<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"

"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />

<title>[206255] trunk</title>

</head>

<body>

<style type="text/css"><!--

#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }

#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }

#msg dt:after { content:':';}

#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }

#msg dl a { font-weight: bold}

#msg dl a:link    { color:#fc3; }

#msg dl a:active  { color:#ff0; }

#msg dl a:visited { color:#cc6; }

h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }

#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }

#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }

#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }

#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }

#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }

#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }

#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }

#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }

#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }

#logmsg pre { background: #eee; padding: 1em; }

#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}

#logmsg dl { margin: 0; }

#logmsg dt { font-weight: bold; }

#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }

#logmsg dd:before { content:'\00bb';}

#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }

#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }

#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }

#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }

#logmsg table th.Corner { text-align: left; }

#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }

#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }

#patch { width: 100%; }

#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}

#patch .propset h4, #patch .binary h4 {margin:0;}

#patch pre {padding:0;line-height:1.2em;margin:0;}

#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}

#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}

#patch span {display:block;padding:0 10px;}

#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}

#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}

#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}

#patch .lines, .info {color:#888;background:#fff;}

--></style>

<div id="msg">

<dl class="meta">

<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/206255">206255</a></dd>

<dt>Author</dt> <dd>commit-queue@webkit.org</dd>

<dt>Date</dt> <dd>2016-09-22 01:57:12 -0700 (Thu, 22 Sep 2016)</dd>

</dl>

<h3>Log Message</h3>

<pre>CachedResourceRequest should store a SecurityOrigin

https://bugs.webkit.org/show_bug.cgi?id=162258

Patch by Youenn Fablet &lt;youenn@apple.com&gt; on 2016-09-22

Reviewed by Sam Weinig.

Source/WebCore:

Test: http/tests/local/script-crossorigin-loads-file-scheme.html

Passing SecurityOrigin from loader clients to CachedResource through CachedResourceRequest.

This ensures that specific origin properties like universal access are well preserved.

* loader/DocumentThreadableLoader.cpp:

(WebCore::DocumentThreadableLoader::loadRequest): Set origin to the request.

* loader/cache/CachedResource.cpp:

(WebCore::CachedResource::CachedResource): Setting origin from the request.

Computing CORS state based on that origin.

(WebCore::CachedResource::load): Removing origin computation.

(WebCore::CachedResource::loadFrom): Ditto.

(WebCore::CachedResource::computeOrigin): Deleted.

* loader/cache/CachedResource.h:

* loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::updateCachedResourceWithCurrentRequest):

(WebCore::CachedResourceLoader::prepareFetch): Introduced to implement step 1 to 7 of https://fetch.spec.whatwg.org/#fetching.

(WebCore::CachedResourceLoader::requestResource):

* loader/cache/CachedResourceLoader.h:

* loader/cache/CachedResourceRequest.cpp:

(WebCore::CachedResourceRequest::setAsPotentiallyCrossOrigin): Storing origin.

* loader/cache/CachedResourceRequest.h:

(WebCore::CachedResourceRequest::setOrigin):

(WebCore::CachedResourceRequest::releaseOrigin):

(WebCore::CachedResourceRequest::origin):

LayoutTests:

Updated test to expect load even though CORS checks should fail as the document origin has universal access.

* http/tests/local/script-crossorigin-loads-fail-origin-expected.txt: Removed.

* http/tests/local/script-crossorigin-loads-file-scheme-expected.txt: Added.

