Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(347)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/loader/PingLoader.cpp

Issue 314093002: Remove the setting of first party for cookies from addAdditionalRequestHeaders (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Fixed compilation error Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Source/core/loader/FrameFetchContext.cpp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2010 Google Inc. All rights reserved. 2 * Copyright (C) 2010 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
59 { 59 {
60 if (!frame->document()->securityOrigin()->canDisplay(url)) { 60 if (!frame->document()->securityOrigin()->canDisplay(url)) {
61 FrameLoader::reportLocalLoadFailed(frame, url.string()); 61 FrameLoader::reportLocalLoadFailed(frame, url.string());
62 return; 62 return;
63 } 63 }
64 64
65 ResourceRequest request(url); 65 ResourceRequest request(url);
66 request.setTargetType(ResourceRequest::TargetIsPing); 66 request.setTargetType(ResourceRequest::TargetIsPing);
67 request.setHTTPHeaderField("Cache-Control", "max-age=0"); 67 request.setHTTPHeaderField("Cache-Control", "max-age=0");
68 frame->loader().fetchContext().addAdditionalRequestHeaders(frame->document() , request, FetchSubresource); 68 frame->loader().fetchContext().addAdditionalRequestHeaders(frame->document() , request, FetchSubresource);
69 frame->loader().fetchContext().setFirstPartyForCookies(request);
69 70
70 FetchInitiatorInfo initiatorInfo; 71 FetchInitiatorInfo initiatorInfo;
71 initiatorInfo.name = FetchInitiatorTypeNames::ping; 72 initiatorInfo.name = FetchInitiatorTypeNames::ping;
72 PingLoader::start(frame, request, initiatorInfo); 73 PingLoader::start(frame, request, initiatorInfo);
73 } 74 }
74 75
75 // http://www.whatwg.org/specs/web-apps/current-work/multipage/links.html#hyperl ink-auditing 76 // http://www.whatwg.org/specs/web-apps/current-work/multipage/links.html#hyperl ink-auditing
76 void PingLoader::sendLinkAuditPing(LocalFrame* frame, const KURL& pingURL, const KURL& destinationURL) 77 void PingLoader::sendLinkAuditPing(LocalFrame* frame, const KURL& pingURL, const KURL& destinationURL)
77 { 78 {
78 ResourceRequest request(pingURL); 79 ResourceRequest request(pingURL);
79 request.setTargetType(ResourceRequest::TargetIsPing); 80 request.setTargetType(ResourceRequest::TargetIsPing);
80 request.setHTTPMethod("POST"); 81 request.setHTTPMethod("POST");
81 request.setHTTPContentType("text/ping"); 82 request.setHTTPContentType("text/ping");
82 request.setHTTPBody(FormData::create("PING")); 83 request.setHTTPBody(FormData::create("PING"));
83 request.setHTTPHeaderField("Cache-Control", "max-age=0"); 84 request.setHTTPHeaderField("Cache-Control", "max-age=0");
84 frame->loader().fetchContext().addAdditionalRequestHeaders(frame->document() , request, FetchSubresource); 85 frame->loader().fetchContext().addAdditionalRequestHeaders(frame->document() , request, FetchSubresource);
86 frame->loader().fetchContext().setFirstPartyForCookies(request);
85 87
86 RefPtr<SecurityOrigin> pingOrigin = SecurityOrigin::create(pingURL); 88 RefPtr<SecurityOrigin> pingOrigin = SecurityOrigin::create(pingURL);
87 // addAdditionalRequestHeaders() will have added a referrer for same origin requests, 89 // addAdditionalRequestHeaders() will have added a referrer for same origin requests,
88 // but the spec omits the referrer for same origin. 90 // but the spec omits the referrer for same origin.
89 if (frame->document()->securityOrigin()->isSameSchemeHostPort(pingOrigin.get ())) 91 if (frame->document()->securityOrigin()->isSameSchemeHostPort(pingOrigin.get ()))
90 request.clearHTTPReferrer(); 92 request.clearHTTPReferrer();
91 93
92 request.setHTTPHeaderField("Ping-To", AtomicString(destinationURL.string())) ; 94 request.setHTTPHeaderField("Ping-To", AtomicString(destinationURL.string())) ;
93 95
94 // Ping-From follows the same rules as the default referrer beahavior for su bresource requests. 96 // Ping-From follows the same rules as the default referrer beahavior for su bresource requests.
95 // FIXME: Should Ping-From obey ReferrerPolicy? 97 // FIXME: Should Ping-From obey ReferrerPolicy?
