Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1606)

Side by Side Diff: third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp

Issue 1454003003: [CSP] Don't check the path component of the URL when the response was fetched via ServiceWorker. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 /* 1 /*
2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) 2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de)
3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) 3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org)
4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) 4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org)
5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved. 5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved.
6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ 6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/
7 7
8 This library is free software; you can redistribute it and/or 8 This library is free software; you can redistribute it and/or
9 modify it under the terms of the GNU Library General Public 9 modify it under the terms of the GNU Library General Public
10 License as published by the Free Software Foundation; either 10 License as published by the Free Software Foundation; either
(...skipping 914 matching lines...) Expand 10 before | Expand all | Expand 10 after
925 } 925 }
926 926
927 void ResourceFetcher::willSendRequest(unsigned long identifier, ResourceRequest& request, const ResourceResponse& redirectResponse, const FetchInitiatorInfo& in itiatorInfo) 927 void ResourceFetcher::willSendRequest(unsigned long identifier, ResourceRequest& request, const ResourceResponse& redirectResponse, const FetchInitiatorInfo& in itiatorInfo)
928 { 928 {
929 context().dispatchWillSendRequest(identifier, request, redirectResponse, ini tiatorInfo); 929 context().dispatchWillSendRequest(identifier, request, redirectResponse, ini tiatorInfo);
930 } 930 }
931 931
932 void ResourceFetcher::didReceiveResponse(const Resource* resource, const Resourc eResponse& response) 932 void ResourceFetcher::didReceiveResponse(const Resource* resource, const Resourc eResponse& response)
933 { 933 {
934 // If the response is fetched via ServiceWorker, the original URL of the res ponse could be different from the URL of the request. 934 // If the response is fetched via ServiceWorker, the original URL of the res ponse could be different from the URL of the request.
935 // We check the URL not to load the resources which are forbidden by the pag e CSP. This behavior is not specified in the CSP specification yet. 935 // We check the URL not to load the resources which are forbidden by the pag e CSP.
936 // FIXME(mkwst): Fix this behavior when the CSP docs are updated. 936 // https://w3c.github.io/webappsec-csp/#should-block-response
937 if (response.wasFetchedViaServiceWorker()) { 937 if (response.wasFetchedViaServiceWorker()) {
938 const KURL& originalURL = response.originalURLViaServiceWorker(); 938 const KURL& originalURL = response.originalURLViaServiceWorker();
939 if (!originalURL.isEmpty() && !context().canRequest(resource->type(), re source->resourceRequest(), originalURL, resource->options(), false, FetchRequest ::UseDefaultOriginRestrictionForType)) { 939 if (!originalURL.isEmpty() && !context().allowResponse(resource->type(), resource->resourceRequest(), originalURL, resource->options())) {
940 resource->loader()->cancel(); 940 resource->loader()->cancel();
941 bool isInternalRequest = resource->options().initiatorInfo.name == F etchInitiatorTypeNames::internal; 941 bool isInternalRequest = resource->options().initiatorInfo.name == F etchInitiatorTypeNames::internal;
942 context().dispatchDidFail(resource->identifier(), ResourceError(erro rDomainBlinkInternal, 0, originalURL.string(), "Unsafe attempt to load URL " + o riginalURL.elidedString() + " fetched by a ServiceWorker."), isInternalRequest); 942 context().dispatchDidFail(resource->identifier(), ResourceError(erro rDomainBlinkInternal, 0, originalURL.string(), "Unsafe attempt to load URL " + o riginalURL.elidedString() + " fetched by a ServiceWorker."), isInternalRequest);
943 return; 943 return;
944 } 944 }
945 } 945 }
946 context().dispatchDidReceiveResponse(resource->identifier(), response, resou rce->loader()); 946 context().dispatchDidReceiveResponse(resource->identifier(), response, resou rce->loader());
947 } 947 }
948 948
949 void ResourceFetcher::didReceiveData(const Resource* resource, const char* data, int dataLength, int encodedDataLength) 949 void ResourceFetcher::didReceiveData(const Resource* resource, const char* data, int dataLength, int encodedDataLength)
(...skipping 227 matching lines...) Expand 10 before | Expand all | Expand 10 after
1177 visitor->trace(m_archiveResourceCollection); 1177 visitor->trace(m_archiveResourceCollection);
1178 visitor->trace(m_loaders); 1178 visitor->trace(m_loaders);
1179 visitor->trace(m_nonBlockingLoaders); 1179 visitor->trace(m_nonBlockingLoaders);
1180 #if ENABLE(OILPAN) 1180 #if ENABLE(OILPAN)
1181 visitor->trace(m_preloads); 1181 visitor->trace(m_preloads);
1182 visitor->trace(m_resourceTimingInfoMap); 1182 visitor->trace(m_resourceTimingInfoMap);
1183 #endif 1183 #endif
1184 } 1184 }
1185 1185
1186 } 1186 }
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698