diff options
| -rw-r--r-- | ppapi/tests/test_url_loader.cc | 21 | ||||
| -rw-r--r-- | ppapi/tests/test_url_loader.h | 1 | ||||
| -rw-r--r-- | webkit/plugins/ppapi/ppb_url_loader_impl.cc | 43 | ||||
| -rw-r--r-- | webkit/plugins/ppapi/ppb_url_loader_impl.h | 2 |
4 files changed, 39 insertions, 28 deletions
diff --git a/ppapi/tests/test_url_loader.cc b/ppapi/tests/test_url_loader.cc index 1faacfc..2e708cf 100644 --- a/ppapi/tests/test_url_loader.cc +++ b/ppapi/tests/test_url_loader.cc @@ -49,6 +49,7 @@ void TestURLLoader::RunTest() { RUN_TEST(CustomRequestHeader); RUN_TEST(IgnoresBogusContentLength); RUN_TEST(SameOriginRestriction); + RUN_TEST(CrossOriginRequest); RUN_TEST(StreamToFile); RUN_TEST(AuditURLRedirect); RUN_TEST(AbortCalls); @@ -270,6 +271,26 @@ std::string TestURLLoader::TestSameOriginRestriction() { PASS(); } +std::string TestURLLoader::TestCrossOriginRequest() { + pp::URLRequestInfo request; + // Create a URL that will be considered to be a different origin. + request.SetURL("http://127.0.0.1/test_url_loader_data/hello.txt"); + request.SetAllowCrossOriginRequests(true); + + TestCompletionCallback callback(instance_->pp_instance()); + + pp::URLLoader loader(*instance_); + int32_t rv = loader.Open(request, callback); + if (rv == PP_ERROR_WOULDBLOCK) + rv = callback.WaitForResult(); + + // We expect success since we allowed a cross-origin request. + if (rv == PP_ERROR_NOACCESS) + return ReportError("URLLoader::Open()", rv); + + PASS(); +} + // This test should cause a redirect and ensure that the loader runs // the callback, rather than following the redirect. std::string TestURLLoader::TestAuditURLRedirect() { diff --git a/ppapi/tests/test_url_loader.h b/ppapi/tests/test_url_loader.h index 0b14bd2..b91ad75 100644 --- a/ppapi/tests/test_url_loader.h +++ b/ppapi/tests/test_url_loader.h @@ -41,6 +41,7 @@ class TestURLLoader : public TestCase { std::string TestIgnoresBogusContentLength(); std::string TestStreamToFile(); std::string TestSameOriginRestriction(); + std::string TestCrossOriginRequest(); std::string TestAuditURLRedirect(); std::string TestAbortCalls(); diff --git a/webkit/plugins/ppapi/ppb_url_loader_impl.cc b/webkit/plugins/ppapi/ppb_url_loader_impl.cc index 1c2323e..378d789 100644 --- a/webkit/plugins/ppapi/ppb_url_loader_impl.cc +++ b/webkit/plugins/ppapi/ppb_url_loader_impl.cc @@ -17,6 +17,7 @@ #include "third_party/WebKit/Source/WebKit/chromium/public/WebPluginContainer.h" #include "third_party/WebKit/Source/WebKit/chromium/public/WebSecurityOrigin.h" #include "third_party/WebKit/Source/WebKit/chromium/public/WebURLLoader.h" +#include "third_party/WebKit/Source/WebKit/chromium/public/WebURLLoaderOptions.h" #include "third_party/WebKit/Source/WebKit/chromium/public/WebURLRequest.h" #include "third_party/WebKit/Source/WebKit/chromium/public/WebURLResponse.h" #include "webkit/appcache/web_application_cache_host_impl.h" @@ -32,6 +33,7 @@ using WebKit::WebString; using WebKit::WebURL; using WebKit::WebURLError; using WebKit::WebURLLoader; +using WebKit::WebURLLoaderOptions; using WebKit::WebURLRequest; using WebKit::WebURLResponse; @@ -188,7 +190,7 @@ const PPB_URLLoaderTrusted ppb_urlloadertrusted = { &SetStatusCallback }; -WebKit::WebFrame* GetFrame(PluginInstance* instance) { +WebFrame* GetFrame(PluginInstance* instance) { return