<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[203490] trunk/Source/WebCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/203490">203490</a></dd>
<dt>Author</dt> <dd>commit-queue@webkit.org</dd>
<dt>Date</dt> <dd>2016-07-20 23:12:13 -0700 (Wed, 20 Jul 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>Remove crossOriginRequestPolicy from ThreadableLoaderOptions
https://bugs.webkit.org/show_bug.cgi?id=159417
Patch by Youenn Fablet <youenn@apple.com> on 2016-07-20
Reviewed by Alex Christensen.
No observable change.
* Modules/fetch/FetchLoader.cpp:
(WebCore::FetchLoader::start): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
* fileapi/FileReaderLoader.cpp:
(WebCore::FileReaderLoader::start): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
* inspector/InspectorNetworkAgent.cpp:
(WebCore::InspectorNetworkAgent::loadResource): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Ditto.
(WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest): UseAccessControl -> FetchOptions::Mode::Cors.
(WebCore::DocumentThreadableLoader::redirectReceived): Ditto.
(WebCore::DocumentThreadableLoader::didReceiveResponse): Ditto.
(WebCore::DocumentThreadableLoader::loadRequest): Use NoCors as option passed to ResourceLoader. This allows
desactivating ResourceLoader CORS checks as they are done in DocumentThreadableLoader right now. In the future,
these checks should be moved to ResourceLoader and DocumentThreadableLoader should directly pass the fetch mode
option.
(WebCore::DocumentThreadableLoader::isAllowedRedirect): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
* loader/ThreadableLoader.cpp:
(WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): Removing CrossOriginRequestPolicy.
* loader/ThreadableLoader.h: Ditto.
* loader/WorkerThreadableLoader.cpp:
(WebCore::LoaderTaskOptions::LoaderTaskOptions): Ditto.
* page/EventSource.cpp:
(WebCore::EventSource::connect): UseAccessControl -> FetchOptions::Mode::Cors.
* workers/Worker.cpp:
(WebCore::Worker::create): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
* workers/WorkerGlobalScope.cpp:
(WebCore::WorkerGlobalScope::importScripts): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
* workers/WorkerScriptLoader.cpp:
(WebCore::WorkerScriptLoader::loadSynchronously):
(WebCore::WorkerScriptLoader::loadAsynchronously):
* workers/WorkerScriptLoader.h:
* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::createRequest):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoreModulesfetchFetchLoadercpp">trunk/Source/WebCore/Modules/fetch/FetchLoader.cpp</a></li>
<li><a href="#trunkSourceWebCorefileapiFileReaderLoadercpp">trunk/Source/WebCore/fileapi/FileReaderLoader.cpp</a></li>
<li><a href="#trunkSourceWebCoreinspectorInspectorNetworkAgentcpp">trunk/Source/WebCore/inspector/InspectorNetworkAgent.cpp</a></li>
<li><a href="#trunkSourceWebCoreloaderDocumentThreadableLoadercpp">trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp</a></li>
<li><a href="#trunkSourceWebCoreloaderThreadableLoadercpp">trunk/Source/WebCore/loader/ThreadableLoader.cpp</a></li>
<li><a href="#trunkSourceWebCoreloaderThreadableLoaderh">trunk/Source/WebCore/loader/ThreadableLoader.h</a></li>
<li><a href="#trunkSourceWebCoreloaderWorkerThreadableLoadercpp">trunk/Source/WebCore/loader/WorkerThreadableLoader.cpp</a></li>
<li><a href="#trunkSourceWebCorepageEventSourcecpp">trunk/Source/WebCore/page/EventSource.cpp</a></li>
<li><a href="#trunkSourceWebCoreworkersWorkercpp">trunk/Source/WebCore/workers/Worker.cpp</a></li>
<li><a href="#trunkSourceWebCoreworkersWorkerGlobalScopecpp">trunk/Source/WebCore/workers/WorkerGlobalScope.cpp</a></li>
<li><a href="#trunkSourceWebCoreworkersWorkerScriptLoadercpp">trunk/Source/WebCore/workers/WorkerScriptLoader.cpp</a></li>
<li><a href="#trunkSourceWebCoreworkersWorkerScriptLoaderh">trunk/Source/WebCore/workers/WorkerScriptLoader.h</a></li>
<li><a href="#trunkSourceWebCorexmlXMLHttpRequestcpp">trunk/Source/WebCore/xml/XMLHttpRequest.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (203489 => 203490)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2016-07-21 06:09:56 UTC (rev 203489)
+++ trunk/Source/WebCore/ChangeLog 2016-07-21 06:12:13 UTC (rev 203490)
</span><span class="lines">@@ -1,3 +1,46 @@
</span><ins>+2016-07-20 Youenn Fablet <youenn@apple.com>
+
+ Remove crossOriginRequestPolicy from ThreadableLoaderOptions
+ https://bugs.webkit.org/show_bug.cgi?id=159417
+
+ Reviewed by Alex Christensen.
