Two changes for comments cleanup.
1) fixup comments which is stale for NeedsPreflight interface There are some stale comments in services/network/cors/cors_url_loader.cc. Some existing comments assume `NeedsPreflight` returns a boolean value, but now it's absl::optional<PreflightRequiredReason>. 2) replace "|" in comment into "`" for services/network/cors/* |foo| style quotes are still used in services/network/cors/* Now `foo` is preferable. Bug: 1272047 Change-Id: I19643fcac94b6b75cf1141d954a767b3554382a2 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3291099 Commit-Queue: Jack J <jxck@chromium.org> Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org> Cr-Commit-Position: refs/heads/main@{#944880}
This commit is contained in:
@ -164,9 +164,9 @@ mojom::FetchResponseType CalculateResponseTainting(
|
||||
|
||||
// OriginAccessList is in practice used to disable CORS for Chrome Extensions.
|
||||
// The extension origin can be found in either:
|
||||
// 1) |isolated_world_origin| (if this is a request from a content
|
||||
// 1) `isolated_world_origin` (if this is a request from a content
|
||||
// script; in this case there is no point looking at (2) below.
|
||||
// 2) |origin| (if this is a request from an extension
|
||||
// 2) `origin` (if this is a request from an extension
|
||||
// background page or from other extension frames).
|
||||
//
|
||||
// Note that similar code is present in OriginAccessList::CheckAccessState.
|
||||
@ -199,16 +199,16 @@ absl::optional<CorsErrorStatus> CheckRedirectLocation(
|
||||
const absl::optional<url::Origin>& origin,
|
||||
bool cors_flag,
|
||||
bool tainted) {
|
||||
// If |actualResponse|’s location URL’s scheme is not an HTTP(S) scheme,
|
||||
// If `actualResponse`’s location URL’s scheme is not an HTTP(S) scheme,
|
||||
// then return a network error.
|
||||
// This should be addressed in //net.
|
||||
|
||||
// Note: The redirect count check is done elsewhere.
|
||||
|
||||
const bool url_has_credentials = url.has_username() || url.has_password();
|
||||
// If |request|’s mode is "cors", |actualResponse|’s location URL includes
|
||||
// credentials, and either |request|’s tainted origin flag is set or
|
||||
// |request|’s origin is not same origin with |actualResponse|’s location
|
||||
// If `request`’s mode is "cors", `actualResponse`’s location URL includes
|
||||
// credentials, and either `request`’s tainted origin flag is set or
|
||||
// `request`’s origin is not same origin with `actualResponse`’s location
|
||||
// URL’s origin, then return a network error.
|
||||
DCHECK(!IsCorsEnabledRequestMode(request_mode) || origin);
|
||||
if (IsCorsEnabledRequestMode(request_mode) && url_has_credentials &&
|
||||
@ -216,7 +216,7 @@ absl::optional<CorsErrorStatus> CheckRedirectLocation(
|
||||
return CorsErrorStatus(mojom::CorsError::kRedirectContainsCredentials);
|
||||
}
|
||||
|
||||
// If CORS flag is set and |actualResponse|’s location URL includes
|
||||
// If CORS flag is set and `actualResponse`’s location URL includes
|
||||
// credentials, then return a network error.
|
||||
if (cors_flag && url_has_credentials)
|
||||
return CorsErrorStatus(mojom::CorsError::kRedirectContainsCredentials);
|
||||
@ -316,7 +316,7 @@ CorsURLLoader::CorsURLLoader(
|
||||
|
||||
CorsURLLoader::~CorsURLLoader() {
|
||||
// Reset pipes first to ignore possible subsequent callback invocations
|
||||
// caused by |network_loader_|
|
||||
// caused by `network_loader_`
|
||||
network_client_receiver_.reset();
|
||||
}
|
||||
|
||||
@ -373,7 +373,7 @@ void CorsURLLoader::FollowRedirect(
|
||||
return;
|
||||
}
|
||||
|
||||
// Does not allow modifying headers that are stored in |cors_exempt_headers|.
|
||||
// Does not allow modifying headers that are stored in `cors_exempt_headers`.
|
||||
for (const auto& header : modified_headers.GetHeaderVector()) {
|
||||
if (request_.cors_exempt_headers.HasHeader(header.key)) {
|
||||
LOG(WARNING) << "A client is trying to modify header value for '"
|
||||
@ -428,12 +428,12 @@ void CorsURLLoader::FollowRedirect(
|
||||
const bool original_fetch_cors_flag = fetch_cors_flag_;
|
||||
SetCorsFlagIfNeeded();
|
||||
|
||||
// We cannot use FollowRedirect for a request with preflight (i.e., when both
|
||||
// |fetch_cors_flag_| and |NeedsPreflight(request_)| are true).
|
||||
// We cannot use FollowRedirect for a request with preflight (i.e., when
|
||||
// `fetch_cors_flag_` is true and `NeedsPreflight(request_)` is not nullopt).
