Changeset 205854 in webkit


Ignore:
Timestamp:
Sep 12, 2016 11:46:15 PM (8 years ago)
Author:
commit-queue@webkit.org
Message:

ScriptElement should use FetchOptions::mode according its crossOrigin attribute
https://bugs.webkit.org/show_bug.cgi?id=161686

Patch by Youenn Fablet <youenn@apple.com> on 2016-09-12
Reviewed by Darin Adler.

Source/WebCore:

Setting ScriptElement fetch mode according its crossOrigin attribute.
Removing LoadableClassicScriptchecking of CORS since this is now done at ResourceLoader/CachedResource level.

Updating CachedResourceLoader to ensure that a resource that matches an on-going resource load but with different fetch mode/origin,
always gets its loading started if the resource state is not Cached.

Tests: fast/dom/script-crossorigin-loads-fail-origin.html

http/tests/security/cross-origin-cached-images-parallel.html
http/tests/security/cross-origin-cached-images.html
http/tests/security/cross-origin-cached-scripts-parallel.html
http/tests/security/cross-origin-cached-scripts.html
http/tests/security/script-crossorigin-loads-correctly-credentials.html
http/tests/security/script-with-dataurl.html

  • dom/LoadableClassicScript.cpp:

(WebCore::LoadableClassicScript::create):
(WebCore::LoadableClassicScript::notifyFinished): Checking CORS failures using the resource state.
(WebCore::LoadableClassicScript::~LoadableClassicScript): Deleted.
(WebCore::LoadableClassicScript::isLoaded): Deleted.

  • dom/LoadableClassicScript.h:
  • dom/ScriptElement.cpp:

(WebCore::ScriptElement::requestClassicScript):
(WebCore::ScriptElement::requestScriptWithCache): Using CachedResourceRequest::setAsPotentiallyCrossOrigin to set fetch mode according crossOrigin attribute.

  • dom/ScriptElement.h:
  • loader/cache/CachedImage.cpp:

(WebCore::CachedImage::setBodyDataFrom):

  • loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::updateCachedResourceWithCurrentRequest): Adding support for script resources.
(WebCore::CachedResourceLoader::requestResource): Ensuring that 'updated' resources gets actually loaded.

  • loader/cache/CachedScript.cpp:

(WebCore::CachedScript::setBodyDataFrom): Implementing specific data copy from another CachedScript.

  • loader/cache/CachedScript.h:

LayoutTests:

Added new tests.
Updated cookie test for robustness as the order of the cookie items when more than one may not be preserved.

Moved one of the blink test to http/tests as it requires HTTP to run properly.
Updated blink test expectation as it is run from file, while it should be run from http.

Copied a similar test to http/tests/local to ensure that script load fails when served from the filesystem , CORS check failing.
The test was previously passing in WebKit as the test file was served from filesystem and was granted universal access.
The CORS checks were done through SecurityOrigin::canRequest which was testing that first.
With the patch, CORS checks are done at a lower level and do not take in to account universal access.
This aligns with Chrome and Firefox behavior.

