Changeset 202811 in webkit
- Timestamp:
- Jul 4, 2016 11:36:30 AM (8 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 14 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r202810 r202811 1 2016-07-04 Youenn Fablet <youenn@apple.com> 2 3 Remove RequestOriginPolicy from ResourceLoaderOptions 4 https://bugs.webkit.org/show_bug.cgi?id=159406 5 6 Reviewed by Sam Weinig. 7 8 Using FetchOptions::mode in lieu of ResourceLoaderOptions::RequestOriginPolicy. 9 The cors, no-cors and same-origin values match PotentiallyCrossOriginEnabled, 10 UseDefaultOriginRestrictionsForType and RestrictToSameOrigin, default being 11 cors/UseDefaultOriginRestrictionsForType as per fetch specification. 12 13 No change of behavior. 14 15 * css/CSSImageSetValue.cpp: 16 (WebCore::CSSImageSetValue::cachedImageSet): 17 * css/CSSImageValue.cpp: 18 (WebCore::CSSImageValue::cachedImage): 19 * loader/DocumentLoader.cpp: 20 (WebCore::DocumentLoader::startLoadingMainResource): 21 * loader/MediaResourceLoader.cpp: 22 (WebCore::MediaResourceLoader::requestResource): 23 * loader/NetscapePlugInStreamLoader.cpp: 24 (WebCore::NetscapePlugInStreamLoader::NetscapePlugInStreamLoader): 25 * loader/ResourceLoaderOptions.h: 26 (WebCore::ResourceLoaderOptions::ResourceLoaderOptions): 27 (WebCore::ResourceLoaderOptions::requestOriginPolicy): Deleted. 28 (WebCore::ResourceLoaderOptions::setRequestOriginPolicy): Deleted. 29 * loader/SubresourceLoader.cpp: 30 (WebCore::SubresourceLoader::init): 31 (WebCore::SubresourceLoader::willSendRequestInternal): 32 * loader/cache/CachedResourceLoader.cpp: 33 (WebCore::CachedResourceLoader::requestUserCSSStyleSheet): 34 (WebCore::CachedResourceLoader::canRequest): 35 (WebCore::CachedResourceLoader::defaultCachedResourceOptions): 36 * loader/cache/CachedResourceRequest.cpp: 37 (WebCore::CachedResourceRequest::setAsPotentiallyCrossOrigin): 38 * loader/icon/IconLoader.cpp: 39 (WebCore::IconLoader::startLoading): 40 * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp: 41 (WebCore::WebCoreAVCFResourceLoader::startLoading): 42 * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm: 43 (WebCore::WebCoreAVFResourceLoader::startLoading): 44 * style/StylePendingResources.cpp: 45 (WebCore::Style::loadPendingImage): 46 1 47 2016-07-04 Youenn Fablet <youenn@apple.com> 2 48 -
trunk/Source/WebCore/css/CSSImageSetValue.cpp
r202765 r202811 119 119 CachedResourceRequest request(ResourceRequest(document->completeURL(image.imageURL)), options); 120 120 request.setInitiator(cachedResourceRequestInitiators().css); 121 if (options. requestOriginPolicy() == PotentiallyCrossOriginEnabled) {121 if (options.mode == FetchOptions::Mode::Cors) { 122 122 ASSERT(document->securityOrigin()); 123 123 updateRequestForAccessControl(request.mutableResourceRequest(), *document->securityOrigin(), options.allowCredentials()); -
trunk/Source/WebCore/css/CSSImageValue.cpp
r202674 r202811 83 83 request.setInitiator(m_initiatorName); 84 84 85 if (options. requestOriginPolicy() == PotentiallyCrossOriginEnabled) {85 if (options.mode == FetchOptions::Mode::Cors) { 86 86 ASSERT(loader.document()->securityOrigin()); 87 87 updateRequestForAccessControl(request.mutableResourceRequest(), *loader.document()->securityOrigin(), options.allowCredentials()); -
trunk/Source/WebCore/loader/DocumentLoader.cpp
r202105 r202811 1511 1511 request.makeUnconditional(); 1512 1512 1513 static NeverDestroyed<ResourceLoaderOptions> mainResourceLoadOptions(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, ClientRequestedCredentials, SkipSecurityCheck, UseDefaultOriginRestrictionsForType, IncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching);1513 static NeverDestroyed<ResourceLoaderOptions> mainResourceLoadOptions(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, ClientRequestedCredentials, SkipSecurityCheck, FetchOptions::Mode::NoCors, IncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching); 1514 1514 CachedResourceRequest cachedResourceRequest(request, mainResourceLoadOptions); 1515 1515 cachedResourceRequest.setInitiator(*this); -
