Google Git
Sign in
webkit / WebKit / 70851bfd4196a0fdcde3b0bd3b24202122c394f8^! / . / Source / WebCore / loader / cache / CachedResourceRequest.h
commit70851bfd4196a0fdcde3b0bd3b24202122c394f8[log] [tgz]
authoryouenn.fablet@crf.canon.fr <youenn.fablet@crf.canon.fr@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Fri Jun 10 18:17:11 2016 +0000
committeryouenn.fablet@crf.canon.fr <youenn.fablet@crf.canon.fr@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Fri Jun 10 18:17:11 2016 +0000
treed225bdc26a9cd30d8c7be85f7dcc587083eb673b
parent08c98fe00dd672937d94775992b3dbef3a27a546 [diff] [blame]
Origin header is not included in CORS requests for preloaded cross-origin resources
https://bugs.webkit.org/show_bug.cgi?id=155761
<rdar://problem/25351850>

Reviewed by Alex Christensen.

Source/WebCore:

Making HTML preloader fully aware of crossorigin attribute value.
Introducing CachedResourceRequest::setAsPotentiallyCrossOrigin as a helper routine to activate CORS mode.
Making HTMLLinkElement and HTMLResourcePreloader use that routine.
Making TokenPreloadScanner store the crossorigin attribute value in preload requests.
Making TokenPreloadScanner store the crossorigin attribute value for link elements.

Test: http/tests/security/cross-origin-css-9.html

* html/HTMLLinkElement.cpp:
(WebCore::HTMLLinkElement::process):
* html/parser/HTMLPreloadScanner.cpp:
(WebCore::TokenPreloadScanner::StartTagScanner::createPreloadRequest):
(WebCore::TokenPreloadScanner::StartTagScanner::processAttribute):
* html/parser/HTMLResourcePreloader.cpp:
(WebCore::crossOriginModeAllowsCookies):
(WebCore::PreloadRequest::resourceRequest):
* html/parser/HTMLResourcePreloader.h:
(WebCore::PreloadRequest::setCrossOriginMode):
(WebCore::PreloadRequest::PreloadRequest): Deleted.
(WebCore::PreloadRequest::resourceType): Deleted.
* loader/cache/CachedResourceRequest.cpp:
(WebCore::CachedResourceRequest::setAsPotentiallyCrossOrigin):
* loader/cache/CachedResourceRequest.h:

LayoutTests:

* http/tests/security/cross-origin-css-9-expected.txt: Added.
* http/tests/security/cross-origin-css-9.html: Added.
* http/tests/security/resources/get-css-if-origin-header.php: Added.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@201930 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/WebCore/loader/cache/CachedResourceRequest.h b/Source/WebCore/loader/cache/CachedResourceRequest.h
index c8a21ef..99e32b2 100644
--- a/Source/WebCore/loader/cache/CachedResourceRequest.h
+++ b/Source/WebCore/loader/cache/CachedResourceRequest.h

@@ -65,6 +65,8 @@
     void setInitiator(DocumentLoader&);
     DocumentLoader* initiatingDocumentLoader() const { return m_initiatingDocumentLoader.get(); }
 
+    void setAsPotentiallyCrossOrigin(const String&, Document&);
+
 private:
     ResourceRequest m_resourceRequest;
     String m_charset;