+
+ No observable change.
+
+ * Modules/fetch/FetchLoader.cpp:
+ (WebCore::FetchLoader::start): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
+ * fileapi/FileReaderLoader.cpp:
+ (WebCore::FileReaderLoader::start): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
+ * inspector/InspectorNetworkAgent.cpp:
+ (WebCore::InspectorNetworkAgent::loadResource): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
+ * loader/DocumentThreadableLoader.cpp:
+ (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Ditto.
+ (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest): UseAccessControl -> FetchOptions::Mode::Cors.
+ (WebCore::DocumentThreadableLoader::redirectReceived): Ditto.
+ (WebCore::DocumentThreadableLoader::didReceiveResponse): Ditto.
+ (WebCore::DocumentThreadableLoader::loadRequest): Use NoCors as option passed to ResourceLoader. This allows
+ desactivating ResourceLoader CORS checks as they are done in DocumentThreadableLoader right now. In the future,
+ these checks should be moved to ResourceLoader and DocumentThreadableLoader should directly pass the fetch mode
+ option.
+ (WebCore::DocumentThreadableLoader::isAllowedRedirect): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
+ * loader/ThreadableLoader.cpp:
+ (WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): Removing CrossOriginRequestPolicy.
+ * loader/ThreadableLoader.h: Ditto.
+ * loader/WorkerThreadableLoader.cpp:
+ (WebCore::LoaderTaskOptions::LoaderTaskOptions): Ditto.
+ * page/EventSource.cpp:
+ (WebCore::EventSource::connect): UseAccessControl -> FetchOptions::Mode::Cors.
+ * workers/Worker.cpp:
+ (WebCore::Worker::create): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
+ * workers/WorkerGlobalScope.cpp:
+ (WebCore::WorkerGlobalScope::importScripts): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
+ * workers/WorkerScriptLoader.cpp:
+ (WebCore::WorkerScriptLoader::loadSynchronously):
+ (WebCore::WorkerScriptLoader::loadAsynchronously):
+ * workers/WorkerScriptLoader.h:
+ * xml/XMLHttpRequest.cpp:
+ (WebCore::XMLHttpRequest::createRequest):
+
</ins><span class="cx"> 2016-07-20 Chris Dumez <cdumez@apple.com>
</span><span class="cx">
</span><span class="cx"> Fix null handling of several Document attributes
</span></span></pre></div>
<a id="trunkSourceWebCoreModulesfetchFetchLoadercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/Modules/fetch/FetchLoader.cpp (203489 => 203490)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/Modules/fetch/FetchLoader.cpp 2016-07-21 06:09:56 UTC (rev 203489)
+++ trunk/Source/WebCore/Modules/fetch/FetchLoader.cpp 2016-07-21 06:12:13 UTC (rev 203490)
</span><span class="lines">@@ -64,7 +64,7 @@
</span><span class="cx"> options.setDataBufferingPolicy(DoNotBufferData);
</span><span class="cx"> options.preflightPolicy = ConsiderPreflight;
</span><span class="cx"> options.setAllowCredentials(AllowStoredCredentials);
</span><del>- options.crossOriginRequestPolicy = DenyCrossOriginRequests;
</del><ins>+ options.mode = FetchOptions::Mode::SameOrigin;
</ins><span class="cx"> options.contentSecurityPolicyEnforcement = ContentSecurityPolicyEnforcement::DoNotEnforce;