|
||||
//
|
||||
// When |original_fetch_cors_flag| is false, |fetch_cors_flag_| is true and
|
||||
// |NeedsPreflight(request)| is false, the net/ implementation won't attach an
|
||||
// "origin" header on redirect, as the original request didn't have one.
|
||||
// When `original_fetch_cors_flag` is false, `fetch_cors_flag_` is true and
|
||||
// `NeedsPreflight(request)` is nullopt, the net/ implementation won't attach
|
||||
// an "origin" header on redirect, as the original request didn't have one.
|
||||
//
|
||||
// When the request method is changed (due to 302 status code, for example),
|
||||
// the net/ implementation removes the origin header.
|
||||
@ -526,7 +526,7 @@ void CorsURLLoader::OnReceiveRedirect(const net::RedirectInfo& redirect_info,
|
||||
DCHECK(forwarding_client_);
|
||||
DCHECK(!deferred_redirect_url_);
|
||||
|
||||
// If |CORS flag| is set and a CORS check for |request| and |response| returns
|
||||
// If `CORS flag` is set and a CORS check for `request` and `response` returns
|
||||
// failure, then return a network error.
|
||||
if (fetch_cors_flag_ && IsCorsEnabledRequestMode(request_.mode)) {
|
||||
const auto error_status = CheckAccessAndReportMetrics(
|
||||
@ -557,8 +557,8 @@ void CorsURLLoader::OnReceiveRedirect(const net::RedirectInfo& redirect_info,
|
||||
// implement some logic in
|
||||
// https://fetch.spec.whatwg.org/#http-redirect-fetch here.
|
||||
|
||||
// If |request|’s redirect count is twenty, return a network error.
|
||||
// Increase |request|’s redirect count by one.
|
||||
// If `request`’s redirect count is twenty, return a network error.
|
||||
// Increase `request`’s redirect count by one.
|
||||
if (redirect_count_++ == 20) {
|
||||
HandleComplete(URLLoaderCompletionStatus(net::ERR_TOO_MANY_REDIRECTS));
|
||||
return;
|
||||
@ -572,17 +572,17 @@ void CorsURLLoader::OnReceiveRedirect(const net::RedirectInfo& redirect_info,
|
||||
return;
|
||||
}
|
||||
|
||||
// If |actualResponse|’s status is not 303, |request|’s body is non-null, and
|
||||
// |request|’s body’s source is null, then return a network error.
|
||||
// If `actualResponse`’s status is not 303, `request`’s body is non-null, and
|
||||
// `request`’s body’s source is null, then return a network error.
|
||||
if (redirect_info.status_code != net::HTTP_SEE_OTHER &&
|
||||
network::URLLoader::HasFetchStreamingUploadBody(&request_)) {
|
||||
HandleComplete(URLLoaderCompletionStatus(net::ERR_INVALID_ARGUMENT));
|
||||
return;
|
||||
}
|
||||
|
||||
// If |actualResponse|’s location URL’s origin is not same origin with
|
||||
// |request|’s current url’s origin and |request|’s origin is not same origin
|
||||
// with |request|’s current url’s origin, then set |request|’s tainted origin
|
||||
// If `actualResponse`’s location URL’s origin is not same origin with
|
||||
// `request`’s current url’s origin and `request`’s origin is not same origin
|
||||
// with `request`’s current url’s origin, then set `request`’s tainted origin
|
||||
// flag.
|
||||
if (request_.request_initiator &&
|
||||
(!url::Origin::Create(redirect_info.new_url)
|
||||
@ -593,8 +593,8 @@ void CorsURLLoader::OnReceiveRedirect(const net::RedirectInfo& redirect_info,
|
||||
}
|
||||
|
||||
// TODO(crbug.com/1073353): Implement the following:
|
||||
// If either |actualResponse|’s status is 301 or 302 and |request|’s method is
|
||||
// `POST`, or |actualResponse|’s status is 303, set |request|’s method to
|
||||
// If either `actualResponse`’s status is 301 or 302 and `request`’s method is
|
||||
// `POST`, or `actualResponse`’s status is 303, set `request`’s method to
|
||||
// `GET` and request’s body to null, and remove request-body-header name from
|
||||
// request's headers. Some of them are implemented in //net, but when we
|
||||
// create another request on exceptional redirect cases, such newly created
|
||||
@ -603,8 +603,8 @@ void CorsURLLoader::OnReceiveRedirect(const net::RedirectInfo& redirect_info,
|
||||
// (https://fetch.spec.whatwg.org/#http-redirect-fetch), step 11.
|
||||
|
||||
// TODO(crbug.com/1073353): Implement the following:
|
||||
// Invoke |set request’s referrer policy on redirect| on |request| and
|
||||
// |actualResponse|. See 4.4. HTTP-redirect fetch
|
||||
// Invoke `set request’s referrer policy on redirect` on `request` and
|
||||
// `actualResponse`. See 4.4. HTTP-redirect fetch
|
||||
// (https://fetch.spec.whatwg.org/#http-redirect-fetch), step 14.