* http/tests/local/script-crossorigin-loads-file-scheme.html: Renamed from LayoutTests/http/tests/local/script-crossorigin-loads-fail-origin.html.</pre>

<h3>Modified Paths</h3>

<ul>

<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>

<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>

<li><a href="#trunkSourceWebCoreloaderDocumentThreadableLoadercpp">trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp</a></li>

<li><a href="#trunkSourceWebCoreloadercacheCachedResourcecpp">trunk/Source/WebCore/loader/cache/CachedResource.cpp</a></li>

<li><a href="#trunkSourceWebCoreloadercacheCachedResourceh">trunk/Source/WebCore/loader/cache/CachedResource.h</a></li>

<li><a href="#trunkSourceWebCoreloadercacheCachedResourceLoadercpp">trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp</a></li>

<li><a href="#trunkSourceWebCoreloadercacheCachedResourceRequestcpp">trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp</a></li>

<li><a href="#trunkSourceWebCoreloadercacheCachedResourceRequesth">trunk/Source/WebCore/loader/cache/CachedResourceRequest.h</a></li>

</ul>

<h3>Added Paths</h3>

<ul>

<li><a href="#trunkLayoutTestshttptestslocalscriptcrossoriginloadsfileschemeexpectedtxt">trunk/LayoutTests/http/tests/local/script-crossorigin-loads-file-scheme-expected.txt</a></li>

<li><a href="#trunkLayoutTestshttptestslocalscriptcrossoriginloadsfileschemehtml">trunk/LayoutTests/http/tests/local/script-crossorigin-loads-file-scheme.html</a></li>

</ul>

<h3>Removed Paths</h3>

<ul>

<li><a href="#trunkLayoutTestshttptestslocalscriptcrossoriginloadsfailoriginexpectedtxt">trunk/LayoutTests/http/tests/local/script-crossorigin-loads-fail-origin-expected.txt</a></li>

<li><a href="#trunkLayoutTestshttptestslocalscriptcrossoriginloadsfailoriginhtml">trunk/LayoutTests/http/tests/local/script-crossorigin-loads-fail-origin.html</a></li>

</ul>

</div>

<div id="patch">

<h3>Diff</h3>

<a id="trunkLayoutTestsChangeLog"></a>

<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (206254 => 206255)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/LayoutTests/ChangeLog        2016-09-22 08:28:37 UTC (rev 206254)

+++ trunk/LayoutTests/ChangeLog        2016-09-22 08:57:12 UTC (rev 206255)

</span><span class="lines">@@ -1,3 +1,16 @@

</span><ins>+2016-09-22  Youenn Fablet  &lt;youenn@apple.com&gt;

+

+        CachedResourceRequest should store a SecurityOrigin

+        https://bugs.webkit.org/show_bug.cgi?id=162258

+

+        Reviewed by Sam Weinig.

+

+        Updated test to expect load even though CORS checks should fail as the document origin has universal access.

+

+        * http/tests/local/script-crossorigin-loads-fail-origin-expected.txt: Removed.

+        * http/tests/local/script-crossorigin-loads-file-scheme-expected.txt: Added.

+        * http/tests/local/script-crossorigin-loads-file-scheme.html: Renamed from LayoutTests/http/tests/local/script-crossorigin-loads-fail-origin.html.

+

</ins><span class="cx"> 2016-09-19  Sergio Villar Senin  &lt;svillar@igalia.com&gt;

</span><span class="cx"> 

</span><span class="cx">         [css-grid] Remove the x2 computation of row sizes with indefinite heights

</span></span></pre></div>

<a id="trunkLayoutTestshttptestslocalscriptcrossoriginloadsfailoriginexpectedtxt"></a>

<div class="delfile"><h4>Deleted: trunk/LayoutTests/http/tests/local/script-crossorigin-loads-fail-origin-expected.txt (206254 => 206255)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/LayoutTests/http/tests/local/script-crossorigin-loads-fail-origin-expected.txt        2016-09-22 08:28:37 UTC (rev 206254)

+++ trunk/LayoutTests/http/tests/local/script-crossorigin-loads-fail-origin-expected.txt        2016-09-22 08:57:12 UTC (rev 206255)

</span><span class="lines">@@ -1,5 +0,0 @@

<del>-CONSOLE MESSAGE: Origin  is not allowed by Access-Control-Allow-Origin.

-CONSOLE MESSAGE: Cross-origin script load denied by Cross-Origin Resource Sharing policy.

-This test fails if the script loads correctly.