</span><span class="cx">
</span><span class="cx"> m_loader = ThreadableLoader::create(&context, this, request, options);
</span><span class="lines">@@ -79,11 +79,11 @@
</span><span class="cx"> options.setDataBufferingPolicy(DoNotBufferData);
</span><span class="cx"> options.preflightPolicy = ConsiderPreflight;
</span><span class="cx"> options.setAllowCredentials(AllowStoredCredentials);
</span><del>- options.crossOriginRequestPolicy = DenyCrossOriginRequests;
</del><span class="cx"> options.contentSecurityPolicyEnforcement = ContentSecurityPolicyEnforcement::DoNotEnforce;
</span><span class="cx">
</span><span class="cx"> // FIXME: Pass directly all fetch options to loader options.
</span><span class="cx"> options.redirect = request.fetchOptions().redirect;
</span><ins>+ options.mode = FetchOptions::Mode::SameOrigin;
</ins><span class="cx">
</span><span class="cx"> m_loader = ThreadableLoader::create(&context, this, request.internalRequest(), options);
</span><span class="cx"> m_isStarted = m_loader;
</span></span></pre></div>
<a id="trunkSourceWebCorefileapiFileReaderLoadercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/fileapi/FileReaderLoader.cpp (203489 => 203490)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/fileapi/FileReaderLoader.cpp 2016-07-21 06:09:56 UTC (rev 203489)
+++ trunk/Source/WebCore/fileapi/FileReaderLoader.cpp 2016-07-21 06:12:13 UTC (rev 203490)
</span><span class="lines">@@ -91,7 +91,7 @@
</span><span class="cx"> options.setDataBufferingPolicy(DoNotBufferData);
</span><span class="cx"> options.preflightPolicy = ConsiderPreflight;
</span><span class="cx"> options.setAllowCredentials(AllowStoredCredentials);
</span><del>- options.crossOriginRequestPolicy = DenyCrossOriginRequests;
</del><ins>+ options.mode = FetchOptions::Mode::SameOrigin;
</ins><span class="cx"> options.contentSecurityPolicyEnforcement = ContentSecurityPolicyEnforcement::DoNotEnforce;
</span><span class="cx">
</span><span class="cx"> if (m_client)
</span></span></pre></div>
<a id="trunkSourceWebCoreinspectorInspectorNetworkAgentcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/inspector/InspectorNetworkAgent.cpp (203489 => 203490)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/inspector/InspectorNetworkAgent.cpp 2016-07-21 06:09:56 UTC (rev 203489)
+++ trunk/Source/WebCore/inspector/InspectorNetworkAgent.cpp 2016-07-21 06:12:13 UTC (rev 203490)
</span><span class="lines">@@ -673,7 +673,7 @@
</span><span class="cx"> options.setSendLoadCallbacks(SendCallbacks); // So we remove this from m_hiddenRequestIdentifiers on completion.
</span><span class="cx"> options.setAllowCredentials(AllowStoredCredentials);
</span><span class="cx"> options.setDefersLoadingPolicy(DefersLoadingPolicy::DisallowDefersLoading); // So the request is never deferred.
</span><del>- options.crossOriginRequestPolicy = AllowCrossOriginRequests;
</del><ins>+ options.mode = FetchOptions::Mode::NoCors;
</ins><span class="cx"> options.contentSecurityPolicyEnforcement = ContentSecurityPolicyEnforcement::DoNotEnforce;
</span><span class="cx">
</span><span class="cx"> // InspectorThreadableLoaderClient deletes itself when the load completes.