96 if (!SecurityPolicy::shouldHideReferrer(pingURL, frame->document()->url().st ring())) 98 if (!SecurityPolicy::shouldHideReferrer(pingURL, frame->document()->url().st ring()))
97 request.setHTTPHeaderField("Ping-From", AtomicString(frame->document()-> url().string())); 99 request.setHTTPHeaderField("Ping-From", AtomicString(frame->document()-> url().string()));
98 100
99 FetchInitiatorInfo initiatorInfo; 101 FetchInitiatorInfo initiatorInfo;
100 initiatorInfo.name = FetchInitiatorTypeNames::ping; 102 initiatorInfo.name = FetchInitiatorTypeNames::ping;
101 PingLoader::start(frame, request, initiatorInfo); 103 PingLoader::start(frame, request, initiatorInfo);
102 } 104 }
103 105
104 void PingLoader::sendViolationReport(LocalFrame* frame, const KURL& reportURL, P assRefPtr<FormData> report, ViolationReportType type) 106 void PingLoader::sendViolationReport(LocalFrame* frame, const KURL& reportURL, P assRefPtr<FormData> report, ViolationReportType type)
105 { 107 {
106 ResourceRequest request(reportURL); 108 ResourceRequest request(reportURL);
107 request.setTargetType(ResourceRequest::TargetIsSubresource); 109 request.setTargetType(ResourceRequest::TargetIsSubresource);
108 request.setHTTPMethod("POST"); 110 request.setHTTPMethod("POST");
109 request.setHTTPContentType(type == ContentSecurityPolicyViolationReport ? "a pplication/csp-report" : "application/json"); 111 request.setHTTPContentType(type == ContentSecurityPolicyViolationReport ? "a pplication/csp-report" : "application/json");
110 request.setHTTPBody(report); 112 request.setHTTPBody(report);
111 frame->loader().fetchContext().addAdditionalRequestHeaders(frame->document() , request, FetchSubresource); 113 frame->loader().fetchContext().addAdditionalRequestHeaders(frame->document() , request, FetchSubresource);
114 frame->loader().fetchContext().setFirstPartyForCookies(request);
112 115
113 FetchInitiatorInfo initiatorInfo; 116 FetchInitiatorInfo initiatorInfo;
114 initiatorInfo.name = FetchInitiatorTypeNames::violationreport; 117 initiatorInfo.name = FetchInitiatorTypeNames::violationreport;
115 PingLoader::start(frame, request, initiatorInfo, SecurityOrigin::create(repo rtURL)->isSameSchemeHostPort(frame->document()->securityOrigin()) ? AllowStoredC redentials : DoNotAllowStoredCredentials); 118 PingLoader::start(frame, request, initiatorInfo, SecurityOrigin::create(repo rtURL)->isSameSchemeHostPort(frame->document()->securityOrigin()) ? AllowStoredC redentials : DoNotAllowStoredCredentials);
116 } 119 }
117 120
118 void PingLoader::start(LocalFrame* frame, ResourceRequest& request, const FetchI nitiatorInfo& initiatorInfo, StoredCredentials credentialsAllowed) 121 void PingLoader::start(LocalFrame* frame, ResourceRequest& request, const FetchI nitiatorInfo& initiatorInfo, StoredCredentials credentialsAllowed)
119 { 122 {
120 OwnPtr<PingLoader> pingLoader = adoptPtr(new PingLoader(frame, request, init iatorInfo, credentialsAllowed)); 123 OwnPtr<PingLoader> pingLoader = adoptPtr(new PingLoader(frame, request, init iatorInfo, credentialsAllowed));
121 124
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after
197 { 200 {
198 if (Page* page = this->page()) { 201 if (Page* page = this->page()) {
199 TRACE_EVENT_INSTANT1(TRACE_DISABLED_BY_DEFAULT("devtools.timeline"), "Re sourceFinish", "data", InspectorResourceFinishEvent::data(m_identifier, 0, true) ); 202 TRACE_EVENT_INSTANT1(TRACE_DISABLED_BY_DEFAULT("devtools.timeline"), "Re sourceFinish", "data", InspectorResourceFinishEvent::data(m_identifier, 0, true) );
200 // FIXME(361045): remove InspectorInstrumentation calls once DevTools Ti meline migrates to tracing. 203 // FIXME(361045): remove InspectorInstrumentation calls once DevTools Ti meline migrates to tracing.
201 InspectorInstrumentation::didFailLoading(page->mainFrame(), m_identifier , ResourceError::cancelledError(m_url)); 204 InspectorInstrumentation::didFailLoading(page->mainFrame(), m_identifier , ResourceError::cancelledError(m_url));
202 } 205 }
203 delete this; 206 delete this;
204 } 207 }
205 208
206 } 209 }
OLDNEW
« no previous file with comments | « Source/core/loader/FrameFetchContext.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698