trunk/Source/WebCore/loader/MediaResourceLoader.cpp
r202674 r202811 64 64 65 65 DataBufferingPolicy bufferingPolicy = options & LoadOption::BufferData ? WebCore::BufferData : WebCore::DoNotBufferData; 66 RequestOriginPolicy corsPolicy = !m_crossOriginMode.isNull() ? PotentiallyCrossOriginEnabled : UseDefaultOriginRestrictionsForType;66 FetchOptions::Mode corsPolicy = !m_crossOriginMode.isNull() ? FetchOptions::Mode::Cors : FetchOptions::Mode::NoCors; 67 67 auto cachingPolicy = options & LoadOption::DisallowCaching ? CachingPolicy::DisallowCaching : CachingPolicy::AllowCaching; 68 68 StoredCredentials allowCredentials = m_crossOriginMode.isNull() || equalLettersIgnoringASCIICase(m_crossOriginMode, "use-credentials") ? AllowStoredCredentials : DoNotAllowStoredCredentials; … … 73 73 // FIXME: Workaround for <rdar://problem/26071607>. We are not able to do CORS checking on 304 responses because they 74 74 // are usually missing the headers we need. 75 if (corsPolicy == PotentiallyCrossOriginEnabled)75 if (corsPolicy == FetchOptions::Mode::Cors) 76 76 updatedRequest.makeUnconditional(); 77 77 #endif -
trunk/Source/WebCore/loader/NetscapePlugInStreamLoader.cpp
r201761 r202811 44 44 // See <https://bugs.webkit.org/show_bug.cgi?id=146663>. 45 45 NetscapePlugInStreamLoader::NetscapePlugInStreamLoader(Frame& frame, NetscapePlugInStreamLoaderClient& client) 46 : ResourceLoader(frame, ResourceLoaderOptions(SendCallbacks, SniffContent, DoNotBufferData, AllowStoredCredentials, AskClientForAllCredentials, ClientRequestedCredentials, SkipSecurityCheck, UseDefaultOriginRestrictionsForType, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching))46 : ResourceLoader(frame, ResourceLoaderOptions(SendCallbacks, SniffContent, DoNotBufferData, AllowStoredCredentials, AskClientForAllCredentials, ClientRequestedCredentials, SkipSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching)) 47 47 , m_client(&client) 48 48 { -
trunk/Source/WebCore/loader/ResourceLoaderOptions.h
r202741 r202811 56 56 }; 57 57 58 enum RequestOriginPolicy {59 UseDefaultOriginRestrictionsForType,60 RestrictToSameOrigin,61 PotentiallyCrossOriginEnabled // Indicates "potentially CORS-enabled fetch" in HTML standard.62 };63 64 58 enum CertificateInfoPolicy { 65 59 IncludeCertificateInfo, … … 91 85 , m_credentialRequest(ClientDidNotRequestCredentials) 92 86 , m_securityCheck(DoSecurityCheck) 93 , m_requestOriginPolicy(UseDefaultOriginRestrictionsForType)94 87 , m_certificateInfoPolicy(DoNotIncludeCertificateInfo) 95 88 { 96 89 } 97 90 98 ResourceLoaderOptions(SendCallbackPolicy sendLoadCallbacks, ContentSniffingPolicy sniffContent, DataBufferingPolicy dataBufferingPolicy, StoredCredentials allowCredentials, ClientCredentialPolicy credentialPolicy, CredentialRequest credentialRequest, SecurityCheckPolicy securityCheck, RequestOriginPolicy requestOriginPolicy, CertificateInfoPolicy certificateInfoPolicy, ContentSecurityPolicyImposition contentSecurityPolicyImposition, DefersLoadingPolicy defersLoadingPolicy, CachingPolicy cachingPolicy)91 ResourceLoaderOptions(SendCallbackPolicy sendLoadCallbacks, ContentSniffingPolicy sniffContent, DataBufferingPolicy dataBufferingPolicy, StoredCredentials allowCredentials, ClientCredentialPolicy credentialPolicy, CredentialRequest credentialRequest, SecurityCheckPolicy securityCheck, FetchOptions::Mode mode, CertificateInfoPolicy certificateInfoPolicy, ContentSecurityPolicyImposition contentSecurityPolicyImposition, DefersLoadingPolicy defersLoadingPolicy, CachingPolicy cachingPolicy) 99 92 : m_sendLoadCallbacks(sendLoadCallbacks) 100 93 , m_sniffContent(sniffContent) … … 104 97 , m_credentialRequest(credentialRequest) 105 98 , m_securityCheck(securityCheck) 106 , m_requestOriginPolicy(requestOriginPolicy)107 99 , m_certificateInfoPolicy(certificateInfoPolicy) 108 100 , m_contentSecurityPolicyImposition(contentSecurityPolicyImposition) … … 