</span></span></pre></div>
<a id="trunkSourceWebCoreloaderDocumentThreadableLoadercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp (203489 => 203490)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp 2016-07-21 06:09:56 UTC (rev 203489)
+++ trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp 2016-07-21 06:12:13 UTC (rev 203490)
</span><span class="lines">@@ -96,12 +96,12 @@
</span><span class="cx">
</span><span class="cx"> ASSERT_WITH_SECURITY_IMPLICATION(isAllowedByContentSecurityPolicy(request.url()));
</span><span class="cx">
</span><del>- if (m_sameOriginRequest || m_options.crossOriginRequestPolicy == AllowCrossOriginRequests) {
</del><ins>+ if (m_sameOriginRequest || m_options.mode == FetchOptions::Mode::NoCors) {
</ins><span class="cx"> loadRequest(request, DoSecurityCheck);
</span><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (m_options.crossOriginRequestPolicy == DenyCrossOriginRequests) {
</del><ins>+ if (m_options.mode == FetchOptions::Mode::SameOrigin) {
</ins><span class="cx"> m_client->didFail(ResourceError(errorDomainWebKitInternal, 0, request.url(), "Cross origin requests are not supported."));
</span><span class="cx"> return;
</span><span class="cx"> }
</span><span class="lines">@@ -111,7 +111,7 @@
</span><span class="cx">
</span><span class="cx"> void DocumentThreadableLoader::makeCrossOriginAccessRequest(const ResourceRequest& request)
</span><span class="cx"> {
</span><del>- ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl);
</del><ins>+ ASSERT(m_options.mode == FetchOptions::Mode::Cors);
</ins><span class="cx">
</span><span class="cx"> auto crossOriginRequest = request;
</span><span class="cx"> updateRequestForAccessControl(crossOriginRequest, securityOrigin(), m_options.allowCredentials());
</span><span class="lines">@@ -222,7 +222,7 @@
</span><span class="cx"> // When using access control, only simple cross origin requests are allowed to redirect. The new request URL must have a supported
</span><span class="cx"> // scheme and not contain the userinfo production. In addition, the redirect response must pass the access control check if the
</span><span class="cx"> // original request was not same-origin.
</span><del>- if (m_options.crossOriginRequestPolicy == UseAccessControl) {
</del><ins>+ if (m_options.mode == FetchOptions::Mode::Cors) {
</ins><span class="cx"> bool allowRedirect = false;
</span><span class="cx"> if (m_simpleRequest) {
</span><span class="cx"> String accessControlErrorDescription;
</span><span class="lines">@@ -276,7 +276,7 @@
</span><span class="cx"> ASSERT(m_client);
</span><span class="cx">
</span><span class="cx"> String accessControlErrorDescription;
</span><del>- if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessControl) {
</del><ins>+ if (!m_sameOriginRequest && m_options.mode == FetchOptions::Mode::Cors) {
</ins><span class="cx"> if (!passesAccessControlCheck(response, m_options.allowCredentials(), securityOrigin(), accessControlErrorDescription)) {
</span><span class="cx"> m_client->didFail(ResourceError(errorDomainWebKitInternal, 0, response.url(), accessControlErrorDescription, ResourceError::Type::AccessControl));
</span><span class="cx"> return;
</span><span class="lines">@@ -356,6 +356,9 @@
</span><span class="cx"> ThreadableLoaderOptions options = m_options;
</span><span class="cx"> options.setClientCredentialPolicy(DoNotAskClientForCrossOriginCredentials);
</span><span class="cx">
</span><ins>+ // Set to NoCors as CORS checks are done in DocumentThreadableLoader
+ options.mode = FetchOptions::Mode::NoCors;
+
</ins><span class="cx"> CachedResourceRequest newRequest(request, options);
</span><span class="cx"> if (RuntimeEnabledFeatures::sharedFeatures().resourceTimingEnabled())
</span><span class="cx"> newRequest.setInitiator(m_options.initiator);
</span><span class="lines">@@ -430,7 +433,7 @@
</span><span class="cx">
