void DocumentThreadableLoader::didReceiveResponse(SubresourceLoader* loader, const ResourceResponse& response) { ASSERT(m_client); ASSERT_UNUSED(loader, loader == m_loader); if (m_actualRequest) { if (!passesAccessControlCheck(response, m_options.allowCredentials, m_document->securityOrigin())) { preflightFailure(); return; } OwnPtr<CrossOriginPreflightResultCacheItem> preflightResult(new CrossOriginPreflightResultCacheItem(m_options.allowCredentials)); if (!preflightResult->parse(response) || !preflightResult->allowsCrossOriginMethod(m_actualRequest->httpMethod()) || !preflightResult->allowsCrossOriginHeaders(m_actualRequest->httpHeaderFields())) { preflightFailure(); return; } CrossOriginPreflightResultCache::shared().appendEntry(m_document->securityOrigin()->toString(), m_actualRequest->url(), preflightResult.release()); } else { if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessControl) { if (!passesAccessControlCheck(response, m_options.allowCredentials, m_document->securityOrigin())) { m_client->didFail(ResourceError()); return; } } m_client->didReceiveResponse(response); } }
void DocumentThreadableLoader::didReceiveResponse(unsigned long identifier, const ResourceResponse& response) { ASSERT(m_client); String accessControlErrorDescription; if (m_actualRequest) { // Notifying the inspector here is necessary because a call to preflightFailure() might synchronously // cause the underlying ResourceLoader to be cancelled before it tells the inspector about the response. // In that case, if we don't tell the inspector about the response now, the resource type in the inspector // will default to "other" instead of something more descriptive. DocumentLoader* loader = m_document->frame()->loader().documentLoader(); InspectorInstrumentation::didReceiveResourceResponse(m_document->frame(), identifier, loader, response, resource() ? resource()->loader() : 0); if (!passesAccessControlCheck(response, m_options.allowCredentials, securityOrigin(), accessControlErrorDescription)) { preflightFailure(response.url().string(), accessControlErrorDescription); return; } if (!passesPreflightStatusCheck(response, accessControlErrorDescription)) { preflightFailure(response.url().string(), accessControlErrorDescription); return; } OwnPtr<CrossOriginPreflightResultCacheItem> preflightResult = adoptPtr(new CrossOriginPreflightResultCacheItem(m_options.allowCredentials)); if (!preflightResult->parse(response, accessControlErrorDescription) || !preflightResult->allowsCrossOriginMethod(m_actualRequest->httpMethod(), accessControlErrorDescription) || !preflightResult->allowsCrossOriginHeaders(m_actualRequest->httpHeaderFields(), accessControlErrorDescription)) { preflightFailure(response.url().string(), accessControlErrorDescription); return; } CrossOriginPreflightResultCache::shared().appendEntry(securityOrigin()->toString(), m_actualRequest->url(), preflightResult.release()); } else { if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessControl) { if (!passesAccessControlCheck(response, m_options.allowCredentials, securityOrigin(), accessControlErrorDescription)) { m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkInternal, 0, response.url().string(), accessControlErrorDescription)); return; } } m_client->didReceiveResponse(identifier, response); } }
void DocumentThreadableLoader::didReceiveResponse(unsigned long identifier, const ResourceResponse& response) { ASSERT(m_client); #if ENABLE(INSPECTOR) if (m_preflightRequestIdentifier) { DocumentLoader* loader = m_document->frame()->loader()->documentLoader(); InspectorInstrumentationCookie cookie = InspectorInstrumentation::willReceiveResourceResponse(m_document->frame(), m_preflightRequestIdentifier, response); InspectorInstrumentation::didReceiveResourceResponse(cookie, m_preflightRequestIdentifier, loader, response, 0); } #endif String accessControlErrorDescription; if (m_actualRequest) { if (!passesAccessControlCheck(response, m_options.allowCredentials, securityOrigin(), accessControlErrorDescription)) { preflightFailure(response.url(), accessControlErrorDescription); return; } OwnPtr<CrossOriginPreflightResultCacheItem> preflightResult = adoptPtr(new CrossOriginPreflightResultCacheItem(m_options.allowCredentials)); if (!preflightResult->parse(response, accessControlErrorDescription) || !preflightResult->allowsCrossOriginMethod(m_actualRequest->httpMethod(), accessControlErrorDescription) || !preflightResult->allowsCrossOriginHeaders(m_actualRequest->httpHeaderFields(), accessControlErrorDescription)) { preflightFailure(response.url(), accessControlErrorDescription); return; } CrossOriginPreflightResultCache::shared().appendEntry(securityOrigin()->toString(), m_actualRequest->url(), preflightResult.release()); } else { if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessControl) { if (!passesAccessControlCheck(response, m_options.allowCredentials, securityOrigin(), accessControlErrorDescription)) { m_client->didFail(ResourceError(errorDomainWebKitInternal, 0, response.url().string(), accessControlErrorDescription)); return; } } m_client->didReceiveResponse(identifier, response); } }
void DocumentThreadableLoader::didReceiveResponse(unsigned long identifier, const ResourceResponse& response) { ASSERT(m_client); String accessControlErrorDescription; if (m_actualRequest) { DocumentLoader* loader = m_document.frame()->loader().documentLoader(); InspectorInstrumentationCookie cookie = InspectorInstrumentation::willReceiveResourceResponse(m_document.frame()); InspectorInstrumentation::didReceiveResourceResponse(cookie, identifier, loader, response, 0); if (!passesAccessControlCheck(response, m_options.allowCredentials(), securityOrigin(), accessControlErrorDescription)) { preflightFailure(identifier, response.url(), accessControlErrorDescription); return; } StoredCredentials allowCredentials = m_options.allowCredentials(); auto preflightResult = std::make_unique<CrossOriginPreflightResultCacheItem>(allowCredentials); if (!preflightResult->parse(response, accessControlErrorDescription) || !preflightResult->allowsCrossOriginMethod(m_actualRequest->httpMethod(), accessControlErrorDescription) || !preflightResult->allowsCrossOriginHeaders(m_actualRequest->httpHeaderFields(), accessControlErrorDescription)) { preflightFailure(identifier, response.url(), accessControlErrorDescription); return; } CrossOriginPreflightResultCache::singleton().appendEntry(securityOrigin()->toString(), m_actualRequest->url(), WTFMove(preflightResult)); } else { if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessControl) { if (!passesAccessControlCheck(response, m_options.allowCredentials(), securityOrigin(), accessControlErrorDescription)) { m_client->didFailAccessControlCheck(ResourceError(errorDomainWebKitInternal, 0, response.url(), accessControlErrorDescription)); return; } } m_client->didReceiveResponse(identifier, response); } }