Changeset 95768 in webkit


Ignore:
Timestamp:
Sep 22, 2011 6:12:38 PM (13 years ago)
Author:
Nate Chapin
Message:

Remove didReceiveAuthenticationChallenge() from SubresourceLoaderClient.
Instead, add a load-specific policy for showing the user authentication
challenge down to ResourceLoaderOptions and enforce it in ResourceLoader.
https://bugs.webkit.org/show_bug.cgi?id=65330

Reviewed by Alexey Proskuryakov.

No new tests, refactor only.

  • loader/DocumentThreadableLoader.cpp:
  • loader/DocumentThreadableLoader.h:
  • loader/MainResourceLoader.cpp:
  • loader/NetscapePlugInStreamLoader.cpp:
  • loader/ResourceLoadScheduler.h:
  • loader/ResourceLoader.cpp:

(WebCore::ResourceLoader::didReceiveAuthenticationChallenge):

For resource types that always send a challenge to the embedder,
this patch doesn't change anything. For those that don't, we will
always try to continue without credentials when they are forbidden
and the platform supports it.
When continuing without credentials was initially implemented in
DocumentThreadableLoader, we sent the ThreadableLoaderClient a didFail(),
then canceled the SubresourceLoader. This was necessary because of the
quirks of ThreadableLoader cancellation (we sever the client/loader connections
before the load actually cancels), but a simple didFail() should suffice at
the ResourceLoader layer.

  • loader/ResourceLoaderOptions.h:
  • loader/SubresourceLoader.cpp:
  • loader/SubresourceLoader.h:
  • loader/SubresourceLoaderClient.h:
  • loader/cache/CachedResource.cpp:
  • loader/cache/CachedResourceLoader.cpp:
  • loader/cache/CachedResourceLoader.h:
  • loader/icon/IconLoader.cpp: The ResourceLoader implementation of

didReceiveAuthenticationChallege means that IconLoader will now
try to continue with credentials on platforms that support it,
rather than just canceling outright. We still will never prompt
for authentication for icons.

  • loader/icon/IconLoader.h:
Location:
trunk/Source/WebCore
Files:
16 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r95766 r95768  
     12011-09-22  Nate Chapin  <japhet@chromium.org>
     2
     3        Remove didReceiveAuthenticationChallenge() from SubresourceLoaderClient.
     4        Instead, add a load-specific policy for showing the user authentication
     5        challenge down to ResourceLoaderOptions and enforce it in ResourceLoader.
     6        https://bugs.webkit.org/show_bug.cgi?id=65330
     7
     8        Reviewed by Alexey Proskuryakov.
     9
     10        No new tests, refactor only.
     11
     12        * loader/DocumentThreadableLoader.cpp:
     13        * loader/DocumentThreadableLoader.h:
     14        * loader/MainResourceLoader.cpp:
     15        * loader/NetscapePlugInStreamLoader.cpp:
     16        * loader/ResourceLoadScheduler.h:
     17        * loader/ResourceLoader.cpp:
     18        (WebCore::ResourceLoader::didReceiveAuthenticationChallenge):
     19           For resource types that always send a challenge to the embedder,
     20           this patch doesn't change anything. For those that don't, we will
     21           always try to continue without credentials when they are forbidden
     22           and the platform supports it.
     23           When continuing without credentials was initially implemented in
     24           DocumentThreadableLoader, we sent the ThreadableLoaderClient a didFail(),
     25           then canceled the SubresourceLoader. This was necessary because of the
     26           quirks of ThreadableLoader cancellation (we sever the client/loader connections
     27           before the load actually cancels), but a simple didFail() should suffice at
     28           the ResourceLoader layer.
     29        * loader/ResourceLoaderOptions.h:
     30        * loader/SubresourceLoader.cpp:
     31        * loader/SubresourceLoader.h:
     32        * loader/SubresourceLoaderClient.h:
     33        * loader/cache/CachedResource.cpp:
     34        * loader/cache/CachedResourceLoader.cpp:
     35        * loader/cache/CachedResourceLoader.h:
     36        * loader/icon/IconLoader.cpp: The ResourceLoader implementation of
     37            didReceiveAuthenticationChallege means that IconLoader will now
     38            try to continue with credentials on platforms that support it,
     39            rather than just canceling outright. We still will never prompt
     40            for authentication for icons.
     41        * loader/icon/IconLoader.h:
     42
    1432011-09-22  Dean Jackson  <dino@apple.com>
    244

  • trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp

    r93923 r95768  
    289289}
    290290
    291 void DocumentThreadableLoader::didReceiveAuthenticationChallenge(SubresourceLoader* loader, const AuthenticationChallenge& challenge)
    292 {
    293     ASSERT(loader == m_loader);
    294     // Users are not prompted for credentials for cross-origin requests.
    295     if (!m_sameOriginRequest) {
    296 #if PLATFORM(MAC) || USE(CFNETWORK) || USE(CURL)
    297         loader->handle()->receivedRequestToContinueWithoutCredential(challenge);
    298 #else
    299         // These platforms don't provide a way to continue without credentials, cancel the load altogether.
    300         UNUSED_PARAM(challenge);
    301         RefPtr<DocumentThreadableLoader> protect(this);
    302         m_client->didFail(loader->blockedError());
    303         cancel();
    304 #endif
    305     }
    306 }
    307 
    308291void DocumentThreadableLoader::preflightSuccess()
    309292{
     
    332315    if (m_async) {
    333316        ThreadableLoaderOptions options = m_options;
     317        options.crossOriginCredentialPolicy = DoNotAskClientForCrossOriginCredentials;
    334318        if (m_actualRequest) {
    335319            // Don't sniff content or send load callbacks for the preflight request.

  • trunk/Source/WebCore/loader/DocumentThreadableLoader.h

    r94466 r95768  
    8383        virtual void didFail(SubresourceLoader*, const ResourceError&);
    8484
    85         virtual void didReceiveAuthenticationChallenge(SubresourceLoader*, const AuthenticationChallenge&);
    86 
    8785#if PLATFORM(CHROMIUM)
    8886        virtual void didDownloadData(SubresourceLoader*, int dataLength);

  • trunk/Source/WebCore/loader/MainResourceLoader.cpp

    r93923 r95768  
    6161
    6262MainResourceLoader::MainResourceLoader(Frame* frame)
    63     : ResourceLoader(frame, ResourceLoaderOptions(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials))
     63    : ResourceLoader(frame, ResourceLoaderOptions(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForCrossOriginCredentials))
    6464    , m_dataLoadTimer(this, &MainResourceLoader::handleDataLoadNow)
    6565    , m_loadingMultipartContent(false)

  • trunk/Source/WebCore/loader/NetscapePlugInStreamLoader.cpp

    r93923 r95768  
    3737
    3838NetscapePlugInStreamLoader::NetscapePlugInStreamLoader(Frame* frame, NetscapePlugInStreamLoaderClient* client)
    39     : ResourceLoader(frame, ResourceLoaderOptions(SendCallbacks, SniffContent, DoNotBufferData, AllowStoredCredentials))
     39    : ResourceLoader(frame, ResourceLoaderOptions(SendCallbacks, SniffContent, DoNotBufferData, AllowStoredCredentials, AskClientForCrossOriginCredentials))
    4040    , m_client(client)
    4141{

  • trunk/Source/WebCore/loader/ResourceLoadScheduler.h

    r93923 r95768  
    5252    friend ResourceLoadScheduler* resourceLoadScheduler();
    5353
    54     PassRefPtr<SubresourceLoader> scheduleSubresourceLoad(Frame*, SubresourceLoaderClient*, const ResourceRequest&, ResourceLoadPriority = ResourceLoadPriorityLow, SecurityCheckPolicy = DoSecurityCheck, const ResourceLoaderOptions& = ResourceLoaderOptions(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials));
     54    PassRefPtr<SubresourceLoader> scheduleSubresourceLoad(Frame*, SubresourceLoaderClient*, const ResourceRequest&, ResourceLoadPriority, SecurityCheckPolicy, const ResourceLoaderOptions&);
    5555    PassRefPtr<NetscapePlugInStreamLoader> schedulePluginStreamLoad(Frame*, NetscapePlugInStreamLoaderClient*, const ResourceRequest&);
    5656    void addMainResourceLoad(ResourceLoader*);

  • trunk/Source/WebCore/loader/ResourceLoader.cpp

    r95120 r95768  
    4343#include "ResourceHandle.h"
    4444#include "ResourceLoadScheduler.h"
     45#include "SecurityOrigin.h"
    4546#include "Settings.h"
    4647#include "SharedBuffer.h"
     