-

-PASS

</del></span></pre></div>

<a id="trunkLayoutTestshttptestslocalscriptcrossoriginloadsfailoriginhtml"></a>

<div class="delfile"><h4>Deleted: trunk/LayoutTests/http/tests/local/script-crossorigin-loads-fail-origin.html (206254 => 206255)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/LayoutTests/http/tests/local/script-crossorigin-loads-fail-origin.html        2016-09-22 08:28:37 UTC (rev 206254)

+++ trunk/LayoutTests/http/tests/local/script-crossorigin-loads-fail-origin.html        2016-09-22 08:57:12 UTC (rev 206255)

</span><span class="lines">@@ -1,23 +0,0 @@

</span><del>-&lt;body&gt;

-&lt;p&gt;This test fails if the script loads correctly.&lt;/p&gt;

-&lt;pre&gt;&lt;/pre&gt;

-&lt;script&gt;

-if (window.testRunner) {

-    testRunner.dumpAsText();

-    testRunner.waitUntilDone();

-}

-

-function done(msg) {

-    document.querySelector(&quot;pre&quot;).innerHTML = msg;

-    if (window.testRunner)

-        testRunner.notifyDone();

-}

-

-var script = document.createElement(&quot;script&quot;);

-script.crossOrigin = &quot;use-credentials&quot;;

-// We are serving the test from the filesystem, so it should fail as authorized origin is 127.0.0.1:8000.

-script.src = &quot;http://localhost:8000/security/resources/cors-script.php?credentials=true&quot;;

-script.onload = function() { done(&quot;FAIL&quot;); }

-script.onerror = function() { done(&quot;PASS&quot;);}

-document.body.appendChild(script);

-&lt;/script&gt;

</del></span></pre></div>

<a id="trunkLayoutTestshttptestslocalscriptcrossoriginloadsfileschemeexpectedtxt"></a>

<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/local/script-crossorigin-loads-file-scheme-expected.txt (0 => 206255)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/LayoutTests/http/tests/local/script-crossorigin-loads-file-scheme-expected.txt                                (rev 0)

+++ trunk/LayoutTests/http/tests/local/script-crossorigin-loads-file-scheme-expected.txt        2016-09-22 08:57:12 UTC (rev 206255)

</span><span class="lines">@@ -0,0 +1,4 @@

<ins>+ALERT: script ran.

+This test passes if the script loads correctly.

+

+PASS

</ins></span></pre></div>

<a id="trunkLayoutTestshttptestslocalscriptcrossoriginloadsfileschemehtmlfromrev206254trunkLayoutTestshttptestslocalscriptcrossoriginloadsfailoriginhtml"></a>

<div class="copfile"><h4>Copied: trunk/LayoutTests/http/tests/local/script-crossorigin-loads-file-scheme.html (from rev 206254, trunk/LayoutTests/http/tests/local/script-crossorigin-loads-fail-origin.html) (0 => 206255)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/LayoutTests/http/tests/local/script-crossorigin-loads-file-scheme.html                                (rev 0)

+++ trunk/LayoutTests/http/tests/local/script-crossorigin-loads-file-scheme.html        2016-09-22 08:57:12 UTC (rev 206255)

</span><span class="lines">@@ -0,0 +1,24 @@

</span><ins>+&lt;body&gt;

+&lt;p&gt;This test passes if the script loads correctly.&lt;/p&gt;

+&lt;pre&gt;&lt;/pre&gt;

+&lt;script&gt;

+if (window.testRunner) {

+    testRunner.dumpAsText();

+    testRunner.waitUntilDone();

+}

+

+function done(msg) {

+    document.querySelector(&quot;pre&quot;).innerHTML = msg;

+    if (window.testRunner)

+        testRunner.notifyDone();

+}

+

+var script = document.createElement(&quot;script&quot;);

+script.crossOrigin = &quot;use-credentials&quot;;

+// We are serving the test from the filesystem and file URLs are granted universal access.

+// This bypasses CORS checks and will allow access to 127.0.0.1:8000.

