ScriptPromise ServiceWorkerClients::openWindow(ScriptState* scriptState, const String& url) { ScriptPromiseResolver* resolver = ScriptPromiseResolver::create(scriptState); ScriptPromise promise = resolver->promise(); ExecutionContext* context = scriptState->getExecutionContext(); KURL parsedUrl = KURL(toWorkerGlobalScope(context)->location()->url(), url); if (!parsedUrl.isValid()) { resolver->reject(V8ThrowException::createTypeError( scriptState->isolate(), "'" + url + "' is not a valid URL.")); return promise; } if (!context->getSecurityOrigin()->canDisplay(parsedUrl)) { resolver->reject(V8ThrowException::createTypeError( scriptState->isolate(), "'" + parsedUrl.elidedString() + "' cannot be opened.")); return promise; } if (!context->isWindowInteractionAllowed()) { resolver->reject(DOMException::create(InvalidAccessError, "Not allowed to open a window.")); return promise; } context->consumeWindowInteraction(); ServiceWorkerGlobalScopeClient::from(context)->openWindow( parsedUrl, WTF::makeUnique<NavigateClientCallback>(resolver)); return promise; }
void FileReaderLoader::startInternal(ExecutionContext& executionContext, const Stream* stream, PassRefPtr<BlobDataHandle> blobData) { // The blob is read by routing through the request handling layer given a temporary public url. m_urlForReading = BlobURL::createPublicURL(executionContext.getSecurityOrigin()); if (m_urlForReading.isEmpty()) { failed(FileError::SECURITY_ERR); return; } if (blobData) { ASSERT(!stream); BlobRegistry::registerPublicBlobURL(executionContext.getSecurityOrigin(), m_urlForReading, blobData); } else { ASSERT(stream); BlobRegistry::registerStreamURL(executionContext.getSecurityOrigin(), m_urlForReading, stream->url()); } // Construct and load the request. ResourceRequest request(m_urlForReading); request.setExternalRequestStateFromRequestorAddressSpace(executionContext.securityContext().addressSpace()); // FIXME: Should this really be 'internal'? Do we know anything about the actual request that generated this fetch? request.setRequestContext(WebURLRequest::RequestContextInternal); request.setHTTPMethod(HTTPNames::GET); if (m_hasRange) request.setHTTPHeaderField(HTTPNames::Range, AtomicString(String::format("bytes=%d-%d", m_rangeStart, m_rangeEnd))); ThreadableLoaderOptions options; options.preflightPolicy = ConsiderPreflight; options.crossOriginRequestPolicy = DenyCrossOriginRequests; // FIXME: Is there a directive to which this load should be subject? options.contentSecurityPolicyEnforcement = DoNotEnforceContentSecurityPolicy; // Use special initiator to hide the request from the inspector. options.initiator = FetchInitiatorTypeNames::internal; ResourceLoaderOptions resourceLoaderOptions; resourceLoaderOptions.allowCredentials = AllowStoredCredentials; if (m_client) { m_loader = ThreadableLoader::create(executionContext, this, options, resourceLoaderOptions); m_loader->start(request); } else { ThreadableLoader::loadResourceSynchronously(executionContext, request, *this, options, resourceLoaderOptions); } }
void PerformanceBase::addResourceTiming(const ResourceTimingInfo& info) { if (isResourceTimingBufferFull() && !hasObserverFor(PerformanceEntry::Resource)) return; SecurityOrigin* securityOrigin = nullptr; ExecutionContext* context = getExecutionContext(); if (context) securityOrigin = context->getSecurityOrigin(); if (!securityOrigin) return; const ResourceResponse& finalResponse = info.finalResponse(); bool allowTimingDetails = passesTimingAllowCheck(finalResponse, *securityOrigin, info.originalTimingAllowOrigin(), context); double startTime = info.initialTime(); if (info.redirectChain().isEmpty()) { PerformanceEntry* entry = PerformanceResourceTiming::create( info, timeOrigin(), startTime, allowTimingDetails); notifyObserversOfEntry(*entry); if (!isResourceTimingBufferFull()) addResourceTimingBuffer(*entry); return; } const Vector<ResourceResponse>& redirectChain = info.redirectChain(); bool allowRedirectDetails = allowsTimingRedirect(redirectChain, finalResponse, *securityOrigin, context); if (!allowRedirectDetails) { ResourceLoadTiming* finalTiming = finalResponse.resourceLoadTiming(); ASSERT(finalTiming); if (finalTiming) startTime = finalTiming->requestTime(); } ResourceLoadTiming* lastRedirectTiming = redirectChain.back().resourceLoadTiming(); ASSERT(lastRedirectTiming); double lastRedirectEndTime = lastRedirectTiming->receiveHeadersEnd(); PerformanceEntry* entry = PerformanceResourceTiming::create( info, timeOrigin(), startTime, lastRedirectEndTime, allowTimingDetails, allowRedirectDetails); notifyObserversOfEntry(*entry); if (!isResourceTimingBufferFull()) addResourceTimingBuffer(*entry); }
ScriptPromise ServiceWorkerWindowClient::navigate(ScriptState* scriptState, const String& url) { ScriptPromiseResolver* resolver = ScriptPromiseResolver::create(scriptState); ScriptPromise promise = resolver->promise(); ExecutionContext* context = scriptState->getExecutionContext(); KURL parsedUrl = KURL(toWorkerGlobalScope(context)->location()->url(), url); if (!parsedUrl.isValid() || parsedUrl.protocolIsAbout()) { resolver->reject(V8ThrowException::createTypeError( scriptState->isolate(), "'" + url + "' is not a valid URL.")); return promise; } if (!context->getSecurityOrigin()->canDisplay(parsedUrl)) { resolver->reject(V8ThrowException::createTypeError( scriptState->isolate(), "'" + parsedUrl.elidedString() + "' cannot navigate.")); return promise; } ServiceWorkerGlobalScopeClient::from(context)->navigate( uuid(), parsedUrl, new NavigateClientCallback(resolver)); return promise; }