Changeset 95768 in webkit
- Timestamp:
- Sep 22, 2011 6:12:38 PM (13 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 16 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r95766 r95768 1 2011-09-22 Nate Chapin <japhet@chromium.org> 2 3 Remove didReceiveAuthenticationChallenge() from SubresourceLoaderClient. 4 Instead, add a load-specific policy for showing the user authentication 5 challenge down to ResourceLoaderOptions and enforce it in ResourceLoader. 6 https://bugs.webkit.org/show_bug.cgi?id=65330 7 8 Reviewed by Alexey Proskuryakov. 9 10 No new tests, refactor only. 11 12 * loader/DocumentThreadableLoader.cpp: 13 * loader/DocumentThreadableLoader.h: 14 * loader/MainResourceLoader.cpp: 15 * loader/NetscapePlugInStreamLoader.cpp: 16 * loader/ResourceLoadScheduler.h: 17 * loader/ResourceLoader.cpp: 18 (WebCore::ResourceLoader::didReceiveAuthenticationChallenge): 19 For resource types that always send a challenge to the embedder, 20 this patch doesn't change anything. For those that don't, we will 21 always try to continue without credentials when they are forbidden 22 and the platform supports it. 23 When continuing without credentials was initially implemented in 24 DocumentThreadableLoader, we sent the ThreadableLoaderClient a didFail(), 25 then canceled the SubresourceLoader. This was necessary because of the 26 quirks of ThreadableLoader cancellation (we sever the client/loader connections 27 before the load actually cancels), but a simple didFail() should suffice at 28 the ResourceLoader layer. 29 * loader/ResourceLoaderOptions.h: 30 * loader/SubresourceLoader.cpp: 31 * loader/SubresourceLoader.h: 32 * loader/SubresourceLoaderClient.h: 33 * loader/cache/CachedResource.cpp: 34 * loader/cache/CachedResourceLoader.cpp: 35 * loader/cache/CachedResourceLoader.h: 36 * loader/icon/IconLoader.cpp: The ResourceLoader implementation of 37 didReceiveAuthenticationChallege means that IconLoader will now 38 try to continue with credentials on platforms that support it, 39 rather than just canceling outright. We still will never prompt 40 for authentication for icons. 41 * loader/icon/IconLoader.h: 42 1 43 2011-09-22 Dean Jackson <dino@apple.com> 2 44 -
trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp
r93923 r95768 289 289 } 290 290 291 void DocumentThreadableLoader::didReceiveAuthenticationChallenge(SubresourceLoader* loader, const AuthenticationChallenge& challenge)292 {293 ASSERT(loader == m_loader);294 // Users are not prompted for credentials for cross-origin requests.295 if (!m_sameOriginRequest) {296 #if PLATFORM(MAC) || USE(CFNETWORK) || USE(CURL)297 loader->handle()->receivedRequestToContinueWithoutCredential(challenge);298 #else299 // These platforms don't provide a way to continue without credentials, cancel the load altogether.300 UNUSED_PARAM(challenge);301 RefPtr<DocumentThreadableLoader> protect(this);302 m_client->didFail(loader->blockedError());303 cancel();304 #endif305 }306 }307 308 291 void DocumentThreadableLoader::preflightSuccess() 309 292 { … … 332 315 if (m_async) { 333 316 ThreadableLoaderOptions options = m_options; 317 options.crossOriginCredentialPolicy = DoNotAskClientForCrossOriginCredentials; 334 318 if (m_actualRequest) { 335 319 // Don't sniff content or send load callbacks for the preflight request. -
trunk/Source/WebCore/loader/DocumentThreadableLoader.h
