Make WebLoaderStrategy send to NetworkResourceLoader necessary parameters to handle full loads in NetworkProcess
https://bugs.webkit.org/show_bug.cgi?id=184763
Reviewed by Chris Dumez.
Source/WebCore:
No change of behavior yet since we do not use these parameters in NetworkProcess yet.
Add PreflightPolicy and CSP response headers as ResourceLoaderOptions.
This allows passing them from DocumentThreadableLoader to WebLoaderStrategy.
Allow getting the original headers from a SubresourceLoader.
This allows passing them from DocumentThreadableLoader down to WebLoaderStrategy.
* Modules/fetch/FetchLoader.cpp:
(WebCore::FetchLoader::startLoadingBlobURL):
(WebCore::FetchLoader::start):
* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::DocumentThreadableLoader):
(WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest):
(WebCore::DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest):
* loader/ResourceLoaderOptions.h:
* loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::originalHeaders const):
* loader/SubresourceLoader.h:
* loader/ThreadableLoader.cpp:
(WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions):
(WebCore::ThreadableLoaderOptions::isolatedCopy const):
* loader/ThreadableLoader.h:
* page/EventSource.cpp:
(WebCore::EventSource::connect):
* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::createRequest):
Source/WebKit:
Set all required NetworkResourceLoadParameters for asynchronous loads.
This includes preflight policy, CSP response headers, SecurityOrigin and content blockers identifier.
Update NetworkLoadChecker to handle preflight policy.
This is not needed right now since sync XHR and ping loads are using the default ConsiderPreflight policy.
But this will be needed for XHR/fetch/EventSource loads.
* NetworkProcess/NetworkLoadChecker.cpp:
(WebKit::NetworkLoadChecker::NetworkLoadChecker):
(WebKit::NetworkLoadChecker::checkRedirection):
(WebKit::NetworkLoadChecker::validateResponse):
(WebKit::NetworkLoadChecker::checkCORSRequest):
* NetworkProcess/NetworkLoadChecker.h:
(WebKit::NetworkLoadChecker::create):
* NetworkProcess/NetworkResourceLoadParameters.cpp:
(WebKit::NetworkResourceLoadParameters::encode const):
(WebKit::NetworkResourceLoadParameters::decode):
* NetworkProcess/NetworkResourceLoadParameters.h:
* NetworkProcess/NetworkResourceLoader.cpp:
* NetworkProcess/PingLoad.cpp:
(WebKit::PingLoad::PingLoad):
* WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@230942 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/WebCore/loader/DocumentThreadableLoader.cpp b/Source/WebCore/loader/DocumentThreadableLoader.cpp
index 240daa1..4e692e1 100644
--- a/Source/WebCore/loader/DocumentThreadableLoader.cpp
+++ b/Source/WebCore/loader/DocumentThreadableLoader.cpp
@@ -109,7 +109,7 @@
// No need to do preflight if the network stack will do it for us.
if (!m_async && platformStrategies()->loaderStrategy()->isDoingLoadingSecurityChecks())
- m_options.preflightPolicy = PreventPreflight;
+ m_options.preflightPolicy = PreflightPolicy::Prevent;
// Referrer and Origin headers should be set after the preflight if any.
ASSERT(!request.hasHTTPReferrer() && !request.hasHTTPOrigin());
@@ -134,6 +134,9 @@
m_options.filteringPolicy = ResponseFilteringPolicy::Disable;
}
+ if (m_contentSecurityPolicy || !document.shouldBypassMainWorldContentSecurityPolicy())
+ m_options.cspResponseHeaders = this->contentSecurityPolicy().responseHeaders();
+
// As per step 11 of https://fetch.spec.whatwg.org/#main-fetch, data scheme (if same-origin data-URL flag is set) and about scheme are considered same-origin.
if (request.url().protocolIsData())
m_sameOriginRequest = options.sameOriginDataURLFlag == SameOriginDataURLFlag::Set;
@@ -155,7 +158,7 @@
{
ASSERT(m_options.mode == FetchOptions::Mode::Cors);
- if ((m_options.preflightPolicy == ConsiderPreflight && isSimpleCrossOriginAccessRequest(request.httpMethod(), request.httpHeaderFields())) || m_options.preflightPolicy == PreventPreflight)
+ if ((m_options.preflightPolicy == PreflightPolicy::Consider && isSimpleCrossOriginAccessRequest(request.httpMethod(), request.httpHeaderFields())) || m_options.preflightPolicy == PreflightPolicy::Prevent)
makeSimpleCrossOriginAccessRequest(WTFMove(request));
else {
#if ENABLE(SERVICE_WORKER)
@@ -179,8 +182,8 @@
void DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest(ResourceRequest&& request)
{
- ASSERT(m_options.preflightPolicy != ForcePreflight);
- ASSERT(m_options.preflightPolicy == PreventPreflight || isSimpleCrossOriginAccessRequest(request.httpMethod(), request.httpHeaderFields()));
+ ASSERT(m_options.preflightPolicy != PreflightPolicy::Force);
+ ASSERT(m_options.preflightPolicy == PreflightPolicy::Prevent || isSimpleCrossOriginAccessRequest(request.httpMethod(), request.httpHeaderFields()));
// Cross-origin requests are only allowed for HTTP and registered schemes. We would catch this when checking response headers later, but there is no reason to send a request that's guaranteed to be denied.
if (!SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(request.url().protocol().toStringWithoutCopying())) {