instance->container()->element().document().frame(); } @@ -253,11 +255,20 @@ int32_t PPB_URLLoader_Impl::Open(PPB_URLRequestInfo_Impl* request, return PP_ERROR_FAILED; WebURLRequest web_request(request->ToWebURLRequest(frame)); - rv = CanRequest(frame, web_request.url()); - if (rv != PP_OK) - return rv; + WebURLLoaderOptions options; + if (has_universal_access_) { + // Universal access allows cross-origin requests and sends credentials. + options.crossOriginRequestPolicy = + WebURLLoaderOptions::CrossOriginRequestPolicyAllow; + options.allowCredentials = true; + } else if (request->allow_cross_origin_requests()) { + // Otherwise, allow cross-origin requests with access control. + options.crossOriginRequestPolicy = + WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; + options.allowCredentials = request->allow_credentials(); + } - loader_.reset(frame->createAssociatedURLLoader()); + loader_.reset(frame->createAssociatedURLLoader(options)); if (!loader_.get()) return PP_ERROR_FAILED; @@ -277,10 +288,6 @@ int32_t PPB_URLLoader_Impl::FollowRedirect(PP_CompletionCallback callback) { WebURL redirect_url = GURL(response_info_->redirect_url()); - rv = CanRequest(GetFrame(instance()), redirect_url); - if (rv != PP_OK) - return rv; - loader_->setDefersLoading(false); // Allow the redirect to continue. RegisterCallback(callback); return PP_OK_COMPLETIONPENDING; @@ -384,12 +391,6 @@ void PPB_URLLoader_Impl::willSendRequest( SaveResponse(redirect_response); loader_->setDefersLoading(true); RunCallback(PP_OK); - } else { - int32_t rv = CanRequest(GetFrame(instance()), new_request.url()); - if (rv != PP_OK) { - loader_->setDefersLoading(true); - RunCallback(rv); - } } } @@ -496,23 +497,13 @@ size_t PPB_URLLoader_Impl::FillUserBuffer() { return bytes_to_copy; } -void PPB_URLLoader_Impl::SaveResponse(const WebKit::WebURLResponse& response) { +void PPB_URLLoader_Impl::SaveResponse(const WebURLResponse& response) { scoped_refptr<PPB_URLResponseInfo_Impl> response_info( new PPB_URLResponseInfo_Impl(instance())); if (response_info->Initialize(response)) response_info_ = response_info; } -// Checks that the client can request the URL. Returns a PPAPI error code. -int32_t PPB_URLLoader_Impl::CanRequest(const WebKit::WebFrame* frame, - const WebKit::WebURL& url) { - if (!has_universal_access_ && - !frame->securityOrigin().canRequest(url)) - return PP_ERROR_NOACCESS; - - return PP_OK; -} - void PPB_URLLoader_Impl::UpdateStatus() { if (status_callback_ && (RecordDownloadProgress() || RecordUploadProgress())) { diff --git a/webkit/plugins/ppapi/ppb_url_loader_impl.h b/webkit/plugins/ppapi/ppb_url_loader_impl.h index 6456900..c46bbb6 100644 --- a/webkit/plugins/ppapi/ppb_url_loader_impl.h +++ b/webkit/plugins/ppapi/ppb_url_loader_impl.h @@ -105,8 +105,6 @@ class PPB_URLLoader_Impl : public Resource, public WebKit::WebURLLoaderClient { // Converts a WebURLResponse to a URLResponseInfo and saves it. void SaveResponse(const WebKit::WebURLResponse& response); - int32_t CanRequest(const WebKit::WebFrame* frame, const WebKit::WebURL& url); - // Calls the status_callback_ (if any) with the current upload and download // progress. Call this function if you update any of these values to // synchronize an out-of-process plugin's state. |