r94466 r95768 83 83 virtual void didFail(SubresourceLoader*, const ResourceError&); 84 84 85 virtual void didReceiveAuthenticationChallenge(SubresourceLoader*, const AuthenticationChallenge&);86 87 85 #if PLATFORM(CHROMIUM) 88 86 virtual void didDownloadData(SubresourceLoader*, int dataLength); -
trunk/Source/WebCore/loader/MainResourceLoader.cpp
r93923 r95768 61 61 62 62 MainResourceLoader::MainResourceLoader(Frame* frame) 63 : ResourceLoader(frame, ResourceLoaderOptions(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials ))63 : ResourceLoader(frame, ResourceLoaderOptions(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForCrossOriginCredentials)) 64 64 , m_dataLoadTimer(this, &MainResourceLoader::handleDataLoadNow) 65 65 , m_loadingMultipartContent(false) -
trunk/Source/WebCore/loader/NetscapePlugInStreamLoader.cpp
r93923 r95768 37 37 38 38 NetscapePlugInStreamLoader::NetscapePlugInStreamLoader(Frame* frame, NetscapePlugInStreamLoaderClient* client) 39 : ResourceLoader(frame, ResourceLoaderOptions(SendCallbacks, SniffContent, DoNotBufferData, AllowStoredCredentials ))39 : ResourceLoader(frame, ResourceLoaderOptions(SendCallbacks, SniffContent, DoNotBufferData, AllowStoredCredentials, AskClientForCrossOriginCredentials)) 40 40 , m_client(client) 41 41 { -
trunk/Source/WebCore/loader/ResourceLoadScheduler.h
r93923 r95768 52 52 friend ResourceLoadScheduler* resourceLoadScheduler(); 53 53 54 PassRefPtr<SubresourceLoader> scheduleSubresourceLoad(Frame*, SubresourceLoaderClient*, const ResourceRequest&, ResourceLoadPriority = ResourceLoadPriorityLow, SecurityCheckPolicy = DoSecurityCheck, const ResourceLoaderOptions& = ResourceLoaderOptions(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials));54 PassRefPtr<SubresourceLoader> scheduleSubresourceLoad(Frame*, SubresourceLoaderClient*, const ResourceRequest&, ResourceLoadPriority, SecurityCheckPolicy, const ResourceLoaderOptions&); 55 55 PassRefPtr<NetscapePlugInStreamLoader> schedulePluginStreamLoad(Frame*, NetscapePlugInStreamLoaderClient*, const ResourceRequest&); 56 56 void addMainResourceLoad(ResourceLoader*); -
trunk/Source/WebCore/loader/ResourceLoader.cpp
r95120 r95768 43 43 #include "ResourceHandle.h" 44 44 #include "ResourceLoadScheduler.h" 45 #include "SecurityOrigin.h" 45 46 #include "Settings.h" 46 47 #include "SharedBuffer.h" … … 516 517 void ResourceLoader::didReceiveAuthenticationChallenge(const AuthenticationChallenge& challenge) 517 518 { 519 ASSERT(handle()->hasAuthenticationChallenge()); 518 520 // Protect this in this delegate method since the additional processing can do 519 521 // anything including possibly derefing this; one example of this is Radar 3266216. 520 522 RefPtr<ResourceLoader> protector(this); 521 frameLoader()->notifier()->didReceiveAuthenticationChallenge(this, challenge); 523 524 if (m_options.allowCredentials == AllowStoredCredentials) { 525 if (m_options.crossOriginCredentialPolicy == AskClientForCrossOriginCredentials || m_frame->document()->securityOrigin()->canRequest(originalRequest().url())) { 526 frameLoader()->notifier()->didReceiveAuthenticationChallenge(this, challenge); 527 return; 528 } 529 } 530 // Only these platforms provide a way to continue without credentials. 531 // If we can't continue with credentials, we need to cancel the load altogether. 532 #if PLATFORM(MAC) || USE(CFNETWORK) || USE(CURL) 533 handle()->receivedRequestToContinueWithoutCredential(challenge); 534 ASSERT(!handle()->hasAuthenticationChallenge()); 535 #else 536 didFail(blockedError()); 537 #endif 522 538 } 523 539 -