  • http/tests/local/script-crossorigin-loads-fail-origin-expected.txt: Added.
  • http/tests/local/script-crossorigin-loads-fail-origin.html: Copied from LayoutTests/imported/blink/http/tests/security/script-crossorigin-loads-correctly-credentials.html.
  • http/tests/cookies/resources/third-party-cookie-relaxing-iframe.html: Sorting the cookie to make the test more resistant.
  • http/tests/security/cross-origin-cached-images-expected.txt: Added.
  • http/tests/security/cross-origin-cached-images-parallel-expected.txt: Added.
  • http/tests/security/cross-origin-cached-images-parallel.html: Renamed from LayoutTests/http/tests/security/cross-origin-cached-resource-parallel.html.
  • http/tests/security/cross-origin-cached-images.html: Renamed from LayoutTests/http/tests/security/cross-origin-cached-resource.html.
  • http/tests/security/cross-origin-cached-resource-parallel-expected.txt: Removed.
  • http/tests/security/cross-origin-cached-scripts-expected.txt: Added.
  • http/tests/security/cross-origin-cached-scripts-parallel-expected.txt: Added.
  • http/tests/security/cross-origin-cached-scripts-parallel.html: Added.
  • http/tests/security/cross-origin-cached-scripts.html: Added.
  • http/tests/security/resources/cors-script.php: Updated according chromium script to activate CORS credentials header if requested.
  • http/tests/security/resources/cross-origin-cached-resource-iframe.html:
  • http/tests/security/resources/notify-loaded.js: Added.
  • http/tests/security/script-crossorigin-loads-correctly-credentials-expected.txt: Renamed from LayoutTests/imported/blink/http/tests/security/script-crossorigin-loads-correctly-credentials-expected.txt.
  • http/tests/security/script-crossorigin-loads-correctly-credentials.html: Renamed from LayoutTests/imported/blink/http/tests/security/script-crossorigin-loads-correctly-credentials.html.
  • http/tests/security/script-with-dataurl-expected.txt: Added.
  • http/tests/security/script-with-dataurl.html: Added.
  • http/tests/security/script-with-failed-cors-check-fails-to-load-expected.txt:
Location:
trunk
Files:
10 added
1 deleted
14 edited
1 copied
4 moved

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r205849 r205854  
     12016-09-12  Youenn Fablet  <youenn@apple.com>
     2
     3        ScriptElement should use FetchOptions::mode according its crossOrigin attribute
     4        https://bugs.webkit.org/show_bug.cgi?id=161686
     5
     6        Reviewed by Darin Adler.
     7
     8        Added new tests.
     9        Updated cookie test for robustness as the order of the cookie items when more than one may not be preserved.
     10
     11        Moved one of the blink test to http/tests as it requires HTTP to run properly.
     12        Updated blink test expectation as it is run from file, while it should be run from http.
     13
     14        Copied a similar test to http/tests/local to ensure that script load fails when served from the filesystem , CORS check failing.
     15        The test was previously passing in WebKit as the test file was served from filesystem and was granted universal access.
     16        The CORS checks were done through SecurityOrigin::canRequest which was testing that first.
     17        With the patch, CORS checks are done at a lower level and do not take in to account universal access.
     18        This aligns with Chrome and Firefox behavior.
     19
     20        * http/tests/local/script-crossorigin-loads-fail-origin-expected.txt: Added.
     21        * http/tests/local/script-crossorigin-loads-fail-origin.html: Copied from LayoutTests/imported/blink/http/tests/security/script-crossorigin-loads-correctly-credentials.html.
     22        * http/tests/cookies/resources/third-party-cookie-relaxing-iframe.html: Sorting the cookie to make the test more resistant.
     23        * http/tests/security/cross-origin-cached-images-expected.txt: Added.
     24        * http/tests/security/cross-origin-cached-images-parallel-expected.txt: Added.
     25        * http/tests/security/cross-origin-cached-images-parallel.html: Renamed from LayoutTests/http/tests/security/cross-origin-cached-resource-parallel.html.
     26        * http/tests/security/cross-origin-cached-images.html: Renamed from LayoutTests/http/tests/security/cross-origin-cached-resource.html.
     27        * http/tests/security/cross-origin-cached-resource-parallel-expected.txt: Removed.
     28        * http/tests/security/cross-origin-cached-scripts-expected.txt: Added.
     29        * http/tests/security/cross-origin-cached-scripts-parallel-expected.txt: Added.
     30        * http/tests/security/cross-origin-cached-scripts-parallel.html: Added.
     31        * http/tests/security/cross-origin-cached-scripts.html: Added.
     32        * http/tests/security/resources/cors-script.php: Updated according chromium script to activate CORS credentials header if requested.
     33        * http/tests/security/resources/cross-origin-cached-resource-iframe.html:
     34        * http/tests/security/resources/notify-loaded.js: Added.
     35        * http/tests/security/script-crossorigin-loads-correctly-credentials-expected.txt: Renamed from LayoutTests/imported/blink/http/tests/security/script-crossorigin-loads-correctly-credentials-expected.txt.
     36        * http/tests/security/script-crossorigin-loads-correctly-credentials.html: Renamed from LayoutTests/imported/blink/http/tests/security/script-crossorigin-loads-correctly-credentials.html.
     37        * http/tests/security/script-with-dataurl-expected.txt: Added.
     38        * http/tests/security/script-with-dataurl.html: Added.
     39        * http/tests/security/script-with-failed-cors-check-fails-to-load-expected.txt:
     40
    1412016-09-12  Fujii Hironori  <Hironori.Fujii@sony.com>
    242
  • trunk/LayoutTests/http/tests/cookies/resources/third-party-cookie-relaxing-iframe.html

