolicy(crossOriginCredentialPolicy)
, securityCheck(securityCheck)
{
@@ -75,6 +91,7 @@
ContentSniffingPolicy sniffContent;
DataBufferingPolicy dataBufferingPolicy;
StoredCredentials allowCredentials; // Whether HTTP credentials and cookies are sent with the request.
+ CredentialRequest credentialsRequested; // Whether the client (e.g. XHR) wanted credentials in the first place.
ClientCrossOriginCredentialPolicy crossOriginCredentialPolicy; // Whether we will ask the client for credentials (if we allow credentials at all).
SecurityCheckPolicy securityCheck;
};
diff --git a/Source/core/loader/SubframeLoader.cpp b/Source/core/loader/SubframeLoader.cpp
index 3bea110..c3b999f 100644
--- a/Source/core/loader/SubframeLoader.cpp
+++ b/Source/core/loader/SubframeLoader.cpp
@@ -52,8 +52,8 @@
#include "core/plugins/PluginData.h"
#include "core/rendering/RenderEmbeddedObject.h"
#include "core/rendering/RenderView.h"
-#include "origin/SecurityOrigin.h"
-#include "origin/SecurityPolicy.h"
+#include "weborigin/SecurityOrigin.h"
+#include "weborigin/SecurityPolicy.h"
namespace WebCore {
diff --git a/Source/core/loader/TextTrackLoader.cpp b/Source/core/loader/TextTrackLoader.cpp
index 842c42c..1fa9ac4 100644
--- a/Source/core/loader/TextTrackLoader.cpp
+++ b/Source/core/loader/TextTrackLoader.cpp
@@ -37,7 +37,7 @@
#include "core/platform/Logging.h"
#include "core/platform/SharedBuffer.h"
#include "core/platform/network/ResourceHandle.h"
-#include "origin/SecurityOrigin.h"
+#include "weborigin/SecurityOrigin.h"
namespace WebCore {
diff --git a/Source/core/loader/ThreadableLoader.h b/Source/core/loader/ThreadableLoader.h
index 89724fe..e12b540 100644
--- a/Source/core/loader/ThreadableLoader.h
+++ b/Source/core/loader/ThreadableLoader.h
@@ -32,7 +32,7 @@
#define ThreadableLoader_h
#include "core/loader/ResourceLoaderOptions.h"
-#include "origin/SecurityOrigin.h"
+#include "weborigin/SecurityOrigin.h"
#include "core/platform/network/ResourceHandle.h"
#include <wtf/Noncopyable.h>
#include <wtf/PassRefPtr.h>
@@ -59,12 +59,22 @@
PreventPreflight
};
+ enum ContentSecurityPolicyEnforcement {
+ EnforceConnectSrcDirective,
+ DoNotEnforceContentSecurityPolicy,
+ };
+
struct ThreadableLoaderOptions : public ResourceLoaderOptions {
- ThreadableLoaderOptions() : preflightPolicy(ConsiderPreflight), crossOriginRequestPolicy(DenyCrossOriginRequests) { }
+ ThreadableLoaderOptions()
+ : preflightPolicy(ConsiderPreflight)
+ , crossOriginRequestPolicy(DenyCrossOriginRequests)
+ , contentSecurityPolicyEnforcement(EnforceConnectSrcDirective) { }
+
PreflightPolicy preflightPolicy; // If AccessControl is used, how to determine if a preflight is needed.
CrossOriginRequestPolicy crossOriginRequestPolicy;
RefPtr<SecurityOrigin> securityOrigin;
AtomicString initiator;
+ ContentSecurityPolicyEnforcement contentSecurityPolicyEnforcement;
};
// Useful for doing loader operations from any thread (not threadsafe,
diff --git a/Source/core/loader/archive/MHTMLArchive.cpp b/Source/core/loader/archive/MHTMLArchive.cpp
index 65281ac..a958caf 100644
--- a/Source/core/loader/archive/MHTMLArchive.cpp
+++ b/Source/core/loader/archive/MHTMLArchive.cpp
@@ -40,7 +40,7 @@
#include "core/platform/MIMETypeRegistry.h"
#include "core/platform/SharedBuffer.h"
#include "core/platform/text/QuotedPrintable.h"
-#include "origin/SchemeRegistry.h"
+#include "weborigin/SchemeRegistry.h"
#include "wtf/CryptographicallyRandomNumber.h"
#include "wtf/DateMath.h"
#include "wtf/GregorianDateTime.h"
diff --git a/Source/core/loader/cache/CachedResourceLoader.cpp b/Source/core/loader/cache/CachedResourceLoader.cpp
index 854aed9..ba2a389 100644
--- a/Source/core/loader/cache/CachedResourceLoader.cpp
+++ b/Source/core/loader/cache/CachedResourceLoader.cpp
@@ -58,8 +58,8 @@
#include "core/page/Performance.h"
#include "core/page/Settings.h"
#include "core/platform/Logging.h"
-#include "origin/SecurityOrigin.h"
-#include "origin/SecurityPolicy.h"
+#include "weborigin/SecurityOrigin.h"
+#include "weborigin/SecurityPolicy.h"
#include "core/loader/cache/CachedTextTrack.h"
@@ -186,7 +186,7 @@
memoryCache()->remove(existing);
}
- request.setOptions(ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForCrossOriginCredentials, SkipSecurityCheck));
+ request.setOptions(ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, BufferData, AllowStoredCredentials, ClientRequestedCredentials, AskClientForCrossOriginCredentials, SkipSecurityCheck));
return static_cast<CachedCSSStyleSheet*>(requestResource(CachedResource::CSSStyleSheet, request).get());
}
@@ -233,6 +233,7 @@
case CachedResource::SVGDocumentResource:
#endif
case CachedResource::CSSStyleSheet:
+ case CachedResource::RawResource:
// These resource can inject script into the current document (Script,
// XSL) or exfiltrate the content of the current document (CSS).
if (Frame* f = frame())
@@ -241,7 +242,6 @@
break;
case CachedResource::TextTrackResource:
case CachedResource::ShaderResource:
- case CachedResource::RawResource:
case CachedResource::ImageResource:
case CachedResource::FontResource: {
// These resources can corrupt only the frame's pixels.
