summaryrefslogtreecommitdiffstats
path: root/webkit/plugins/ppapi
diff options
context:
space:
mode:
authorbbudge@chromium.org <bbudge@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-04-14 16:52:52 +0000
committerbbudge@chromium.org <bbudge@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-04-14 16:52:52 +0000
commitbb8890e9cee0c997257873e9c978eead7d028568 (patch)
tree8b73fbe50b6d1f7e5d7b8220124f8e7d2552b93c /webkit/plugins/ppapi
parent84d5b453e3b8f4eef8cab9860a27c25466c7fe0a (diff)
downloadchromium_src-bb8890e9cee0c997257873e9c978eead7d028568.zip
chromium_src-bb8890e9cee0c997257873e9c978eead7d028568.tar.gz
chromium_src-bb8890e9cee0c997257873e9c978eead7d028568.tar.bz2
Modify the webkit::ppapi::URLLoader to use the underlying AssociatedURLLoader for security checks, and convert URLRequest properties into the configuration for the AssociatedURLLoader. This Issue depends on http://codereview.chromium.org/6755015/
BUG=47354 TEST=ppapi_tests Review URL: http://codereview.chromium.org/6765040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81605 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'webkit/plugins/ppapi')
-rw-r--r--webkit/plugins/ppapi/ppb_url_loader_impl.cc43
-rw-r--r--webkit/plugins/ppapi/ppb_url_loader_impl.h2
2 files changed, 17 insertions, 28 deletions
diff --git a/webkit/plugins/ppapi/ppb_url_loader_impl.cc b/webkit/plugins/ppapi/ppb_url_loader_impl.cc
index 1c2323e..378d789 100644
--- a/webkit/plugins/ppapi/ppb_url_loader_impl.cc
+++ b/webkit/plugins/ppapi/ppb_url_loader_impl.cc
@@ -17,6 +17,7 @@
#include "third_party/WebKit/Source/WebKit/chromium/public/WebPluginContainer.h"
#include "third_party/WebKit/Source/WebKit/chromium/public/WebSecurityOrigin.h"
#include "third_party/WebKit/Source/WebKit/chromium/public/WebURLLoader.h"
+#include "third_party/WebKit/Source/WebKit/chromium/public/WebURLLoaderOptions.h"
#include "third_party/WebKit/Source/WebKit/chromium/public/WebURLRequest.h"
#include "third_party/WebKit/Source/WebKit/chromium/public/WebURLResponse.h"
#include "webkit/appcache/web_application_cache_host_impl.h"
@@ -32,6 +33,7 @@ using WebKit::WebString;
using WebKit::WebURL;
using WebKit::WebURLError;
using WebKit::WebURLLoader;
+using WebKit::WebURLLoaderOptions;
using WebKit::WebURLRequest;
using WebKit::WebURLResponse;
@@ -188,7 +190,7 @@ const PPB_URLLoaderTrusted ppb_urlloadertrusted = {
&SetStatusCallback
};
-WebKit::WebFrame* GetFrame(PluginInstance* instance) {
+WebFrame* GetFrame(PluginInstance* instance) {
return instance->container()->element().document().frame();
}
@@ -253,11 +255,20 @@ int32_t PPB_URLLoader_Impl::Open(PPB_URLRequestInfo_Impl* request,
return PP_ERROR_FAILED;
WebURLRequest web_request(request->ToWebURLRequest(frame));
- rv = CanRequest(frame, web_request.url());
- if (rv != PP_OK)
- return rv;
+ WebURLLoaderOptions options;
+ if (has_universal_access_) {
+ // Universal access allows cross-origin requests and sends credentials.
+ options.crossOriginRequestPolicy =
+ WebURLLoaderOptions::CrossOriginRequestPolicyAllow;
+ options.allowCredentials = true;
+ } else if (request->allow_cross_origin_requests()) {
+ // Otherwise, allow cross-origin requests with access control.
+ options.crossOriginRequestPolicy =
+ WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl;
+ options.allowCredentials = request->allow_credentials();
+ }
- loader_.reset(frame->createAssociatedURLLoader());
+ loader_.reset(frame->createAssociatedURLLoader(options));
if (!loader_.get())
return PP_ERROR_FAILED;
@@ -277,10 +288,6 @@ int32_t PPB_URLLoader_Impl::FollowRedirect(PP_CompletionCallback callback) {
WebURL redirect_url = GURL(response_info_->redirect_url());
- rv = CanRequest(GetFrame(instance()), redirect_url);
- if (rv != PP_OK)
- return rv;
-
loader_->setDefersLoading(false); // Allow the redirect to continue.
RegisterCallback(callback);
return PP_OK_COMPLETIONPENDING;
@@ -384,12 +391,6 @@ void PPB_URLLoader_Impl::willSendRequest(
SaveResponse(redirect_response);
loader_->setDefersLoading(true);
RunCallback(PP_OK);
- } else {
- int32_t rv = CanRequest(GetFrame(instance()), new_request.url());
- if (rv != PP_OK) {
- loader_->setDefersLoading(true);
- RunCallback(rv);
- }
}
}
@@ -496,23 +497,13 @@ size_t PPB_URLLoader_Impl::FillUserBuffer() {
return bytes_to_copy;
}
-void PPB_URLLoader_Impl::SaveResponse(const WebKit::WebURLResponse& response) {
+void PPB_URLLoader_Impl::SaveResponse(const WebURLResponse& response) {
scoped_refptr<PPB_URLResponseInfo_Impl> response_info(
new PPB_URLResponseInfo_Impl(instance()));
if (response_info->Initialize(response))
response_info_ = response_info;
}
-// Checks that the client can request the URL. Returns a PPAPI error code.
-int32_t PPB_URLLoader_Impl::CanRequest(const WebKit::WebFrame* frame,
- const WebKit::WebURL& url) {
- if (!has_universal_access_ &&
- !frame->securityOrigin().canRequest(url))
- return PP_ERROR_NOACCESS;
-
- return PP_OK;
-}
-
void PPB_URLLoader_Impl::UpdateStatus() {
if (status_callback_ &&
(RecordDownloadProgress() || RecordUploadProgress())) {
diff --git a/webkit/plugins/ppapi/ppb_url_loader_impl.h b/webkit/plugins/ppapi/ppb_url_loader_impl.h
index 6456900..c46bbb6 100644
--- a/webkit/plugins/ppapi/ppb_url_loader_impl.h
+++ b/webkit/plugins/ppapi/ppb_url_loader_impl.h
@@ -105,8 +105,6 @@ class PPB_URLLoader_Impl : public Resource, public WebKit::WebURLLoaderClient {
// Converts a WebURLResponse to a URLResponseInfo and saves it.
void SaveResponse(const WebKit::WebURLResponse& response);
- int32_t CanRequest(const WebKit::WebFrame* frame, const WebKit::WebURL& url);
-
// Calls the status_callback_ (if any) with the current upload and download
// progress. Call this function if you update any of these values to
// synchronize an out-of-process plugin's state.