From eb2ee141e4b40cbc89baaa982c77fe10da6c9f48 Mon Sep 17 00:00:00 2001
From: "michaeln@google.com"
 <michaeln@google.com@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Tue, 22 Feb 2011 20:03:01 +0000
Subject: Appcache cross-origin HTTPS resources.

BUG=69594
TEST=updated unit tests

Review URL: http://codereview.chromium.org/6526037

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@75622 0039d316-1c4b-4281-b951-d872f2087c98
---
 webkit/appcache/manifest_parser.cc | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to 'webkit/appcache/manifest_parser.cc')

diff --git a/webkit/appcache/manifest_parser.cc b/webkit/appcache/manifest_parser.cc
index 49ddd8c..1422bc6 100644
--- a/webkit/appcache/manifest_parser.cc
+++ b/webkit/appcache/manifest_parser.cc
@@ -165,12 +165,13 @@ bool ParseManifest(const GURL& manifest_url, const char* data, int length,
         continue;
       }
 
-      // If the manifest's scheme is https:, then manifest URL must have same
-      // origin as resulting absolute URL.
-      if (mode == EXPLICIT && manifest_url.SchemeIsSecure() &&
-          manifest_url.GetOrigin() != url.GetOrigin()) {
-        continue;
-      }
+      // See http://code.google.com/p/chromium/issues/detail?id=69594
+      // We willfully violate the HTML5 spec at this point in order
+      // to support the appcaching of cross-origin HTTPS resources.
+      // Per the spec, EXPLICIT cross-origin HTTS resources should be
+      // ignored here. We've opted for a milder constraint and allow
+      // caching unless the resource has a "no-store" header. That
+      // condition is enforced in AppCacheUpdateJob.
 
       if (mode == EXPLICIT) {
         manifest.explicit_urls.insert(url.spec());
-- 
cgit v1.1