110 102 , m_cachingPolicy(cachingPolicy) 111 103 { 104 this->mode = mode; 112 105 } 113 106 … … 126 119 SecurityCheckPolicy securityCheck() const { return static_cast<SecurityCheckPolicy>(m_securityCheck); } 127 120 void setSecurityCheck(SecurityCheckPolicy check) { m_securityCheck = check; } 128 RequestOriginPolicy requestOriginPolicy() const { return static_cast<RequestOriginPolicy>(m_requestOriginPolicy); }129 void setRequestOriginPolicy(RequestOriginPolicy policy) { m_requestOriginPolicy = policy; }130 121 CertificateInfoPolicy certificateInfoPolicy() const { return static_cast<CertificateInfoPolicy>(m_certificateInfoPolicy); } 131 122 void setCertificateInfoPolicy(CertificateInfoPolicy policy) { m_certificateInfoPolicy = policy; } … … 144 135 unsigned m_credentialRequest: 1; // Whether the client (e.g. XHR) wanted credentials in the first place. 145 136 unsigned m_securityCheck : 1; 146 unsigned m_requestOriginPolicy : 2;147 137 unsigned m_certificateInfoPolicy : 1; // Whether the response should include certificate info. 148 138 ContentSecurityPolicyImposition m_contentSecurityPolicyImposition { ContentSecurityPolicyImposition::DoPolicyCheck }; -
trunk/Source/WebCore/loader/SubresourceLoader.cpp
r202741 r202811 151 151 // FIXME: https://bugs.webkit.org/show_bug.cgi?id=155633. 152 152 // SubresourceLoader could use the document origin as a default and set PotentiallyCrossOriginEnabled requests accordingly. 153 // This would simplify resource loader users as they would only need to set the policy to PotentiallyCrossOriginEnabled.154 if (options(). requestOriginPolicy() == PotentiallyCrossOriginEnabled)153 // This would simplify resource loader users as they would only need to set fetch mode to Cors. 154 if (options().mode == FetchOptions::Mode::Cors) 155 155 m_origin = SecurityOrigin::createFromString(request.httpOrigin()); 156 156 … … 203 203 } 204 204 205 if (options(). requestOriginPolicy() == PotentiallyCrossOriginEnabled&& !checkCrossOriginAccessControl(request(), redirectResponse, newRequest)) {205 if (options().mode == FetchOptions::Mode::Cors && !checkCrossOriginAccessControl(request(), redirectResponse, newRequest)) { 206 206 cancel(); 207 207 return; -
trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp
r201805 r202811 242 242 // FIXME: loadResource calls setOwningCachedResourceLoader() if the resource couldn't be added to cache. Does this function need to call it, too? 243 243 244 userSheet->load(*this, ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, ClientRequestedCredentials, SkipSecurityCheck, UseDefaultOriginRestrictionsForType, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::SkipPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching));244 userSheet->load(*this, ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, ClientRequestedCredentials, SkipSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::SkipPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching)); 245 245 246 246 return userSheet; … … 412 412 case CachedResource::TextTrackResource: 413 413 #endif 414 if (options. requestOriginPolicy() == RestrictToSameOrigin && !m_document->securityOrigin()->canRequest(url)) {414 if (options.mode == FetchOptions::Mode::SameOrigin && !m_document->securityOrigin()->canRequest(url)) { 415 415 printAccessDeniedMessage(url); 416 416 return false; … … 1191 1191 const ResourceLoaderOptions& CachedResourceLoader::defaultCachedResourceOptions() 1192 1192 { 1193 static ResourceLoaderOptions options(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, ClientRequestedCredentials, DoSecurityCheck, UseDefaultOriginRestrictionsForType, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching);1193 static ResourceLoaderOptions options(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForAllCredentials, ClientRequestedCredentials, DoSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching); 1194 1194 return options; 1195 1195 } -
trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp
