Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(483)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/xml/XMLHttpRequest.cpp

Issue 23283009: Convert SecurityError exceptions to 'es.throwSecurityError()'. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 7 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« LayoutTests/http/tests/workers/resources/worker-redirect.js ('K') | « Source/core/workers/SharedWorker.cpp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2004, 2006, 2008 Apple Inc. All rights reserved. 2 * Copyright (C) 2004, 2006, 2008 Apple Inc. All rights reserved.
3 * Copyright (C) 2005-2007 Alexey Proskuryakov <ap@webkit.org> 3 * Copyright (C) 2005-2007 Alexey Proskuryakov <ap@webkit.org>
4 * Copyright (C) 2007, 2008 Julien Chaffraix <jchaffraix@webkit.org> 4 * Copyright (C) 2007, 2008 Julien Chaffraix <jchaffraix@webkit.org>
5 * Copyright (C) 2008, 2011 Google Inc. All rights reserved. 5 * Copyright (C) 2008, 2011 Google Inc. All rights reserved.
6 * Copyright (C) 2012 Intel Corporation 6 * Copyright (C) 2012 Intel Corporation
7 * 7 *
8 * This library is free software; you can redistribute it and/or 8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public 9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either 10 * License as published by the Free Software Foundation; either
(...skipping 444 matching lines...) Expand 10 before | Expand all | Expand 10 after
455 clearRequest(); 455 clearRequest();
456 456
457 ASSERT(m_state == UNSENT); 457 ASSERT(m_state == UNSENT);
458 458
459 if (!isValidHTTPToken(method)) { 459 if (!isValidHTTPToken(method)) {
460 es.throwDOMException(SyntaxError, ExceptionMessages::failedToExecute("op en", "XMLHttpRequest", "'" + method + "' is not a valid HTTP method.")); 460 es.throwDOMException(SyntaxError, ExceptionMessages::failedToExecute("op en", "XMLHttpRequest", "'" + method + "' is not a valid HTTP method."));
461 return; 461 return;
462 } 462 }
463 463
464 if (!isAllowedHTTPMethod(method)) { 464 if (!isAllowedHTTPMethod(method)) {
465 es.throwDOMException(SecurityError, ExceptionMessages::failedToExecute(" open", "XMLHttpRequest", "'" + method + "' HTTP method is unsupported.")); 465 es.throwSecurityError(ExceptionMessages::failedToExecute("open", "XMLHtt pRequest", "'" + method + "' HTTP method is unsupported."));
466 return; 466 return;
467 } 467 }
468 468
469 if (!ContentSecurityPolicy::shouldBypassMainWorld(scriptExecutionContext()) && !scriptExecutionContext()->contentSecurityPolicy()->allowConnectToSource(url) ) { 469 if (!ContentSecurityPolicy::shouldBypassMainWorld(scriptExecutionContext()) && !scriptExecutionContext()->contentSecurityPolicy()->allowConnectToSource(url) ) {
470 es.throwDOMException(SecurityError, "Refused to connect to '" + url.elid edString() + "' because it violates the document's Content Security Policy."); 470 // We can safely expose the URL to JavaScript, as these checks happen sy nchronously before redirection. JavaScript receives no new information.
471 es.throwSecurityError("Refused to connect to '" + url.elidedString() + " ' because it violates the document's Content Security Policy.");
471 return; 472 return;
472 } 473 }
473 474
474 if (!async && scriptExecutionContext()->isDocument()) { 475 if (!async && scriptExecutionContext()->isDocument()) {
475 if (document()->settings() && !document()->settings()->syncXHRInDocument sEnabled()) { 476 if (document()->settings() && !document()->settings()->syncXHRInDocument sEnabled()) {
476 es.throwDOMException(InvalidAccessError, ExceptionMessages::failedTo Execute("open", "XMLHttpRequest", "synchronous requests are disabled for this pa ge.")); 477 es.throwDOMException(InvalidAccessError, ExceptionMessages::failedTo Execute("open", "XMLHttpRequest", "synchronous requests are disabled for this pa ge."));
477 return; 478 return;
478 } 479 }
479 480
480 // Newer functionality is not available to synchronous requests in windo w contexts, as a spec-mandated 481 // Newer functionality is not available to synchronous requests in windo w contexts, as a spec-mandated
(...skipping 755 matching lines...) Expand 10 before | Expand all | Expand 10 after
1236 { 1237 {
1237 return eventNames().interfaceForXMLHttpRequest; 1238 return eventNames().interfaceForXMLHttpRequest;
1238 } 1239 }
1239 1240
1240 ScriptExecutionContext* XMLHttpRequest::scriptExecutionContext() const 1241 ScriptExecutionContext* XMLHttpRequest::scriptExecutionContext() const
1241 { 1242 {
1242 return ActiveDOMObject::scriptExecutionContext(); 1243 return ActiveDOMObject::scriptExecutionContext();
1243 } 1244 }
1244 1245
1245 } // namespace WebCore 1246 } // namespace WebCore
OLDNEW
« LayoutTests/http/tests/workers/resources/worker-redirect.js ('K') | « Source/core/workers/SharedWorker.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698