+script.src = &quot;http://localhost:8000/security/resources/cors-script.php?credentials=true&quot;;

+script.onload = function() { done(&quot;PASS&quot;); }

+script.onerror = function() { done(&quot;FAIL&quot;);}

+document.body.appendChild(script);

+&lt;/script&gt;

</ins></span></pre></div>

<a id="trunkSourceWebCoreChangeLog"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (206254 => 206255)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebCore/ChangeLog        2016-09-22 08:28:37 UTC (rev 206254)

+++ trunk/Source/WebCore/ChangeLog        2016-09-22 08:57:12 UTC (rev 206255)

</span><span class="lines">@@ -1,5 +1,38 @@

</span><span class="cx"> 2016-09-22  Youenn Fablet  &lt;youenn@apple.com&gt;

</span><span class="cx"> 

</span><ins>+        CachedResourceRequest should store a SecurityOrigin

+        https://bugs.webkit.org/show_bug.cgi?id=162258

+

+        Reviewed by Sam Weinig.

+

+        Test: http/tests/local/script-crossorigin-loads-file-scheme.html

+

+        Passing SecurityOrigin from loader clients to CachedResource through CachedResourceRequest.

+        This ensures that specific origin properties like universal access are well preserved.

+

+        * loader/DocumentThreadableLoader.cpp:

+        (WebCore::DocumentThreadableLoader::loadRequest): Set origin to the request.

+        * loader/cache/CachedResource.cpp:

+        (WebCore::CachedResource::CachedResource): Setting origin from the request.

+        Computing CORS state based on that origin.

+        (WebCore::CachedResource::load): Removing origin computation.

+        (WebCore::CachedResource::loadFrom): Ditto.

+        (WebCore::CachedResource::computeOrigin): Deleted.

+        * loader/cache/CachedResource.h:

+        * loader/cache/CachedResourceLoader.cpp:

+        (WebCore::CachedResourceLoader::updateCachedResourceWithCurrentRequest):

+        (WebCore::CachedResourceLoader::prepareFetch): Introduced to implement step 1 to 7 of https://fetch.spec.whatwg.org/#fetching.

+        (WebCore::CachedResourceLoader::requestResource):

+        * loader/cache/CachedResourceLoader.h:

+        * loader/cache/CachedResourceRequest.cpp:

+        (WebCore::CachedResourceRequest::setAsPotentiallyCrossOrigin): Storing origin.

+        * loader/cache/CachedResourceRequest.h:

+        (WebCore::CachedResourceRequest::setOrigin):

+        (WebCore::CachedResourceRequest::releaseOrigin):

+        (WebCore::CachedResourceRequest::origin):

+

+2016-09-22  Youenn Fablet  &lt;youenn@apple.com&gt;

+

</ins><span class="cx">         Refactor ContentSecurityPolicy::allow* methods

</span><span class="cx">         https://bugs.webkit.org/show_bug.cgi?id=162335

</span><span class="cx"> 

</span></span></pre></div>

<a id="trunkSourceWebCoreloaderDocumentThreadableLoadercpp"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp (206254 => 206255)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp        2016-09-22 08:28:37 UTC (rev 206254)

+++ trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp        2016-09-22 08:57:12 UTC (rev 206255)

</span><span class="lines">@@ -370,6 +370,7 @@

</span><span class="cx">         if (RuntimeEnabledFeatures::sharedFeatures().resourceTimingEnabled())

</span><span class="cx">             newRequest.setInitiator(m_options.initiator);

</span><span class="cx">         newRequest.mutableResourceRequest().setAllowCookies(m_options.allowCredentials == AllowStoredCredentials);

</span><ins>+        newRequest.setOrigin(&amp;securityOrigin());

</ins><span class="cx"> 

</span><span class="cx">         ASSERT(!m_resource);

</span><span class="cx">         // We create an URL here as the request will be moved in requestRawResource