    r120167 r205854  
    2222}
    2323
     24function sortCookie(cookie)
     25{
     26    var items = cookie.split("; ");
     27    items.sort();
     28    return items.join("; ");
     29}
     30
    2431var stage = 1;
    2532function showCookies()
    2633{
    27     alert("Test stage " + stage++ + " document.cookie is: " + document.cookie);
    28     parent.window.postMessage("done", "*");   
     34    alert("Test stage " + stage++ + " document.cookie is: " + sortCookie(document.cookie));
     35    parent.window.postMessage("done", "*");
    2936}
    3037
  • trunk/LayoutTests/http/tests/local/script-crossorigin-loads-fail-origin.html

    r205853 r205854  
    11<body>
    2 <p>This test passes if the script loads correctly.</p>
     2<p>This test fails if the script loads correctly.</p>
    33<pre></pre>
    44<script>
     
    1616var script = document.createElement("script");
    1717script.crossOrigin = "use-credentials";
     18// We are serving the test from the filesystem, so it should fail as authorized origin is 127.0.0.1:8000.
    1819script.src = "http://localhost:8000/security/resources/cors-script.php?credentials=true";
    19 script.onload = function() { done("PASS"); }
    20 script.onerror = function() { done("FAIL");}
     20script.onload = function() { done("FAIL"); }
     21script.onerror = function() { done("PASS");}
    2122document.body.appendChild(script);
    2223</script>
  • trunk/LayoutTests/http/tests/security/cross-origin-cached-images-parallel.html

    r205853 r205854  
    22<body>
    33<p>Tests source origin difference for cached resources.</p
    4 <p>Trying to load sequentially the same image from various origins.</p>
    5 <p>All images should load.</p>
     4<p>Trying to load sequentially the same image from different origins.</p>
    65<div id="console"></div>
    76<div>
     