r202674 r202811 96 96 void CachedResourceRequest::setAsPotentiallyCrossOrigin(const String& mode, Document& document) 97 97 { 98 ASSERT(m_options.mode == FetchOptions::Mode::NoCors); 98 99 if (mode.isNull()) 99 100 return; 100 m_options. setRequestOriginPolicy(PotentiallyCrossOriginEnabled);101 m_options.mode = FetchOptions::Mode::Cors; 101 102 m_options.setAllowCredentials(equalLettersIgnoringASCIICase(mode, "use-credentials") ? AllowStoredCredentials : DoNotAllowStoredCredentials); 102 103 -
trunk/Source/WebCore/loader/icon/IconLoader.cpp
r195770 r202811 60 60 61 61 // ContentSecurityPolicyImposition::DoPolicyCheck is a placeholder value. It does not affect the request since Content Security Policy does not apply to raw resources. 62 CachedResourceRequest request(ResourceRequest(m_frame.loader().icon().url()), ResourceLoaderOptions(SendCallbacks, SniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForAnyCredentials, ClientDidNotRequestCredentials, DoSecurityCheck, UseDefaultOriginRestrictionsForType, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching));62 CachedResourceRequest request(ResourceRequest(m_frame.loader().icon().url()), ResourceLoaderOptions(SendCallbacks, SniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForAnyCredentials, ClientDidNotRequestCredentials, DoSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::AllowCaching)); 63 63 64 64 request.mutableResourceRequest().setPriority(ResourceLoadPriority::Low); -
trunk/Source/WebCore/platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp
r202590 r202811 72 72 73 73 // ContentSecurityPolicyImposition::DoPolicyCheck is a placeholder value. It does not affect the request since Content Security Policy does not apply to raw resources. 74 CachedResourceRequest request(ResourceRequest(urlRequest.get()), ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForCrossOriginCredentials, ClientDidNotRequestCredentials, DoSecurityCheck, UseDefaultOriginRestrictionsForType, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::DisallowCaching));74 CachedResourceRequest request(ResourceRequest(urlRequest.get()), ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForCrossOriginCredentials, ClientDidNotRequestCredentials, DoSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::DisallowCaching)); 75 75 76 76 request.mutableResourceRequest().setPriority(ResourceLoadPriority::Low); -
trunk/Source/WebCore/platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm
r202590 r202811 70 70 // FIXME: Skip Content Security Policy check if the element that inititated this request 71 71 // is in a user-agent shadow tree. See <https://bugs.webkit.org/show_bug.cgi?id=155505>. 72 CachedResourceRequest request(nsRequest, ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForCrossOriginCredentials, ClientDidNotRequestCredentials, DoSecurityCheck, UseDefaultOriginRestrictionsForType, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::DisallowCaching));72 CachedResourceRequest request(nsRequest, ResourceLoaderOptions(SendCallbacks, DoNotSniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForCrossOriginCredentials, ClientDidNotRequestCredentials, DoSecurityCheck, FetchOptions::Mode::NoCors, DoNotIncludeCertificateInfo, ContentSecurityPolicyImposition::DoPolicyCheck, DefersLoadingPolicy::AllowDefersLoading, CachingPolicy::DisallowCaching)); 73 73 request.mutableResourceRequest().setPriority(ResourceLoadPriority::Low); 74 74 if (auto* loader = m_parent->player()->cachedResourceLoader()) -
trunk/Source/WebCore/style/StylePendingResources.cpp
r202656 r202811 53 53 // FIXME: Why does shape-outside have different policy than other properties? 54 54 if (loadPolicy == LoadPolicy::ShapeOutside) { 55 options. setRequestOriginPolicy(PotentiallyCrossOriginEnabled);55 options.mode = FetchOptions::Mode::Cors; 56 56 options.setAllowCredentials(DoNotAllowStoredCredentials); 57 57 }
Note: See TracChangeset
for help on using the changeset viewer.