    516517void ResourceLoader::didReceiveAuthenticationChallenge(const AuthenticationChallenge& challenge)
    517518{
     519    ASSERT(handle()->hasAuthenticationChallenge());
    518520    // Protect this in this delegate method since the additional processing can do
    519521    // anything including possibly derefing this; one example of this is Radar 3266216.
    520522    RefPtr<ResourceLoader> protector(this);
    521     frameLoader()->notifier()->didReceiveAuthenticationChallenge(this, challenge);
     523
     524    if (m_options.allowCredentials == AllowStoredCredentials) {
     525        if (m_options.crossOriginCredentialPolicy == AskClientForCrossOriginCredentials || m_frame->document()->securityOrigin()->canRequest(originalRequest().url())) {
     526            frameLoader()->notifier()->didReceiveAuthenticationChallenge(this, challenge);
     527            return;
     528        }
     529    }
     530    // Only these platforms provide a way to continue without credentials.
     531    // If we can't continue with credentials, we need to cancel the load altogether.
     532#if PLATFORM(MAC) || USE(CFNETWORK) || USE(CURL)
     533    handle()->receivedRequestToContinueWithoutCredential(challenge);
     534    ASSERT(!handle()->hasAuthenticationChallenge());
     535#else
     536    didFail(blockedError());
     537#endif
    522538}
    523539

  • trunk/Source/WebCore/loader/ResourceLoaderOptions.h

    r93923 r95768  
    5050    DoNotBufferData
    5151};
     52   
     53enum ClientCrossOriginCredentialPolicy {
     54    AskClientForCrossOriginCredentials,
     55    DoNotAskClientForCrossOriginCredentials
     56};
    5257
    5358struct ResourceLoaderOptions {
    54     ResourceLoaderOptions() : sendLoadCallbacks(DoNotSendCallbacks), sniffContent(DoNotSniffContent), shouldBufferData(BufferData), allowCredentials(DoNotAllowStoredCredentials) { }
    55     ResourceLoaderOptions(SendCallbackPolicy sendLoadCallbacksArg, ContentSniffingPolicy sniffContentArg, DataBufferingPolicy shouldBufferDataArg, StoredCredentials allowCredentialsArg) : sendLoadCallbacks(sendLoadCallbacksArg), sniffContent(sniffContentArg), shouldBufferData(shouldBufferDataArg), allowCredentials(allowCredentialsArg) { }
     59    ResourceLoaderOptions() : sendLoadCallbacks(DoNotSendCallbacks), sniffContent(DoNotSniffContent), shouldBufferData(BufferData), allowCredentials(DoNotAllowStoredCredentials), crossOriginCredentialPolicy(DoNotAskClientForCrossOriginCredentials) { }
     60    ResourceLoaderOptions(SendCallbackPolicy sendLoadCallbacks, ContentSniffingPolicy sniffContent, DataBufferingPolicy shouldBufferData, StoredCredentials allowCredentials, ClientCrossOriginCredentialPolicy crossOriginCredentialPolicy)
     61        : sendLoadCallbacks(sendLoadCallbacks)
     62        , sniffContent(sniffContent)
     63        , shouldBufferData(shouldBufferData)
     64        , allowCredentials(allowCredentials)
     65        , crossOriginCredentialPolicy(crossOriginCredentialPolicy)
     66    {
     67    }
    5668    SendCallbackPolicy sendLoadCallbacks;
    5769    ContentSniffingPolicy sniffContent;
    5870    DataBufferingPolicy shouldBufferData;
    5971    StoredCredentials allowCredentials; // Whether HTTP credentials and cookies are sent with the request.
     72    ClientCrossOriginCredentialPolicy crossOriginCredentialPolicy; // Whether we will ask the client for credentials (if we allow credentials at all).
    6073};
    6174

  • trunk/Source/WebCore/loader/SubresourceLoader.cpp

    r93923 r95768  
    235235}
    236236
    237 void SubresourceLoader::didReceiveAuthenticationChallenge(const AuthenticationChallenge& challenge)
    238 {
    239     RefPtr<SubresourceLoader> protect(this);
    240 
    241     ASSERT(handle()->hasAuthenticationChallenge());
    242 
    243     if (m_client)
    244         m_client->didReceiveAuthenticationChallenge(this, challenge);
    245    
    246     // The SubResourceLoaderClient may have cancelled this ResourceLoader in response to the challenge. 
    247     // If that's the case, don't call didReceiveAuthenticationChallenge.
    248     if (reachedTerminalState())
    249         return;
    250 
    251     // It may have also handled authentication on its own.
    252     if (!handle()->hasAuthenticationChallenge())
    253         return;
    254 
    255     ResourceLoader::didReceiveAuthenticationChallenge(challenge);
    256 }
    257 
    258 }
     237}