    4140
    4241var allowAllImage1 = "http://127.0.0.1:8000/security/resources/abe-allow-star.php?allowCache";
    43 var allow8000Image1 = "http://127.0.0.1:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000";
     42var allow8000Image1 = "http://127.0.0.1:8000/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000&delay=200";
    4443
    4544var allowAllImage2 = "http://127.0.0.1:8080/security/resources/abe-allow-star.php?allowCache";
    46 var allow8000Image2 = "http://127.0.0.1:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000";
     45var allow8000Image2 = "http://127.0.0.1:8080/security/resources/allow-if-origin.php?allowCache&origin=http%3A%2F%2Flocalhost%3A8000&delay=200";
    4746
    4847document.getElementById('iframe1').src = iframeURL8000 + "#" +
    49     encodeURIComponent(JSON.stringify({url: allowAllImage1, shouldPass:true, crossOrigin: "anonymous", id: 1}));
     48    encodeURIComponent(JSON.stringify({node: "img", url: allowAllImage1, shouldPass:true, crossOrigin: "anonymous", id: 1}));
    5049document.getElementById('iframe2').src = iframeURL8080 + "#" +
    51     encodeURIComponent(JSON.stringify({url: allowAllImage1, shouldPass: true, crossOrigin: "anonymous", id: 2}));
     50    encodeURIComponent(JSON.stringify({node: "img", url: allowAllImage1, shouldPass: true, crossOrigin: "anonymous", id: 2}));
    5251document.getElementById('iframe3').src = iframeURL8000 + "#" +
    53     encodeURIComponent(JSON.stringify({url: allow8000Image1, shouldPass: true, crossOrigin: "anonymous", id: 3}));
     52    encodeURIComponent(JSON.stringify({node: "img", url: allow8000Image1, shouldPass: true, crossOrigin: "anonymous", id: 3}));
    5453document.getElementById('iframe4').src = iframeURL8080 + "#" +
    55     encodeURIComponent(JSON.stringify({url: allow8000Image1, shouldPass: false, crossOrigin: "anonymous", id: 4}));
     54    encodeURIComponent(JSON.stringify({node: "img", url: allow8000Image1, shouldPass: false, crossOrigin: "anonymous", id: 4}));
    5655
    5756document.getElementById('iframe5').src = iframeURL8000 + "#" +
    58     encodeURIComponent(JSON.stringify({url: allowAllImage2, shouldPass:true, id: 5}));
     57    encodeURIComponent(JSON.stringify({node: "img", url: allowAllImage2, shouldPass:true, id: 5}));
    5958document.getElementById('iframe6').src = iframeURL8000 + "#" +
    60     encodeURIComponent(JSON.stringify({url: allowAllImage2, shouldPass:true, crossOrigin: "anonymous", id: 6}));
     59    encodeURIComponent(JSON.stringify({node: "img", url: allowAllImage2, shouldPass:true, crossOrigin: "anonymous", id: 6}));
    6160document.getElementById('iframe7').src = iframeURL8080 + "#" +
    62     encodeURIComponent(JSON.stringify({url: allow8000Image2, shouldPass:true, id: 7}));
     61    encodeURIComponent(JSON.stringify({node: "img", url: allow8000Image2, shouldPass:true, id: 7}));
    6362document.getElementById('iframe8').src = iframeURL8080 + "#" +
    64     encodeURIComponent(JSON.stringify({url: allow8000Image2, shouldPass:false, crossOrigin: "anonymous", id: 8}));
     63    encodeURIComponent(JSON.stringify({node: "img", url: allow8000Image2, shouldPass:false, crossOrigin: "anonymous", id: 8}));
    6564</script>
    6665</body>
  • trunk/LayoutTests/http/tests/security/cross-origin-cached-images.html

    r205853 r205854  
    22<body>
    33<p>Tests source origin difference for cached resources.</p
    4 <p>Trying to load sequentially the same image from various origins.</p>
    5 <p>All images should load.</p>
     4<p>Trying to load sequentially the same image from different origins.</p>
    65<div id="console"></div>
    76<div>
     