</span><span class="cx"> bool DocumentThreadableLoader::isAllowedRedirect(const URL& url)
</span><span class="cx"> {
</span><del>- if (m_options.crossOriginRequestPolicy == AllowCrossOriginRequests)
</del><ins>+ if (m_options.mode == FetchOptions::Mode::NoCors)
</ins><span class="cx"> return true;
</span><span class="cx">
</span><span class="cx"> return m_sameOriginRequest && securityOrigin().canRequest(url);
</span></span></pre></div>
<a id="trunkSourceWebCoreloaderThreadableLoadercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/ThreadableLoader.cpp (203489 => 203490)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/ThreadableLoader.cpp 2016-07-21 06:09:56 UTC (rev 203489)
+++ trunk/Source/WebCore/loader/ThreadableLoader.cpp 2016-07-21 06:12:13 UTC (rev 203490)
</span><span class="lines">@@ -43,6 +43,7 @@
</span><span class="cx">
</span><span class="cx"> ThreadableLoaderOptions::ThreadableLoaderOptions()
</span><span class="cx"> {
</span><ins>+ mode = FetchOptions::Mode::SameOrigin;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> ThreadableLoaderOptions::~ThreadableLoaderOptions()
</span><span class="lines">@@ -49,10 +50,9 @@
</span><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><del>-ThreadableLoaderOptions::ThreadableLoaderOptions(const ResourceLoaderOptions& baseOptions, PreflightPolicy preflightPolicy, CrossOriginRequestPolicy crossOriginRequestPolicy, ContentSecurityPolicyEnforcement contentSecurityPolicyEnforcement, String&& initiator)
</del><ins>+ThreadableLoaderOptions::ThreadableLoaderOptions(const ResourceLoaderOptions& baseOptions, PreflightPolicy preflightPolicy, ContentSecurityPolicyEnforcement contentSecurityPolicyEnforcement, String&& initiator)
</ins><span class="cx"> : ResourceLoaderOptions(baseOptions)
</span><span class="cx"> , preflightPolicy(preflightPolicy)
</span><del>- , crossOriginRequestPolicy(crossOriginRequestPolicy)
</del><span class="cx"> , contentSecurityPolicyEnforcement(contentSecurityPolicyEnforcement)
</span><span class="cx"> , initiator(WTFMove(initiator))
</span><span class="cx"> {
</span></span></pre></div>
<a id="trunkSourceWebCoreloaderThreadableLoaderh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/ThreadableLoader.h (203489 => 203490)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/ThreadableLoader.h 2016-07-21 06:09:56 UTC (rev 203489)
+++ trunk/Source/WebCore/loader/ThreadableLoader.h 2016-07-21 06:12:13 UTC (rev 203490)
</span><span class="lines">@@ -45,12 +45,6 @@
</span><span class="cx"> class ScriptExecutionContext;
</span><span class="cx"> class SecurityOrigin;
</span><span class="cx"> class ThreadableLoaderClient;
</span><del>-
- enum CrossOriginRequestPolicy {
- DenyCrossOriginRequests,
- UseAccessControl,
- AllowCrossOriginRequests
- };
</del><span class="cx">
</span><span class="cx"> enum PreflightPolicy {
</span><span class="cx"> ConsiderPreflight,
</span><span class="lines">@@ -67,11 +61,10 @@
</span><span class="cx">
</span><span class="cx"> struct ThreadableLoaderOptions : ResourceLoaderOptions {
</span><span class="cx"> ThreadableLoaderOptions();
</span><del>- ThreadableLoaderOptions(const ResourceLoaderOptions&, PreflightPolicy, CrossOriginRequestPolicy, ContentSecurityPolicyEnforcement, String&& initiator);
</del><ins>+ ThreadableLoaderOptions(const ResourceLoaderOptions&, PreflightPolicy, ContentSecurityPolicyEnforcement, String&& initiator);
</ins><span class="cx"> ~ThreadableLoaderOptions();
</span><span class="cx">
</span><span class="cx"> PreflightPolicy preflightPolicy { ConsiderPreflight };
</span><del>- CrossOriginRequestPolicy crossOriginRequestPolicy { DenyCrossOriginRequests };
</del><span class="cx"> ContentSecurityPolicyEnforcement contentSecurityPolicyEnforcement { ContentSecurityPolicyEnforcement::EnforceConnectSrcDirective };
</span><span class="cx"> String initiator; // This cannot be an AtomicString, as isolatedCopy() wouldn't create an object that's safe for passing to another thread.