</span></span></pre></div>

<a id="trunkSourceWebCoreloadercacheCachedResourcecpp"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/cache/CachedResource.cpp (206254 => 206255)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebCore/loader/cache/CachedResource.cpp        2016-09-22 08:28:37 UTC (rev 206254)

+++ trunk/Source/WebCore/loader/cache/CachedResource.cpp        2016-09-22 08:57:12 UTC (rev 206255)

</span><span class="lines">@@ -121,6 +121,7 @@

</span><span class="cx">     , m_sessionID(sessionID)

</span><span class="cx">     , m_loadPriority(defaultPriorityForResourceType(type))

</span><span class="cx">     , m_responseTimestamp(std::chrono::system_clock::now())

</span><ins>+    , m_origin(request.releaseOrigin())

</ins><span class="cx">     , m_lastDecodedAccessTime(0)

</span><span class="cx">     , m_loadFinishTime(0)

</span><span class="cx">     , m_encodedSize(0)

</span><span class="lines">@@ -148,7 +149,14 @@

</span><span class="cx"> #ifndef NDEBUG

</span><span class="cx">     cachedResourceLeakCounter.increment();

</span><span class="cx"> #endif

<ins>+    // FIXME: We should have a better way of checking for Navigation loads, maybe FetchMode::Options::Navigate.

+    ASSERT(m_origin || m_type == CachedResource::MainResource);

</ins><span class="cx"> 

</span><ins>+    if (m_options.mode != FetchOptions::Mode::SameOrigin &amp;&amp; m_origin

+        &amp;&amp; !(m_resourceRequest.url().protocolIsData() &amp;&amp; m_options.sameOriginDataURLFlag == SameOriginDataURLFlag::Set)

+        &amp;&amp; !m_origin-&gt;canRequest(m_resourceRequest.url()))

+        setCrossOrigin();

+

</ins><span class="cx">     if (!m_resourceRequest.url().hasFragmentIdentifier())

</span><span class="cx">         return;

</span><span class="cx">     URL urlForCache = MemoryCache::removeFragmentIdentifierIfNeeded(m_resourceRequest.url());

</span><span class="lines">@@ -244,24 +252,6 @@

</span><span class="cx">     addAdditionalRequestHeadersToRequest(m_resourceRequest, loader, *this);

</span><span class="cx"> }

</span><span class="cx"> 

</span><del>-void CachedResource::computeOrigin(CachedResourceLoader&amp; loader)

-{

-    if (type() == MainResource)

-        return;

-

-    ASSERT(loader.document());

-    if (m_resourceRequest.hasHTTPOrigin())

-        m_origin = SecurityOrigin::createFromString(m_resourceRequest.httpOrigin());

-    else

-        m_origin = loader.document()-&gt;securityOrigin();

-    ASSERT(m_origin);

-

-    if (!(m_resourceRequest.url().protocolIsData() &amp;&amp; m_options.sameOriginDataURLFlag == SameOriginDataURLFlag::Set) &amp;&amp; !m_origin-&gt;canRequest(m_resourceRequest.url()))

-        setCrossOrigin();

-

-    addAdditionalRequestHeaders(loader);

-}

-

</del><span class="cx"> void CachedResource::load(CachedResourceLoader&amp; cachedResourceLoader)

</span><span class="cx"> {

</span><span class="cx">     if (!cachedResourceLoader.frame()) {

</span><span class="lines">@@ -330,7 +320,7 @@

</span><span class="cx"> #endif

</span><span class="cx">     m_resourceRequest.setPriority(loadPriority());

</span><span class="cx"> 

</span><del>-    computeOrigin(cachedResourceLoader);

</del><ins>+    addAdditionalRequestHeaders(cachedResourceLoader);

</ins><span class="cx"> 

<span class="cx">     // FIXME: It's unfortunate that the cache layer and below get to know anything about fragment identifiers.

<span class="cx">     // We should look into removing the expectation of that knowledge from the platform network stacks.