    4443    if (counter == 1)
    4544        document.getElementById('iframe1').src = iframeURL8000 + "#" +
    46             encodeURIComponent(JSON.stringify({url: allowAllImage1, shouldPass:true, crossOrigin: "anonymous", id: 1}));
     45            encodeURIComponent(JSON.stringify({node: "img", url: allowAllImage1, shouldPass:true, crossOrigin: "anonymous", id: 1}));
    4746    else if (counter == 2)
    4847        document.getElementById('iframe2').src = iframeURL8080 + "#" +
    49             encodeURIComponent(JSON.stringify({url: allowAllImage1, shouldPass: true, crossOrigin: "anonymous", id: 2}));
     48            encodeURIComponent(JSON.stringify({node: "img", url: allowAllImage1, shouldPass: true, crossOrigin: "anonymous", id: 2}));
    5049    else if (counter == 3)
    5150        document.getElementById('iframe3').src = iframeURL8000 + "#" +
    52             encodeURIComponent(JSON.stringify({url: allow8000Image1, shouldPass: true, crossOrigin: "anonymous", id: 3}));
     51            encodeURIComponent(JSON.stringify({node: "img", url: allow8000Image1, shouldPass: true, crossOrigin: "anonymous", id: 3}));
    5352    // Fourth image load should fail since requesting image from localhost:8080 while only allowed from localhost:8000.
    5453    else if (counter == 4)
    5554        document.getElementById('iframe4').src = iframeURL8080 + "#" +
    56             encodeURIComponent(JSON.stringify({url: allow8000Image1, shouldPass: false, crossOrigin: "anonymous", id: 4}));
     55            encodeURIComponent(JSON.stringify({node: "img", url: allow8000Image1, shouldPass: false, crossOrigin: "anonymous", id: 4}));
    5756
    5857    // Four next tests try to load a cross-origin image without cors and then with cors.
    5958    else if (counter == 5)
    6059        document.getElementById('iframe5').src = iframeURL8000 + "#" +
    61             encodeURIComponent(JSON.stringify({url: allowAllImage2, shouldPass:true, id: 5}));
     60            encodeURIComponent(JSON.stringify({node: "img", url: allowAllImage2, shouldPass:true, id: 5}));
    6261    else if (counter == 6)
    6362        document.getElementById('iframe6').src = iframeURL8000 + "#" +
    64             encodeURIComponent(JSON.stringify({url: allowAllImage2, shouldPass:true, crossOrigin: "anonymous", id: 6}));
     63            encodeURIComponent(JSON.stringify({node: "img", url: allowAllImage2, shouldPass:true, crossOrigin: "anonymous", id: 6}));
    6564    else if (counter == 7)
    6665        document.getElementById('iframe7').src = iframeURL8080 + "#" +
    67             encodeURIComponent(JSON.stringify({url: allow8000Image2, shouldPass:true, id: 7}));
     66            encodeURIComponent(JSON.stringify({node: "img", url: allow8000Image2, shouldPass:true, id: 7}));
    6867    else if (counter == 8)
    6968        document.getElementById('iframe8').src = iframeURL8080 + "#" +
    70             encodeURIComponent(JSON.stringify({url: allow8000Image2, shouldPass:false, crossOrigin: "anonymous", id: 8}));
     69            encodeURIComponent(JSON.stringify({node: "img", url: allow8000Image2, shouldPass:false, crossOrigin: "anonymous", id: 8}));
    7170    else if (window.testRunner)
    7271        testRunner.notifyDone();
  • trunk/LayoutTests/http/tests/security/resources/cors-script.php

    r135009 r205854  
    22header("Access-Control-Allow-Origin: http://127.0.0.1:8000");
    33header("Content-Type: application/javascript");
     4
     5if (strtolower($_GET["credentials"]) == "true") {
     6    header("Access-Control-Allow-Credentials: true");
     7}
     8
    49if (strtolower($_GET["fail"]) == "true")
    510    echo "throw({toString: function(){ return 'SomeError' }});";
  • trunk/LayoutTests/http/tests/security/resources/cross-origin-cached-resource-iframe.html

    r205473 r205854  
    22<body>
    33
    4 <img id="img" onload="logStatus(true)" onerror="logStatus(false)"/>
     4<img id="img" onload="logStatus(true)" onerror="logStatus(false)"></img>
     5<script id="script" onload="logStatus(true)" onerror="logStatus(false)"></script>
    56<script>
    67var test = JSON.parse(decodeURIComponent(location.hash.substring(1)));
     
    1213
    1314    msg += status ? "Loaded" : "Did not load";
    14     msg += " image " + img.src + " from " + location.host;
     15    msg += " " + test.node + " " + node.src + " from " + location.host;
    1516    if (test.crossOrigin)
    1617        msg += " (crossOrigin=" + test.crossOrigin + ")";
     
    1920}
    2021
    21 var image = document.getElementById('img');
     22var node = document.getElementById(test.node);
    2223if (test.crossOrigin !== undefined)
    23     image.crossOrigin = test.crossOrigin;
    24 image.src = test.url;
     24    node.crossOrigin = test.crossOrigin;
     25node.src = test.url;
    2526</script>
    2627</body>
  • trunk/LayoutTests/http/tests/security/script-with-failed-cors-check-fails-to-load-expected.txt

    r111359 r205854  
     1CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
    12CONSOLE MESSAGE: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
    23This test passes if the script does not load.
  • trunk/Source/WebCore/ChangeLog