trunk/Source/WebCore/loader/ResourceLoaderOptions.h
r93923 r95768 50 50 DoNotBufferData 51 51 }; 52 53 enum ClientCrossOriginCredentialPolicy { 54 AskClientForCrossOriginCredentials, 55 DoNotAskClientForCrossOriginCredentials 56 }; 52 57 53 58 struct ResourceLoaderOptions { 54 ResourceLoaderOptions() : sendLoadCallbacks(DoNotSendCallbacks), sniffContent(DoNotSniffContent), shouldBufferData(BufferData), allowCredentials(DoNotAllowStoredCredentials) { } 55 ResourceLoaderOptions(SendCallbackPolicy sendLoadCallbacksArg, ContentSniffingPolicy sniffContentArg, DataBufferingPolicy shouldBufferDataArg, StoredCredentials allowCredentialsArg) : sendLoadCallbacks(sendLoadCallbacksArg), sniffContent(sniffContentArg), shouldBufferData(shouldBufferDataArg), allowCredentials(allowCredentialsArg) { } 59 ResourceLoaderOptions() : sendLoadCallbacks(DoNotSendCallbacks), sniffContent(DoNotSniffContent), shouldBufferData(BufferData), allowCredentials(DoNotAllowStoredCredentials), crossOriginCredentialPolicy(DoNotAskClientForCrossOriginCredentials) { } 60 ResourceLoaderOptions(SendCallbackPolicy sendLoadCallbacks, ContentSniffingPolicy sniffContent, DataBufferingPolicy shouldBufferData, StoredCredentials allowCredentials, ClientCrossOriginCredentialPolicy crossOriginCredentialPolicy) 61 : sendLoadCallbacks(sendLoadCallbacks) 62 , sniffContent(sniffContent) 63 , shouldBufferData(shouldBufferData) 64 , allowCredentials(allowCredentials) 65 , crossOriginCredentialPolicy(crossOriginCredentialPolicy) 66 { 67 } 56 68 SendCallbackPolicy sendLoadCallbacks; 57 69 ContentSniffingPolicy sniffContent; 58 70 DataBufferingPolicy shouldBufferData; 59 71 StoredCredentials allowCredentials; // Whether HTTP credentials and cookies are sent with the request. 72 ClientCrossOriginCredentialPolicy crossOriginCredentialPolicy; // Whether we will ask the client for credentials (if we allow credentials at all). 60 73 }; 61 74 -
trunk/Source/WebCore/loader/SubresourceLoader.cpp
r93923 r95768 235 235 } 236 236 237 void SubresourceLoader::didReceiveAuthenticationChallenge(const AuthenticationChallenge& challenge) 238 { 239 RefPtr<SubresourceLoader> protect(this); 240 241 ASSERT(handle()->hasAuthenticationChallenge()); 242 243 if (m_client) 244 m_client->didReceiveAuthenticationChallenge(this, challenge); 245 246 // The SubResourceLoaderClient may have cancelled this ResourceLoader in response to the challenge. 247 // If that's the case, don't call didReceiveAuthenticationChallenge. 248 if (reachedTerminalState()) 249 return; 250 251 // It may have also handled authentication on its own. 252 if (!handle()->hasAuthenticationChallenge()) 253 return; 254 255 ResourceLoader::didReceiveAuthenticationChallenge(challenge); 256 } 257 258 } 237 } -
trunk/Source/WebCore/loader/SubresourceLoader.h
r94466 r95768 57 57 virtual void didFinishLoading(double finishTime); 58 58 virtual void didFail(const ResourceError&); 59 virtual void didReceiveAuthenticationChallenge(const AuthenticationChallenge&);60 59 virtual void willCancel(const ResourceError&); 61 60 virtual void didCancel(const ResourceError&); -
trunk/Source/WebCore/loader/SubresourceLoaderClient.h
r94466 r95768 51 51 virtual void didFinishLoading(SubresourceLoader*, double /*finishTime*/) { } 52 52 virtual void didFail(SubresourceLoader*, const ResourceError&) { } 53 54 virtual void didReceiveAuthenticationChallenge(SubresourceLoader*, const AuthenticationChallenge&) { }55 53 56 54 #if PLATFORM(CHROMIUM) -