</span><span class="lines">@@ -352,14 +342,12 @@

</span><span class="cx">     m_status = Pending;

</span><span class="cx"> }

</span><span class="cx"> 

</span><del>-void CachedResource::loadFrom(const CachedResource&amp; resource, CachedResourceLoader&amp; cachedResourceLoader)

</del><ins>+void CachedResource::loadFrom(const CachedResource&amp; resource)

</ins><span class="cx"> {

</span><span class="cx">     ASSERT(url() == resource.url());

</span><span class="cx">     ASSERT(type() == resource.type());

</span><span class="cx">     ASSERT(resource.status() == Status::Cached);

</span><span class="cx"> 

</span><del>-    computeOrigin(cachedResourceLoader);

-

</del><span class="cx">     if (isCrossOrigin() &amp;&amp; m_options.mode == FetchOptions::Mode::Cors) {

</span><span class="cx">         ASSERT(m_origin);

</span><span class="cx">         String errorMessage;

</span></span></pre></div>

<a id="trunkSourceWebCoreloadercacheCachedResourceh"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/cache/CachedResource.h (206254 => 206255)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebCore/loader/cache/CachedResource.h        2016-09-22 08:28:37 UTC (rev 206254)

+++ trunk/Source/WebCore/loader/cache/CachedResource.h        2016-09-22 08:57:12 UTC (rev 206255)

</span><span class="lines">@@ -211,7 +211,7 @@

</span><span class="cx">     bool isClean() const;

</span><span class="cx">     ResourceResponse::Tainting responseTainting() const { return m_responseTainting; }

</span><span class="cx"> 

</span><del>-    void loadFrom(const CachedResource&amp;, CachedResourceLoader&amp;);

</del><ins>+    void loadFrom(const CachedResource&amp;);

</ins><span class="cx"> 

</span><span class="cx">     SecurityOrigin* origin() const { return m_origin.get(); }

</span><span class="cx"> 

</span><span class="lines">@@ -309,7 +309,6 @@

</span><span class="cx">     std::chrono::microseconds freshnessLifetime(const ResourceResponse&amp;) const;

</span><span class="cx"> 

</span><span class="cx">     void addAdditionalRequestHeaders(CachedResourceLoader&amp;);

</span><del>-    void computeOrigin(CachedResourceLoader&amp;);

</del><span class="cx">     void failBeforeStarting();

</span><span class="cx"> 

</span><span class="cx">     HashMap&lt;CachedResourceClient*, std::unique_ptr&lt;Callback&gt;&gt; m_clientsAwaitingCallback;

</span></span></pre></div>

<a id="trunkSourceWebCoreloadercacheCachedResourceLoadercpp"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp (206254 => 206255)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp        2016-09-22 08:28:37 UTC (rev 206254)

+++ trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp        2016-09-22 08:57:12 UTC (rev 206255)

</span><span class="lines">@@ -556,7 +556,7 @@

</span><span class="cx">     }

</span><span class="cx"> 

</span><span class="cx">     auto resourceHandle = createResource(resource.type(), WTFMove(request), sessionID());

</span><del>-    resourceHandle-&gt;loadFrom(resource, *this);

</del><ins>+    resourceHandle-&gt;loadFrom(resource);

</ins><span class="cx">     return resourceHandle;

</span><span class="cx"> }

</span><span class="cx"> 

</span><span class="lines">@@ -595,6 +595,9 @@

</span><span class="cx"> {

</span><span class="cx">     // Implementing step 1 to 7 of https://fetch.spec.whatwg.org/#fetching

</span><span class="cx"> 

</span><ins>+    if (!request.origin() &amp;&amp; document())

+        request.setOrigin(document()-&gt;securityOrigin());

+

</ins><span class="cx">     if (!request.resourceRequest().hasHTTPHeader(HTTPHeaderName::Accept))

</span><span class="cx">         request.mutableResourceRequest().setHTTPHeaderField(HTTPHeaderName::Accept, acceptHeaderValueFromType(type));