    r205853 r205854  
     12016-09-12  Youenn Fablet  <youenn@apple.com>
     2
     3        ScriptElement should use FetchOptions::mode according its crossOrigin attribute
     4        https://bugs.webkit.org/show_bug.cgi?id=161686
     5
     6        Reviewed by Darin Adler.
     7
     8        Setting ScriptElement fetch mode according its crossOrigin attribute.
     9        Removing LoadableClassicScriptchecking of CORS since this is now done at ResourceLoader/CachedResource level.
     10
     11        Updating CachedResourceLoader to ensure that a resource that matches an on-going resource load but with different fetch mode/origin,
     12        always gets its loading started if the resource state is not Cached.
     13
     14        Tests: fast/dom/script-crossorigin-loads-fail-origin.html
     15               http/tests/security/cross-origin-cached-images-parallel.html
     16               http/tests/security/cross-origin-cached-images.html
     17               http/tests/security/cross-origin-cached-scripts-parallel.html
     18               http/tests/security/cross-origin-cached-scripts.html
     19               http/tests/security/script-crossorigin-loads-correctly-credentials.html
     20               http/tests/security/script-with-dataurl.html
     21
     22        * dom/LoadableClassicScript.cpp:
     23        (WebCore::LoadableClassicScript::create):
     24        (WebCore::LoadableClassicScript::notifyFinished): Checking CORS failures using the resource state.
     25        (WebCore::LoadableClassicScript::~LoadableClassicScript): Deleted.
     26        (WebCore::LoadableClassicScript::isLoaded): Deleted.
     27        * dom/LoadableClassicScript.h:
     28        * dom/ScriptElement.cpp:
     29        (WebCore::ScriptElement::requestClassicScript):
     30        (WebCore::ScriptElement::requestScriptWithCache): Using CachedResourceRequest::setAsPotentiallyCrossOrigin to set fetch mode according crossOrigin attribute.
     31        * dom/ScriptElement.h:
     32        * loader/cache/CachedImage.cpp:
     33        (WebCore::CachedImage::setBodyDataFrom):
     34        * loader/cache/CachedResourceLoader.cpp:
     35        (WebCore::CachedResourceLoader::updateCachedResourceWithCurrentRequest): Adding support for script resources.
     36        (WebCore::CachedResourceLoader::requestResource): Ensuring that 'updated' resources gets actually loaded.
     37        * loader/cache/CachedScript.cpp:
     38        (WebCore::CachedScript::setBodyDataFrom): Implementing specific data copy from another CachedScript.
     39        * loader/cache/CachedScript.h:
     40
    1412016-09-12  Carlos Garcia Campos  <cgarcia@igalia.com>
    242
  • trunk/Source/WebCore/dom/LoadableClassicScript.cpp

    r205583 r205854  
    3434namespace WebCore {
    3535
    36 Ref<LoadableClassicScript> LoadableClassicScript::create(CachedResourceHandle<CachedScript>&& cachedScript, const String& crossOriginMode, SecurityOrigin& securityOrigin)
     36Ref<LoadableClassicScript> LoadableClassicScript::create(CachedResourceHandle<CachedScript>&& cachedScript)
    3737{
    3838    ASSERT(cachedScript);
    39     auto script = adoptRef(*new LoadableClassicScript(WTFMove(cachedScript), crossOriginMode, securityOrigin));
     39    auto script = adoptRef(*new LoadableClassicScript(WTFMove(cachedScript)));
    4040    cachedScript->addClient(script.ptr());
    4141    return script;
    42 }
    43 
    44 LoadableClassicScript::LoadableClassicScript(CachedResourceHandle<CachedScript>&& cachedScript, const String& crossOriginMode, SecurityOrigin& securityOrigin)
    45     : m_cachedScript(cachedScript)
    46     , m_securityOrigin(securityOrigin)
    47     , m_requestUsesAccessControl(!crossOriginMode.isNull())
    48 {
    4942}
    5043
     