  • trunk/Source/WebCore/loader/SubresourceLoader.h

    r94466 r95768  
    5757        virtual void didFinishLoading(double finishTime);
    5858        virtual void didFail(const ResourceError&);
    59         virtual void didReceiveAuthenticationChallenge(const AuthenticationChallenge&);
    6059        virtual void willCancel(const ResourceError&);
    6160        virtual void didCancel(const ResourceError&);

  • trunk/Source/WebCore/loader/SubresourceLoaderClient.h

    r94466 r95768  
    5151    virtual void didFinishLoading(SubresourceLoader*, double /*finishTime*/) { }
    5252    virtual void didFail(SubresourceLoader*, const ResourceError&) { }
    53    
    54     virtual void didReceiveAuthenticationChallenge(SubresourceLoader*, const AuthenticationChallenge&) { }
    5553
    5654#if PLATFORM(CHROMIUM)

  • trunk/Source/WebCore/loader/cache/CachedResource.cpp

    r94003 r95768  
    9797    , m_type(type)
    9898    , m_status(Pending)
    99     , m_options(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials)
     99    , m_options(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForCrossOriginCredentials)
    100100#ifndef NDEBUG
    101101    , m_deleted(false)

  • trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp

    r95369 r95768  
    168168        userSheet->setInCache(true);
    169169
    170     userSheet->setResourceLoaderOptions(ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, BufferData, AllowStoredCredentials));
     170    userSheet->setResourceLoaderOptions(ResourceLoaderOptions(DoNotSendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForCrossOriginCredentials));
    171171    userSheet->load(this, /*incremental*/ false, SkipSecurityCheck);
    172172

  • trunk/Source/WebCore/loader/cache/CachedResourceLoader.h

    r95580 r95768  
    110110    // FIXME: The default value for ResourceLoaderOptions will always be used currently.
    111111    // It is plumbed for http://bugs.webkit.org/show_bug.cgi?id=61225 .
    112     CachedResource* requestResource(CachedResource::Type, ResourceRequest&, const String& charset, ResourceLoadPriority = ResourceLoadPriorityUnresolved, bool isPreload = false, const ResourceLoaderOptions& = ResourceLoaderOptions(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials));
     112    CachedResource* requestResource(CachedResource::Type, ResourceRequest&, const String& charset, ResourceLoadPriority = ResourceLoadPriorityUnresolved, bool isPreload = false, const ResourceLoaderOptions& = ResourceLoaderOptions(SendCallbacks, SniffContent, BufferData, AllowStoredCredentials, AskClientForCrossOriginCredentials));
    113113    CachedResource* revalidateResource(CachedResource*, ResourceLoadPriority);
    114114    CachedResource* loadResource(CachedResource::Type, ResourceRequest&, const String& charset, ResourceLoadPriority, const ResourceLoaderOptions&);

  • trunk/Source/WebCore/loader/icon/IconLoader.cpp

    r88682 r95768  
    7373    resourceRequest.setPriority(ResourceLoadPriorityLow);
    7474
    75     RefPtr<SubresourceLoader> loader = resourceLoadScheduler()->scheduleSubresourceLoad(m_frame, this, resourceRequest);
     75    RefPtr<SubresourceLoader> loader = resourceLoadScheduler()->scheduleSubresourceLoad(m_frame, this, resourceRequest, ResourceLoadPriorityLow, DoSecurityCheck, ResourceLoaderOptions(SendCallbacks, SniffContent, BufferData, DoNotAllowStoredCredentials, DoNotAskClientForCrossOriginCredentials));
    7676    if (!loader)
    7777        LOG_ERROR("Failed to start load for icon at url %s", m_frame->loader()->icon()->url().string().ascii().data());
     
    125125}
    126126
    127 void IconLoader::didReceiveAuthenticationChallenge(SubresourceLoader*, const AuthenticationChallenge&)
    128 {
    129     // We don't ever want to prompt for authentication just for a site icon, so
    130     // implement this method to cancel the resource load
    131     m_resourceLoader->cancel();
    132 }
    133 
    134127void IconLoader::didFinishLoading(SubresourceLoader* resourceLoader, double)
    135128{

  • trunk/Source/WebCore/loader/icon/IconLoader.h

    r88682 r95768  
    5555    virtual void didFail(SubresourceLoader*, const ResourceError&);
    5656
    57     virtual void didReceiveAuthenticationChallenge(SubresourceLoader*, const AuthenticationChallenge&);
    58 
    5957    void finishLoading(const KURL&, PassRefPtr<SharedBuffer> data);
    6058    void clearLoadingState();
Note: See TracChangeset for help on using the changeset viewer.