</span><span class="cx"> 

</span></span></pre></div>

<a id="trunkSourceWebCoreloadercacheCachedResourceRequestcpp"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp (206254 => 206255)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp        2016-09-22 08:28:37 UTC (rev 206254)

+++ trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp        2016-09-22 08:57:12 UTC (rev 206255)

</span><span class="lines">@@ -79,6 +79,10 @@

</span><span class="cx"> void CachedResourceRequest::setAsPotentiallyCrossOrigin(const String&amp; mode, Document&amp; document)

</span><span class="cx"> {

</span><span class="cx">     ASSERT(m_options.mode == FetchOptions::Mode::NoCors);

</span><ins>+    ASSERT(document.securityOrigin());

+

+    m_origin = document.securityOrigin();

+

</ins><span class="cx">     if (mode.isNull())

</span><span class="cx">         return;

</span><span class="cx">     m_options.mode = FetchOptions::Mode::Cors;

</span><span class="lines">@@ -85,7 +89,6 @@

</span><span class="cx">     m_options.credentials = equalLettersIgnoringASCIICase(mode, &quot;use-credentials&quot;) ? FetchOptions::Credentials::Include : FetchOptions::Credentials::SameOrigin;

</span><span class="cx">     m_options.allowCredentials = equalLettersIgnoringASCIICase(mode, &quot;use-credentials&quot;) ? AllowStoredCredentials : DoNotAllowStoredCredentials;

</span><span class="cx"> 

</span><del>-    ASSERT(document.securityOrigin());

</del><span class="cx">     updateRequestForAccessControl(m_resourceRequest, *document.securityOrigin(), m_options.allowCredentials);

</span><span class="cx"> }

</span><span class="cx"> 

</span></span></pre></div>

<a id="trunkSourceWebCoreloadercacheCachedResourceRequesth"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/cache/CachedResourceRequest.h (206254 => 206255)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebCore/loader/cache/CachedResourceRequest.h        2016-09-22 08:28:37 UTC (rev 206254)

+++ trunk/Source/WebCore/loader/cache/CachedResourceRequest.h        2016-09-22 08:57:12 UTC (rev 206255)

</span><span class="lines">@@ -31,6 +31,7 @@

</span><span class="cx"> #include &quot;ResourceLoadPriority.h&quot;

</span><span class="cx"> #include &quot;ResourceLoaderOptions.h&quot;

</span><span class="cx"> #include &quot;ResourceRequest.h&quot;

</span><ins>+#include &quot;SecurityOrigin.h&quot;

</ins><span class="cx"> #include &lt;wtf/RefPtr.h&gt;

</span><span class="cx"> #include &lt;wtf/text/AtomicString.h&gt;

</span><span class="cx"> 

</span><span class="lines">@@ -62,6 +63,9 @@

</span><span class="cx">     void setCachingPolicy(CachingPolicy policy) { m_options.cachingPolicy = policy; }

</span><span class="cx"> 

</span><span class="cx">     void setAsPotentiallyCrossOrigin(const String&amp;, Document&amp;);

</span><ins>+    void setOrigin(RefPtr&lt;SecurityOrigin&gt;&amp;&amp; origin) { ASSERT(!m_origin); m_origin = WTFMove(origin); }

+    RefPtr&lt;SecurityOrigin&gt; releaseOrigin() { return WTFMove(m_origin); }

+    SecurityOrigin* origin() const { return m_origin.get(); }

</ins><span class="cx"> 

</span><span class="cx"> private:

</span><span class="cx">     ResourceRequest m_resourceRequest;

</span><span class="lines">@@ -72,6 +76,7 @@

</span><span class="cx">     DeferOption m_defer;

</span><span class="cx">     RefPtr&lt;Element&gt; m_initiatorElement;

</span><span class="cx">     AtomicString m_initiatorName;

</span><ins>+    RefPtr&lt;SecurityOrigin&gt; m_origin;

</ins><span class="cx"> };

</span><span class="cx"> 

</span><span class="cx"> } // namespace WebCore

</span></span></pre>

</div>

</div>

</body>

</html>