</span><span class="cx"> };
</span></span></pre></div>
<a id="trunkSourceWebCoreloaderWorkerThreadableLoadercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/WorkerThreadableLoader.cpp (203489 => 203490)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/WorkerThreadableLoader.cpp 2016-07-21 06:09:56 UTC (rev 203489)
+++ trunk/Source/WebCore/loader/WorkerThreadableLoader.cpp 2016-07-21 06:12:13 UTC (rev 203490)
</span><span class="lines">@@ -91,7 +91,7 @@
</span><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> LoaderTaskOptions::LoaderTaskOptions(const ThreadableLoaderOptions& options, const String& referrer, const SecurityOrigin& origin)
</span><del>- : options(options, options.preflightPolicy, options.crossOriginRequestPolicy, options.contentSecurityPolicyEnforcement, options.initiator.isolatedCopy())
</del><ins>+ : options(options, options.preflightPolicy, options.contentSecurityPolicyEnforcement, options.initiator.isolatedCopy())
</ins><span class="cx"> , referrer(referrer.isolatedCopy())
</span><span class="cx"> , origin(origin.isolatedCopy())
</span><span class="cx"> {
</span></span></pre></div>
<a id="trunkSourceWebCorepageEventSourcecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/EventSource.cpp (203489 => 203490)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/page/EventSource.cpp 2016-07-21 06:09:56 UTC (rev 203489)
+++ trunk/Source/WebCore/page/EventSource.cpp 2016-07-21 06:12:13 UTC (rev 203490)
</span><span class="lines">@@ -111,7 +111,7 @@
</span><span class="cx"> options.setAllowCredentials((origin.canRequest(m_url) || m_withCredentials) ? AllowStoredCredentials : DoNotAllowStoredCredentials);
</span><span class="cx"> options.credentials = m_withCredentials ? FetchOptions::Credentials::Include : FetchOptions::Credentials::SameOrigin;
</span><span class="cx"> options.preflightPolicy = PreventPreflight;
</span><del>- options.crossOriginRequestPolicy = UseAccessControl;
</del><ins>+ options.mode = FetchOptions::Mode::Cors;
</ins><span class="cx"> options.setDataBufferingPolicy(DoNotBufferData);
</span><span class="cx"> options.contentSecurityPolicyEnforcement = scriptExecutionContext()->shouldBypassMainWorldContentSecurityPolicy() ? ContentSecurityPolicyEnforcement::DoNotEnforce : ContentSecurityPolicyEnforcement::EnforceConnectSrcDirective;
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCoreworkersWorkercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/workers/Worker.cpp (203489 => 203490)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/workers/Worker.cpp 2016-07-21 06:09:56 UTC (rev 203489)
+++ trunk/Source/WebCore/workers/Worker.cpp 2016-07-21 06:12:13 UTC (rev 203490)
</span><span class="lines">@@ -95,7 +95,7 @@
</span><span class="cx">
</span><span class="cx"> worker->m_scriptLoader = WorkerScriptLoader::create();
</span><span class="cx"> auto contentSecurityPolicyEnforcement = shouldBypassMainWorldContentSecurityPolicy ? ContentSecurityPolicyEnforcement::DoNotEnforce : ContentSecurityPolicyEnforcement::EnforceChildSrcDirective;
</span><del>- worker->m_scriptLoader->loadAsynchronously(&context, scriptURL, DenyCrossOriginRequests, contentSecurityPolicyEnforcement, worker.ptr());
</del><ins>+ worker->m_scriptLoader->loadAsynchronously(&context, scriptURL, FetchOptions::Mode::SameOrigin, contentSecurityPolicyEnforcement, worker.ptr());