    7568}
    7669
    77 void LoadableClassicScript::notifyFinished(CachedResource*)
     70void LoadableClassicScript::notifyFinished(CachedResource* resource)
    7871{
    79     if (!m_error && m_requestUsesAccessControl && !m_cachedScript->passesSameOriginPolicyCheck(m_securityOrigin.get())) {
     72    ASSERT(resource);
     73    if (resource->resourceError().isAccessControl()) {
    8074        static NeverDestroyed<String> consoleMessage(ASCIILiteral("Cross-origin script load denied by Cross-Origin Resource Sharing policy."));
    8175        m_error = Error {
  • trunk/Source/WebCore/dom/LoadableClassicScript.h

    r205581 r205854  
    4343    ~LoadableClassicScript();
    4444
    45     static Ref<LoadableClassicScript> create(CachedResourceHandle<CachedScript>&&, const String& crossOriginMode, SecurityOrigin&);
     45    static Ref<LoadableClassicScript> create(CachedResourceHandle<CachedScript>&&);
    4646    bool isLoaded() const override;
    4747    Optional<Error> wasErrored() const override;
     
    5454
    5555private:
    56     LoadableClassicScript(CachedResourceHandle<CachedScript>&&, const String& crossOriginMode, SecurityOrigin&);
     56    LoadableClassicScript(CachedResourceHandle<CachedScript>&& cachedScript) : m_cachedScript(WTFMove(cachedScript)) { }
    5757
    5858    void notifyFinished(CachedResource*) override;
    5959
    6060    CachedResourceHandle<CachedScript> m_cachedScript;
    61     Ref<SecurityOrigin> m_securityOrigin;
    6261    Optional<Error> m_error { Nullopt };
    63     bool m_requestUsesAccessControl;
    6462};
    6563
  • trunk/Source/WebCore/dom/ScriptElement.cpp

    r205695 r205854  
    264264    ASSERT(!m_loadableScript);
    265265    if (!stripLeadingAndTrailingHTMLSpaces(sourceURL).isEmpty()) {
    266         String crossOriginMode = m_element.attributeWithoutSynchronization(HTMLNames::crossoriginAttr);
    267         auto request = requestScriptWithCache(m_element.document().completeURL(sourceURL), m_element.attributeWithoutSynchronization(HTMLNames::nonceAttr), crossOriginMode);
     266        auto request = requestScriptWithCache(m_element.document().completeURL(sourceURL), m_element.attributeWithoutSynchronization(HTMLNames::nonceAttr));
    268267        if (request) {
    269             m_loadableScript = LoadableClassicScript::create(WTFMove(request), crossOriginMode, *m_element.document().securityOrigin());
     268            m_loadableScript = LoadableClassicScript::create(WTFMove(request));
    270269            m_isExternalScript = true;
    271270        }
     
    281280}
    282281
    283 CachedResourceHandle<CachedScript> ScriptElement::requestScriptWithCache(const URL& sourceURL, const String& nonceAttribute, const String& crossOriginMode)
     282CachedResourceHandle<CachedScript> ScriptElement::requestScriptWithCache(const URL& sourceURL, const String& nonceAttribute)
    284283{
    285284    bool hasKnownNonce = m_element.document().contentSecurityPolicy()->allowScriptWithNonce(nonceAttribute, m_element.isInUserAgentShadowTree());
     
    288287
    289288    CachedResourceRequest request(ResourceRequest(sourceURL), options);
     289    request.setAsPotentiallyCrossOrigin(m_element.attributeWithoutSynchronization(HTMLNames::crossoriginAttr), m_element.document());
    290290
    291291    m_element.document().contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(request.mutableResourceRequest(), ContentSecurityPolicy::InsecureRequestType::Load);
    292 
    293     if (!crossOriginMode.isNull()) {
    294         StoredCredentials allowCredentials = equalLettersIgnoringASCIICase(crossOriginMode, "use-credentials") ? AllowStoredCredentials : DoNotAllowStoredCredentials;
    295         ASSERT(m_element.document().securityOrigin());
    296         updateRequestForAccessControl(request.mutableResourceRequest(), *m_element.document().securityOrigin(), allowCredentials);
    297     }
    298292
    299293    request.setCharset(scriptCharset());
  • trunk/Source/WebCore/dom/ScriptElement.h