trunk/Source/WebCore/loader/cache/CachedResource.cpp
r94003 r95768 97 97 , m_type(type) 98 98 , m_status(Pending) 99 , m_options(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials )99 , m_options(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForCrossOriginCredentials) 100 100 #ifndef NDEBUG 101 101 , m_deleted(false) -
trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp
r95369 r95768 168 168 userSheet->setInCache(true); 169 169 170 userSheet->setResourceLoaderOptions(ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, BufferData, AllowStoredCredentials ));170 userSheet->setResourceLoaderOptions(ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForCrossOriginCredentials)); 171 171 userSheet->load(this, /*incremental*/ false, SkipSecurityCheck); 172 172 -
trunk/Source/WebCore/loader/cache/CachedResourceLoader.h
r95580 r95768 110 110 // FIXME: The default value for ResourceLoaderOptions will always be used currently. 111 111 // It is plumbed for http://bugs.webkit.org/show_bug.cgi?id=61225 . 112 CachedResource* requestResource(CachedResource::Type, ResourceRequest&, const String& charset, ResourceLoadPriority = ResourceLoadPriorityUnresolved, bool isPreload = false, const ResourceLoaderOptions& = ResourceLoaderOptions(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials ));112 CachedResource* requestResource(CachedResource::Type, ResourceRequest&, const String& charset, ResourceLoadPriority = ResourceLoadPriorityUnresolved, bool isPreload = false, const ResourceLoaderOptions& = ResourceLoaderOptions(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForCrossOriginCredentials)); 113 113 CachedResource* revalidateResource(CachedResource*, ResourceLoadPriority); 114 114 CachedResource* loadResource(CachedResource::Type, ResourceRequest&, const String& charset, ResourceLoadPriority, const ResourceLoaderOptions&); -
trunk/Source/WebCore/loader/icon/IconLoader.cpp
r88682 r95768 73 73 resourceRequest.setPriority(ResourceLoadPriorityLow); 74 74 75 RefPtr<SubresourceLoader> loader = resourceLoadScheduler()->scheduleSubresourceLoad(m_frame, this, resourceRequest );75 RefPtr<SubresourceLoader> loader = resourceLoadScheduler()->scheduleSubresourceLoad(m_frame, this, resourceRequest, ResourceLoadPriorityLow, DoSecurityCheck, ResourceLoaderOptions(SendCallbacks, SniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForCrossOriginCredentials)); 76 76 if (!loader) 77 77 LOG_ERROR("Failed to start load for icon at url %s", m_frame->loader()->icon()->url().string().ascii().data()); … … 125 125 } 126 126 127 void IconLoader::didReceiveAuthenticationChallenge(SubresourceLoader*, const AuthenticationChallenge&)128 {129 // We don't ever want to prompt for authentication just for a site icon, so130 // implement this method to cancel the resource load131 m_resourceLoader->cancel();132 }133 134 127 void IconLoader::didFinishLoading(SubresourceLoader* resourceLoader, double) 135 128 { -
trunk/Source/WebCore/loader/icon/IconLoader.h
r88682 r95768 55 55 virtual void didFail(SubresourceLoader*, const ResourceError&); 56 56 57 virtual void didReceiveAuthenticationChallenge(SubresourceLoader*, const AuthenticationChallenge&);58 59 57 void finishLoading(const KURL&, PassRefPtr<SharedBuffer> data); 60 58 void clearLoadingState();
Note: See TracChangeset
for help on using the changeset viewer.