</ins><span class="cx"> return WTFMove(worker);
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCoreworkersWorkerGlobalScopecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/workers/WorkerGlobalScope.cpp (203489 => 203490)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/workers/WorkerGlobalScope.cpp 2016-07-21 06:09:56 UTC (rev 203489)
+++ trunk/Source/WebCore/workers/WorkerGlobalScope.cpp 2016-07-21 06:12:13 UTC (rev 203490)
</span><span class="lines">@@ -236,7 +236,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> Ref<WorkerScriptLoader> scriptLoader = WorkerScriptLoader::create();
</span><del>- scriptLoader->loadSynchronously(scriptExecutionContext(), url, AllowCrossOriginRequests, shouldBypassMainWorldContentSecurityPolicy ? ContentSecurityPolicyEnforcement::DoNotEnforce : ContentSecurityPolicyEnforcement::EnforceScriptSrcDirective);
</del><ins>+ scriptLoader->loadSynchronously(scriptExecutionContext(), url, FetchOptions::Mode::NoCors, shouldBypassMainWorldContentSecurityPolicy ? ContentSecurityPolicyEnforcement::DoNotEnforce : ContentSecurityPolicyEnforcement::EnforceScriptSrcDirective);
</ins><span class="cx">
</span><span class="cx"> // If the fetching attempt failed, throw a NETWORK_ERR exception and abort all these steps.
</span><span class="cx"> if (scriptLoader->failed()) {
</span></span></pre></div>
<a id="trunkSourceWebCoreworkersWorkerScriptLoadercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/workers/WorkerScriptLoader.cpp (203489 => 203490)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/workers/WorkerScriptLoader.cpp 2016-07-21 06:09:56 UTC (rev 203489)
+++ trunk/Source/WebCore/workers/WorkerScriptLoader.cpp 2016-07-21 06:12:13 UTC (rev 203490)
</span><span class="lines">@@ -54,7 +54,7 @@
</span><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void WorkerScriptLoader::loadSynchronously(ScriptExecutionContext* scriptExecutionContext, const URL& url, CrossOriginRequestPolicy crossOriginRequestPolicy, ContentSecurityPolicyEnforcement contentSecurityPolicyEnforcement)
</del><ins>+void WorkerScriptLoader::loadSynchronously(ScriptExecutionContext* scriptExecutionContext, const URL& url, FetchOptions::Mode mode, ContentSecurityPolicyEnforcement contentSecurityPolicyEnforcement)
</ins><span class="cx"> {
</span><span class="cx"> m_url = url;
</span><span class="cx">
</span><span class="lines">@@ -66,7 +66,7 @@
</span><span class="cx">
</span><span class="cx"> ThreadableLoaderOptions options;
</span><span class="cx"> options.setAllowCredentials(AllowStoredCredentials);
</span><del>- options.crossOriginRequestPolicy = crossOriginRequestPolicy;
</del><ins>+ options.mode = mode;
</ins><span class="cx"> options.setSendLoadCallbacks(SendCallbacks);
</span><span class="cx"> options.contentSecurityPolicyEnforcement = contentSecurityPolicyEnforcement;
</span><span class="cx">
</span><span class="lines">@@ -73,7 +73,7 @@
</span><span class="cx"> WorkerThreadableLoader::loadResourceSynchronously(downcast<WorkerGlobalScope>(scriptExecutionContext), *request, *this, options);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void WorkerScriptLoader::loadAsynchronously(ScriptExecutionContext* scriptExecutionContext, const URL& url, CrossOriginRequestPolicy crossOriginRequestPolicy, ContentSecurityPolicyEnforcement contentSecurityPolicyEnforcement, WorkerScriptLoaderClient* client)
