void DocumentThreadableLoader::didReceiveResponse(SubresourceLoader* loader, const ResourceResponse& response)
{
ASSERT(m_client);
ASSERT_UNUSED(loader, loader == m_loader);
if (m_actualRequest) {
if (!passesAccessControlCheck(response, m_options.allowCredentials, m_document->securityOrigin())) {
preflightFailure();
return;
}
OwnPtr<CrossOriginPreflightResultCacheItem> preflightResult(new CrossOriginPreflightResultCacheItem(m_options.allowCredentials));
if (!preflightResult->parse(response)
|| !preflightResult->allowsCrossOriginMethod(m_actualRequest->httpMethod())
|| !preflightResult->allowsCrossOriginHeaders(m_actualRequest->httpHeaderFields())) {
preflightFailure();
return;
}
CrossOriginPreflightResultCache::shared().appendEntry(m_document->securityOrigin()->toString(), m_actualRequest->url(), preflightResult.release());
} else {
if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessControl) {
if (!passesAccessControlCheck(response, m_options.allowCredentials, m_document->securityOrigin())) {
m_client->didFail(ResourceError());
return;
}
}
m_client->didReceiveResponse(response);
}
}
void DocumentThreadableLoader::didReceiveResponse(unsigned long identifier, const ResourceResponse& response)
{
ASSERT(m_client);
String accessControlErrorDescription;
if (m_actualRequest) {
// Notifying the inspector here is necessary because a call to preflightFailure() might synchronously
// cause the underlying ResourceLoader to be cancelled before it tells the inspector about the response.
// In that case, if we don't tell the inspector about the response now, the resource type in the inspector
// will default to "other" instead of something more descriptive.
DocumentLoader* loader = m_document->frame()->loader().documentLoader();
InspectorInstrumentation::didReceiveResourceResponse(m_document->frame(), identifier, loader, response, resource() ? resource()->loader() : 0);
if (!passesAccessControlCheck(response, m_options.allowCredentials, securityOrigin(), accessControlErrorDescription)) {
preflightFailure(response.url().string(), accessControlErrorDescription);
return;
}
if (!passesPreflightStatusCheck(response, accessControlErrorDescription)) {
preflightFailure(response.url().string(), accessControlErrorDescription);
return;
}
OwnPtr<CrossOriginPreflightResultCacheItem> preflightResult = adoptPtr(new CrossOriginPreflightResultCacheItem(m_options.allowCredentials));
if (!preflightResult->parse(response, accessControlErrorDescription)
|| !preflightResult->allowsCrossOriginMethod(m_actualRequest->httpMethod(), accessControlErrorDescription)
|| !preflightResult->allowsCrossOriginHeaders(m_actualRequest->httpHeaderFields(), accessControlErrorDescription)) {
preflightFailure(response.url().string(), accessControlErrorDescription);
return;
}
CrossOriginPreflightResultCache::shared().appendEntry(securityOrigin()->toString(), m_actualRequest->url(), preflightResult.release());
} else {
if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessControl) {
if (!passesAccessControlCheck(response, m_options.allowCredentials, securityOrigin(), accessControlErrorDescription)) {
m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkInternal, 0, response.url().string(), accessControlErrorDescription));
return;
}
}
m_client->didReceiveResponse(identifier, response);
}
}
void DocumentThreadableLoader::didReceiveResponse(unsigned long identifier, const ResourceResponse& response)
{
ASSERT(m_client);
#if ENABLE(INSPECTOR)
if (m_preflightRequestIdentifier) {
DocumentLoader* loader = m_document->frame()->loader()->documentLoader();
InspectorInstrumentationCookie cookie = InspectorInstrumentation::willReceiveResourceResponse(m_document->frame(), m_preflightRequestIdentifier, response);
InspectorInstrumentation::didReceiveResourceResponse(cookie, m_preflightRequestIdentifier, loader, response, 0);
}
#endif
String accessControlErrorDescription;
if (m_actualRequest) {
if (!passesAccessControlCheck(response, m_options.allowCredentials, securityOrigin(), accessControlErrorDescription)) {
preflightFailure(response.url(), accessControlErrorDescription);
return;
}
OwnPtr<CrossOriginPreflightResultCacheItem> preflightResult = adoptPtr(new CrossOriginPreflightResultCacheItem(m_options.allowCredentials));
if (!preflightResult->parse(response, accessControlErrorDescription)
|| !preflightResult->allowsCrossOriginMethod(m_actualRequest->httpMethod(), accessControlErrorDescription)
|| !preflightResult->allowsCrossOriginHeaders(m_actualRequest->httpHeaderFields(), accessControlErrorDescription)) {
preflightFailure(response.url(), accessControlErrorDescription);
return;
}
CrossOriginPreflightResultCache::shared().appendEntry(securityOrigin()->toString(), m_actualRequest->url(), preflightResult.release());
} else {
if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessControl) {
if (!passesAccessControlCheck(response, m_options.allowCredentials, securityOrigin(), accessControlErrorDescription)) {
m_client->didFail(ResourceError(errorDomainWebKitInternal, 0, response.url().string(), accessControlErrorDescription));
return;
}
}
m_client->didReceiveResponse(identifier, response);
}
}
void DocumentThreadableLoader::didReceiveResponse(unsigned long identifier, const ResourceResponse& response)
{
ASSERT(m_client);
String accessControlErrorDescription;
if (m_actualRequest) {
DocumentLoader* loader = m_document.frame()->loader().documentLoader();
InspectorInstrumentationCookie cookie = InspectorInstrumentation::willReceiveResourceResponse(m_document.frame());
InspectorInstrumentation::didReceiveResourceResponse(cookie, identifier, loader, response, 0);
if (!passesAccessControlCheck(response, m_options.allowCredentials(), securityOrigin(), accessControlErrorDescription)) {
preflightFailure(identifier, response.url(), accessControlErrorDescription);
return;
}
StoredCredentials allowCredentials = m_options.allowCredentials();
auto preflightResult = std::make_unique<CrossOriginPreflightResultCacheItem>(allowCredentials);
if (!preflightResult->parse(response, accessControlErrorDescription)
|| !preflightResult->allowsCrossOriginMethod(m_actualRequest->httpMethod(), accessControlErrorDescription)
|| !preflightResult->allowsCrossOriginHeaders(m_actualRequest->httpHeaderFields(), accessControlErrorDescription)) {
preflightFailure(identifier, response.url(), accessControlErrorDescription);
return;
}
CrossOriginPreflightResultCache::singleton().appendEntry(securityOrigin()->toString(), m_actualRequest->url(), WTFMove(preflightResult));
} else {
if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessControl) {
if (!passesAccessControlCheck(response, m_options.allowCredentials(), securityOrigin(), accessControlErrorDescription)) {
m_client->didFailAccessControlCheck(ResourceError(errorDomainWebKitInternal, 0, response.url(), accessControlErrorDescription));
return;
}
}
m_client->didReceiveResponse(identifier, response);
}
}