@@ -498,34 +498,6 @@
request.setTargetType(targetType);
}
-ResourceRequestCachePolicy CachedResourceLoader::resourceRequestCachePolicy(const ResourceRequest& request, CachedResource::Type type)
-{
- if (type == CachedResource::MainResource) {
- FrameLoadType frameLoadType = frame()->loader()->loadType();
- bool isReload = frameLoadType == FrameLoadTypeReload || frameLoadType == FrameLoadTypeReloadFromOrigin;
- if (request.httpMethod() == "POST" && (isReload || frameLoadType == FrameLoadTypeBackForward))
- return ReturnCacheDataDontLoad;
- if (!m_documentLoader->overrideEncoding().isEmpty() || frameLoadType == FrameLoadTypeBackForward)
- return ReturnCacheDataElseLoad;
- if (isReload || frameLoadType == FrameLoadTypeSame || request.isConditional())
- return ReloadIgnoringCacheData;
- return UseProtocolCachePolicy;
- }
-
- if (request.isConditional())
- return ReloadIgnoringCacheData;
-
- if (m_documentLoader->isLoadingInAPISense()) {
- // For POST requests, we mutate the main resource's cache policy to avoid form resubmission.
- // This policy should not be inherited by subresources.
- ResourceRequestCachePolicy mainResourceCachePolicy = m_documentLoader->request().cachePolicy();
- if (mainResourceCachePolicy == ReturnCacheDataDontLoad)
- return ReturnCacheDataElseLoad;
- return mainResourceCachePolicy;
- }
- return UseProtocolCachePolicy;
-}
-
void CachedResourceLoader::addAdditionalRequestHeaders(ResourceRequest& request, CachedResource::Type type)
{
if (!frame())
@@ -555,7 +527,6 @@
FrameLoader::addHTTPOriginIfNeeded(request, outgoingOrigin);
}
- request.setCachePolicy(resourceRequestCachePolicy(request, type));
if (request.targetType() == ResourceRequest::TargetIsUnspecified)
determineTargetType(request, type);
frameLoader->addExtraFieldsToRequest(request);
@@ -1042,7 +1013,7 @@
const ResourceLoaderOptions& CachedResourceLoader::defaultCachedResourceOptions()
{
- static ResourceLoaderOptions options(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForCrossOriginCredentials, DoSecurityCheck);
+ static ResourceLoaderOptions options(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, ClientRequestedCredentials, AskClientForCrossOriginCredentials, DoSecurityCheck);
return options;
}
diff --git a/Source/core/loader/cache/CachedResourceLoader.h b/Source/core/loader/cache/CachedResourceLoader.h
index 8550160..728836e 100644
--- a/Source/core/loader/cache/CachedResourceLoader.h
+++ b/Source/core/loader/cache/CachedResourceLoader.h
@@ -144,7 +144,6 @@
RevalidationPolicy determineRevalidationPolicy(CachedResource::Type, ResourceRequest&, bool forPreload, CachedResource* existingResource, CachedResourceRequest::DeferOption) const;
void determineTargetType(ResourceRequest&, CachedResource::Type);
- ResourceRequestCachePolicy resourceRequestCachePolicy(const ResourceRequest&, CachedResource::Type);
void addAdditionalRequestHeaders(ResourceRequest&, CachedResource::Type);
void notifyLoadedFromMemoryCache(CachedResource*);
diff --git a/Source/core/loader/cache/MemoryCache.cpp b/Source/core/loader/cache/MemoryCache.cpp
index 7feb100..d118fcb 100644
--- a/Source/core/loader/cache/MemoryCache.cpp
+++ b/Source/core/loader/cache/MemoryCache.cpp
@@ -45,8 +45,8 @@
#include "core/workers/WorkerContext.h"
#include "core/workers/WorkerLoaderProxy.h"
#include "core/workers/WorkerThread.h"
-#include "origin/SecurityOrigin.h"
-#include "origin/SecurityOriginHash.h"
+#include "weborigin/SecurityOrigin.h"
+#include "weborigin/SecurityOriginHash.h"
using namespace std;
diff --git a/Source/core/loader/cache/MemoryCache.h b/Source/core/loader/cache/MemoryCache.h
index 51fdb87..7742c47 100644
--- a/Source/core/loader/cache/MemoryCache.h
+++ b/Source/core/loader/cache/MemoryCache.h
@@ -26,7 +26,7 @@
#define Cache_h
#include "core/loader/cache/CachedResource.h"
-#include "origin/SecurityOriginHash.h"
+#include "weborigin/SecurityOriginHash.h"
#include <wtf/HashMap.h>
#include <wtf/HashSet.h>
#include <wtf/Noncopyable.h>