void DocumentThreadableLoader::handlePreflightResponse(const ResourceResponse& response)
{
String accessControlErrorDescription;
if (!passesAccessControlCheck(response, effectiveAllowCredentials(), securityOrigin(), accessControlErrorDescription, m_requestContext)) {
handlePreflightFailure(response.url().string(), "Response to preflight request doesn't pass access control check: " + accessControlErrorDescription);
// |this| may be dead here in async mode.
return;
}
if (!passesPreflightStatusCheck(response, accessControlErrorDescription)) {
handlePreflightFailure(response.url().string(), accessControlErrorDescription);
// |this| may be dead here in async mode.
return;
}
OwnPtr<CrossOriginPreflightResultCacheItem> preflightResult = adoptPtr(new CrossOriginPreflightResultCacheItem(effectiveAllowCredentials()));
if (!preflightResult->parse(response, accessControlErrorDescription)
|| !preflightResult->allowsCrossOriginMethod(m_actualRequest.httpMethod(), accessControlErrorDescription)
|| !preflightResult->allowsCrossOriginHeaders(m_actualRequest.httpHeaderFields(), accessControlErrorDescription)) {
handlePreflightFailure(response.url().string(), accessControlErrorDescription);
// |this| may be dead here in async mode.
return;
}
CrossOriginPreflightResultCache::shared().appendEntry(securityOrigin()->toString(), m_actualRequest.url(), preflightResult.release());
}
void DocumentThreadableLoader::handlePreflightResponse(
const ResourceResponse& response) {
String accessControlErrorDescription;
if (!passesAccessControlCheck(
response, effectiveAllowCredentials(), getSecurityOrigin(),
accessControlErrorDescription, m_requestContext)) {
handlePreflightFailure(
response.url().getString(),
"Response to preflight request doesn't pass access control check: " +
accessControlErrorDescription);
return;
}
if (!passesPreflightStatusCheck(response, accessControlErrorDescription)) {
handlePreflightFailure(response.url().getString(),
accessControlErrorDescription);
return;
}
if (m_actualRequest.isExternalRequest() &&
!passesExternalPreflightCheck(response, accessControlErrorDescription)) {
handlePreflightFailure(response.url().getString(),
accessControlErrorDescription);
return;
}
std::unique_ptr<CrossOriginPreflightResultCacheItem> preflightResult =
WTF::wrapUnique(
new CrossOriginPreflightResultCacheItem(effectiveAllowCredentials()));
if (!preflightResult->parse(response, accessControlErrorDescription) ||
!preflightResult->allowsCrossOriginMethod(
m_actualRequest.httpMethod(), accessControlErrorDescription) ||
!preflightResult->allowsCrossOriginHeaders(
m_actualRequest.httpHeaderFields(), accessControlErrorDescription)) {
handlePreflightFailure(response.url().getString(),
accessControlErrorDescription);
return;
}
CrossOriginPreflightResultCache::shared().appendEntry(
getSecurityOrigin()->toString(), m_actualRequest.url(),
std::move(preflightResult));
}
void DocumentThreadableLoader::didReceiveResponse(unsigned long identifier, const ResourceResponse& response)
{
ASSERT(m_client);
String accessControlErrorDescription;
if (m_actualRequest) {
// Notifying the inspector here is necessary because a call to preflightFailure() might synchronously
// cause the underlying ResourceLoader to be cancelled before it tells the inspector about the response.
// In that case, if we don't tell the inspector about the response now, the resource type in the inspector
// will default to "other" instead of something more descriptive.
DocumentLoader* loader = m_document->frame()->loader().documentLoader();
InspectorInstrumentation::didReceiveResourceResponse(m_document->frame(), identifier, loader, response, resource() ? resource()->loader() : 0);
if (!passesAccessControlCheck(response, m_options.allowCredentials, securityOrigin(), accessControlErrorDescription)) {
preflightFailure(response.url().string(), accessControlErrorDescription);
return;
}
if (!passesPreflightStatusCheck(response, accessControlErrorDescription)) {
preflightFailure(response.url().string(), accessControlErrorDescription);
return;
}
OwnPtr<CrossOriginPreflightResultCacheItem> preflightResult = adoptPtr(new CrossOriginPreflightResultCacheItem(m_options.allowCredentials));
if (!preflightResult->parse(response, accessControlErrorDescription)
|| !preflightResult->allowsCrossOriginMethod(m_actualRequest->httpMethod(), accessControlErrorDescription)
|| !preflightResult->allowsCrossOriginHeaders(m_actualRequest->httpHeaderFields(), accessControlErrorDescription)) {
preflightFailure(response.url().string(), accessControlErrorDescription);
return;
}
CrossOriginPreflightResultCache::shared().appendEntry(securityOrigin()->toString(), m_actualRequest->url(), preflightResult.release());
} else {
if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessControl) {
if (!passesAccessControlCheck(response, m_options.allowCredentials, securityOrigin(), accessControlErrorDescription)) {
m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkInternal, 0, response.url().string(), accessControlErrorDescription));
return;
}
}
m_client->didReceiveResponse(identifier, response);
}
}
void DocumentThreadableLoader::didReceiveResponse(unsigned long identifier, const ResourceResponse& response)
{
ASSERT(m_client);
String accessControlErrorDescription;
if (m_actualRequest) {
DocumentLoader* loader = m_document->frame()->loader().documentLoader();
InspectorInstrumentation::didReceiveResourceResponse(m_document->frame(), identifier, loader, response, resource() ? resource()->loader() : 0);
if (!passesAccessControlCheck(response, m_options.allowCredentials, securityOrigin(), accessControlErrorDescription)) {
preflightFailure(identifier, response.url().string(), accessControlErrorDescription);
return;
}
if (!passesPreflightStatusCheck(response, accessControlErrorDescription)) {
preflightFailure(identifier, response.url().string(), accessControlErrorDescription);
return;
}
OwnPtr<CrossOriginPreflightResultCacheItem> preflightResult = adoptPtr(new CrossOriginPreflightResultCacheItem(m_options.allowCredentials));
if (!preflightResult->parse(response, accessControlErrorDescription)
|| !preflightResult->allowsCrossOriginMethod(m_actualRequest->httpMethod(), accessControlErrorDescription)
|| !preflightResult->allowsCrossOriginHeaders(m_actualRequest->httpHeaderFields(), accessControlErrorDescription)) {
preflightFailure(identifier, response.url().string(), accessControlErrorDescription);
return;
}
CrossOriginPreflightResultCache::shared().appendEntry(securityOrigin()->toString(), m_actualRequest->url(), preflightResult.release());
} else {
if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessControl) {
if (!passesAccessControlCheck(response, m_options.allowCredentials, securityOrigin(), accessControlErrorDescription)) {
m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkInternal, 0, response.url().string(), accessControlErrorDescription));
return;
}
}
m_client->didReceiveResponse(identifier, response);
}
}