    r205695 r205854  
    9090    bool isScriptForEventSupported() const;
    9191
    92     CachedResourceHandle<CachedScript> requestScriptWithCache(const URL&, const String& nonceAttribute, const String& crossoriginAttribute);
     92    CachedResourceHandle<CachedScript> requestScriptWithCache(const URL&, const String&);
    9393
    9494    bool requestClassicScript(const String& sourceURL);
  • trunk/Source/WebCore/loader/cache/CachedImage.cpp

    r205473 r205854  
    120120    const CachedImage& image = static_cast<const CachedImage&>(resource);
    121121
    122     setLoading(false);
    123122    m_image = image.m_image;
    124123
  • trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp

    r205750 r205854  
    547547
    548548    // FIXME: We should progressively extend this to other reusable resources
    549     if (resource.type() != CachedResource::Type::ImageResource && resource.type() != CachedResource::Type::TextTrackResource)
     549    if (resource.type() != CachedResource::Type::ImageResource && resource.type() != CachedResource::Type::Script && resource.type() != CachedResource::Type::TextTrackResource)
    550550        return false;
    551551
     
    648648    logMemoryCacheResourceRequest(frame(), resource ? DiagnosticLoggingKeys::inMemoryCacheKey() : DiagnosticLoggingKeys::notInMemoryCacheKey());
    649649
    650     const RevalidationPolicy policy = determineRevalidationPolicy(type, request, resource.get());
     650    RevalidationPolicy policy = determineRevalidationPolicy(type, request, resource.get());
    651651    switch (policy) {
    652652    case Reload:
     
    664664        break;
    665665    case Use:
    666         if (!updateCachedResourceWithCurrentRequest(request, resource)) {
     666        if (updateCachedResourceWithCurrentRequest(request, resource)) {
     667            if (resource->status() != CachedResource::Status::Cached)
     668                policy = Load;
     669        } else {
     670            ASSERT(policy == Use);
    667671            if (!shouldContinueAfterNotifyingLoadedFromMemoryCache(request, resource.get()))
    668672                return nullptr;
  • trunk/Source/WebCore/loader/cache/CachedScript.cpp

    r204466 r205854  
    124124}
    125125
     126void CachedScript::setBodyDataFrom(const CachedResource& resource)
     127{
     128    ASSERT(resource.type() == type());
     129    auto& script = static_cast<const CachedScript&>(resource);
     130
     131    m_data = script.m_data;
     132    m_script = script.m_script;
     133    m_scriptHash = script.m_scriptHash;
     134    m_decodingState = script.m_decodingState;
     135    m_decoder = script.m_decoder;
     136}
     137
    126138#if ENABLE(NOSNIFF)
    127139bool CachedScript::mimeTypeAllowedByNosniff() const
  • trunk/Source/WebCore/loader/cache/CachedScript.h

    r199881 r205854  
    4848
    4949private:
    50     bool mayTryReplaceEncodedData() const override { return true; }
     50    bool mayTryReplaceEncodedData() const final { return true; }
    5151
    52     bool shouldIgnoreHTTPStatusCodeErrors() const override;
     52    bool shouldIgnoreHTTPStatusCodeErrors() const final;
    5353
    54     void setEncoding(const String&) override;
    55     String encoding() const override;
    56     const TextResourceDecoder* textResourceDecoder() const override { return m_decoder.get(); }
    57     void finishLoading(SharedBuffer*) override;
     54    void setEncoding(const String&) final;
     55    String encoding() const final;
     56    const TextResourceDecoder* textResourceDecoder() const final { return m_decoder.get(); }
     57    void finishLoading(SharedBuffer*) final;
    5858
    59     void destroyDecodedData() override;
     59    void destroyDecodedData() final;
     60
     61    void setBodyDataFrom(const CachedResource&) final;
    6062
    6163    String m_script;
Note: See TracChangeset for help on using the changeset viewer.