diff options
author | bbudge@chromium.org <bbudge@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-04-14 16:52:52 +0000 |
---|---|---|
committer | bbudge@chromium.org <bbudge@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-04-14 16:52:52 +0000 |
commit | bb8890e9cee0c997257873e9c978eead7d028568 (patch) | |
tree | 8b73fbe50b6d1f7e5d7b8220124f8e7d2552b93c /webkit/plugins/ppapi | |
parent | 84d5b453e3b8f4eef8cab9860a27c25466c7fe0a (diff) | |
download | chromium_src-bb8890e9cee0c997257873e9c978eead7d028568.zip chromium_src-bb8890e9cee0c997257873e9c978eead7d028568.tar.gz chromium_src-bb8890e9cee0c997257873e9c978eead7d028568.tar.bz2 |
Modify the webkit::ppapi::URLLoader to use the underlying AssociatedURLLoader for security checks, and convert URLRequest properties into the configuration for the AssociatedURLLoader. This Issue depends on http://codereview.chromium.org/6755015/
BUG=47354
TEST=ppapi_tests
Review URL: http://codereview.chromium.org/6765040
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81605 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'webkit/plugins/ppapi')
-rw-r--r-- | webkit/plugins/ppapi/ppb_url_loader_impl.cc | 43 | ||||
-rw-r--r-- | webkit/plugins/ppapi/ppb_url_loader_impl.h | 2 |
2 files changed, 17 insertions, 28 deletions
diff --git a/webkit/plugins/ppapi/ppb_url_loader_impl.cc b/webkit/plugins/ppapi/ppb_url_loader_impl.cc index 1c2323e..378d789 100644 --- a/webkit/plugins/ppapi/ppb_url_loader_impl.cc +++ b/webkit/plugins/ppapi/ppb_url_loader_impl.cc @@ -17,6 +17,7 @@ #include "third_party/WebKit/Source/WebKit/chromium/public/WebPluginContainer.h" #include "third_party/WebKit/Source/WebKit/chromium/public/WebSecurityOrigin.h" #include "third_party/WebKit/Source/WebKit/chromium/public/WebURLLoader.h" +#include "third_party/WebKit/Source/WebKit/chromium/public/WebURLLoaderOptions.h" #include "third_party/WebKit/Source/WebKit/chromium/public/WebURLRequest.h" #include "third_party/WebKit/Source/WebKit/chromium/public/WebURLResponse.h" #include "webkit/appcache/web_application_cache_host_impl.h" @@ -32,6 +33,7 @@ using WebKit::WebString; using WebKit::WebURL; using WebKit::WebURLError; using WebKit::WebURLLoader; +using WebKit::WebURLLoaderOptions; using WebKit::WebURLRequest; using WebKit::WebURLResponse; @@ -188,7 +190,7 @@ const PPB_URLLoaderTrusted ppb_urlloadertrusted = { &SetStatusCallback }; -WebKit::WebFrame* GetFrame(PluginInstance* instance) { +WebFrame* GetFrame(PluginInstance* instance) { return instance->container()->element().document().frame(); } @@ -253,11 +255,20 @@ int32_t PPB_URLLoader_Impl::Open(PPB_URLRequestInfo_Impl* request, return PP_ERROR_FAILED; WebURLRequest web_request(request->ToWebURLRequest(frame)); - rv = CanRequest(frame, web_request.url()); - if (rv != PP_OK) - return rv; + WebURLLoaderOptions options; + if (has_universal_access_) { + // Universal access allows cross-origin requests and sends credentials. + options.crossOriginRequestPolicy = + WebURLLoaderOptions::CrossOriginRequestPolicyAllow; + options.allowCredentials = true; + } else if (request->allow_cross_origin_requests()) { + // Otherwise, allow cross-origin requests with access control. + options.crossOriginRequestPolicy = + WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; + options.allowCredentials = request->allow_credentials(); + } - loader_.reset(frame->createAssociatedURLLoader()); + loader_.reset(frame->createAssociatedURLLoader(options)); if (!loader_.get()) return PP_ERROR_FAILED; @@ -277,10 +288,6 @@ int32_t PPB_URLLoader_Impl::FollowRedirect(PP_CompletionCallback callback) { WebURL redirect_url = GURL(response_info_->redirect_url()); - rv = CanRequest(GetFrame(instance()), redirect_url); - if (rv != PP_OK) - return rv; - loader_->setDefersLoading(false); // Allow the redirect to continue. RegisterCallback(callback); return PP_OK_COMPLETIONPENDING; @@ -384,12 +391,6 @@ void PPB_URLLoader_Impl::willSendRequest( SaveResponse(redirect_response); loader_->setDefersLoading(true); RunCallback(PP_OK); - } else { - int32_t rv = CanRequest(GetFrame(instance()), new_request.url()); - if (rv != PP_OK) { - loader_->setDefersLoading(true); - RunCallback(rv); - } } } @@ -496,23 +497,13 @@ size_t PPB_URLLoader_Impl::FillUserBuffer() { return bytes_to_copy; } -void PPB_URLLoader_Impl::SaveResponse(const WebKit::WebURLResponse& response) { +void PPB_URLLoader_Impl::SaveResponse(const WebURLResponse& response) { scoped_refptr<PPB_URLResponseInfo_Impl> response_info( new PPB_URLResponseInfo_Impl(instance())); if (response_info->Initialize(response)) response_info_ = response_info; } -// Checks that the client can request the URL. Returns a PPAPI error code. -int32_t PPB_URLLoader_Impl::CanRequest(const WebKit::WebFrame* frame, - const WebKit::WebURL& url) { - if (!has_universal_access_ && - !frame->securityOrigin().canRequest(url)) - return PP_ERROR_NOACCESS; - - return PP_OK; -} - void PPB_URLLoader_Impl::UpdateStatus() { if (status_callback_ && (RecordDownloadProgress() || RecordUploadProgress())) { diff --git a/webkit/plugins/ppapi/ppb_url_loader_impl.h b/webkit/plugins/ppapi/ppb_url_loader_impl.h index 6456900..c46bbb6 100644 --- a/webkit/plugins/ppapi/ppb_url_loader_impl.h +++ b/webkit/plugins/ppapi/ppb_url_loader_impl.h @@ -105,8 +105,6 @@ class PPB_URLLoader_Impl : public Resource, public WebKit::WebURLLoaderClient { // Converts a WebURLResponse to a URLResponseInfo and saves it. void SaveResponse(const WebKit::WebURLResponse& response); - int32_t CanRequest(const WebKit::WebFrame* frame, const WebKit::WebURL& url); - // Calls the status_callback_ (if any) with the current upload and download // progress. Call this function if you update any of these values to // synchronize an out-of-process plugin's state. |