</del><ins>+void WorkerScriptLoader::loadAsynchronously(ScriptExecutionContext* scriptExecutionContext, const URL& url, FetchOptions::Mode mode, ContentSecurityPolicyEnforcement contentSecurityPolicyEnforcement, WorkerScriptLoaderClient* client)
</ins><span class="cx"> {
</span><span class="cx"> ASSERT(client);
</span><span class="cx"> m_client = client;
</span><span class="lines">@@ -85,7 +85,7 @@
</span><span class="cx">
</span><span class="cx"> ThreadableLoaderOptions options;
</span><span class="cx"> options.setAllowCredentials(AllowStoredCredentials);
</span><del>- options.crossOriginRequestPolicy = crossOriginRequestPolicy;
</del><ins>+ options.mode = mode;
</ins><span class="cx"> options.setSendLoadCallbacks(SendCallbacks);
</span><span class="cx"> options.contentSecurityPolicyEnforcement = contentSecurityPolicyEnforcement;
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCoreworkersWorkerScriptLoaderh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/workers/WorkerScriptLoader.h (203489 => 203490)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/workers/WorkerScriptLoader.h 2016-07-21 06:09:56 UTC (rev 203489)
+++ trunk/Source/WebCore/workers/WorkerScriptLoader.h 2016-07-21 06:12:13 UTC (rev 203490)
</span><span class="lines">@@ -54,8 +54,8 @@
</span><span class="cx"> return adoptRef(*new WorkerScriptLoader);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- void loadSynchronously(ScriptExecutionContext*, const URL&, CrossOriginRequestPolicy, ContentSecurityPolicyEnforcement);
- void loadAsynchronously(ScriptExecutionContext*, const URL&, CrossOriginRequestPolicy, ContentSecurityPolicyEnforcement, WorkerScriptLoaderClient*);
</del><ins>+ void loadSynchronously(ScriptExecutionContext*, const URL&, FetchOptions::Mode, ContentSecurityPolicyEnforcement);
+ void loadAsynchronously(ScriptExecutionContext*, const URL&, FetchOptions::Mode, ContentSecurityPolicyEnforcement, WorkerScriptLoaderClient*);
</ins><span class="cx">
</span><span class="cx"> void notifyError();
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCorexmlXMLHttpRequestcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/xml/XMLHttpRequest.cpp (203489 => 203490)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/xml/XMLHttpRequest.cpp 2016-07-21 06:09:56 UTC (rev 203489)
+++ trunk/Source/WebCore/xml/XMLHttpRequest.cpp 2016-07-21 06:12:13 UTC (rev 203490)
</span><span class="lines">@@ -710,7 +710,7 @@
</span><span class="cx"> options.preflightPolicy = uploadEvents ? ForcePreflight : ConsiderPreflight;
</span><span class="cx"> options.setAllowCredentials((m_sameOriginRequest || m_includeCredentials) ? AllowStoredCredentials : DoNotAllowStoredCredentials);
</span><span class="cx"> options.credentials = m_includeCredentials ? FetchOptions::Credentials::Include : FetchOptions::Credentials::SameOrigin;
</span><del>- options.crossOriginRequestPolicy = UseAccessControl;
</del><ins>+ options.mode = FetchOptions::Mode::Cors;
</ins><span class="cx"> options.contentSecurityPolicyEnforcement = scriptExecutionContext()->shouldBypassMainWorldContentSecurityPolicy() ? ContentSecurityPolicyEnforcement::DoNotEnforce : ContentSecurityPolicyEnforcement::EnforceConnectSrcDirective;
</span><span class="cx"> options.initiator = cachedResourceRequestInitiators().xmlhttprequest;
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>