|
||||
|
||||
redirect_info_ = redirect_info;
|
||||
@ -656,7 +656,7 @@ void CorsURLLoader::OnComplete(const URLLoaderCompletionStatus& status) {
|
||||
DCHECK(network_loader_);
|
||||
DCHECK(forwarding_client_);
|
||||
|
||||
// |network_loader_| will call OnComplete at anytime when a problem happens
|
||||
// `network_loader_` will call OnComplete at anytime when a problem happens
|
||||
// inside the URLLoader, e.g. on URLLoader::OnMojoDisconnect call. We need
|
||||
// to expect it also happens even during redirect handling.
|
||||
DCHECK(!deferred_redirect_url_ || status.error_code != net::OK);
|
||||
@ -672,10 +672,10 @@ void CorsURLLoader::StartRequest() {
|
||||
return;
|
||||
}
|
||||
|
||||
// If the |CORS flag| is set, |httpRequest|’s method is neither `GET` nor
|
||||
// `HEAD`, or |httpRequest|’s mode is "websocket", then append
|
||||
// `Origin`/the result of serializing a request origin with |httpRequest|, to
|
||||
// |httpRequest|’s header list.
|
||||
// If the `CORS flag` is set, `httpRequest`’s method is neither `GET` nor
|
||||
// `HEAD`, or `httpRequest`’s mode is "websocket", then append
|
||||
// `Origin`/the result of serializing a request origin with `httpRequest`, to
|
||||
// `httpRequest`’s header list.
|
||||
//
|
||||
// We exclude navigation requests to keep the existing behavior.
|
||||
// TODO(yhirano): Reconsider this.
|
||||
|
@ -34,7 +34,7 @@ class OriginAccessList;
|
||||
// Wrapper class that adds cross-origin resource sharing capabilities
|
||||
// (https://fetch.spec.whatwg.org/#http-cors-protocol), delegating requests as
|
||||
// well as potential preflight requests to the supplied
|
||||
// |network_loader_factory|. It is owned by the CorsURLLoaderFactory that
|
||||
// `network_loader_factory`. It is owned by the CorsURLLoaderFactory that
|
||||
// created it.
|
||||
class COMPONENT_EXPORT(NETWORK_SERVICE) CorsURLLoader
|
||||
: public mojom::URLLoader,
|
||||
@ -134,7 +134,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) CorsURLLoader
|
||||
void SetCorsFlagIfNeeded();
|
||||
|
||||
// Returns true if request's origin has special access to the destination URL
|
||||
// (via |origin_access_list_|).
|
||||
// (via `origin_access_list_`).
|
||||
bool HasSpecialAccessToDestination() const;
|
||||
|
||||
bool PassesTimingAllowOriginCheck(
|
||||
@ -156,14 +156,14 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) CorsURLLoader
|
||||
// This raw URLLoaderFactory pointer is shared with the CorsURLLoaderFactory
|
||||
// that created and owns this object.
|
||||
mojom::URLLoaderFactory* network_loader_factory_;
|
||||
// This has the same lifetime as |network_loader_factory_|, and should be used
|
||||
// This has the same lifetime as `network_loader_factory_`, and should be used
|
||||
// when non-null to create optimized URLLoaders which can call URLLoaderClient
|
||||
// methods synchronously.
|
||||
URLLoaderFactory* sync_network_loader_factory_;
|
||||
|
||||
// For the actual request.
|
||||
mojo::Remote<mojom::URLLoader> network_loader_;
|
||||
// |sync_client_receiver_factory_| should be invalidated if this is ever
|
||||
// `sync_client_receiver_factory_` should be invalidated if this is ever
|
||||
// reset.
|
||||
mojo::Receiver<mojom::URLLoaderClient> network_client_receiver_{this};
|
||||
ResourceRequest request_;
|
||||
@ -202,7 +202,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) CorsURLLoader
|
||||
// We need to save this for redirect.
|
||||
net::MutableNetworkTrafficAnnotationTag traffic_annotation_;
|
||||
|
||||
// Outlives |this|.
|
||||
// Outlives `this`.
|
||||
const OriginAccessList* const origin_access_list_;
|
||||
PreflightController* preflight_controller_;
|
||||
const base::flat_set<std::string>* allowed_exempt_headers_;
|
||||
@ -250,7 +250,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) CorsURLLoader
|
||||
|
||||
// Used to provide weak pointers of this class for synchronously calling
|
||||
// URLLoaderClient methods. This should be reset any time
|
||||
// |network_client_receiver_| is reset.
|
||||
// `network_client_receiver_` is reset.
|
||||
base::WeakPtrFactory<CorsURLLoader> sync_client_receiver_factory_{this};
|
||||
|
||||
// Used to run asynchronous class instance bound callbacks safely.
|
||||
|
@ -343,7 +343,7 @@ bool CorsURLLoaderFactory::IsValidCorsExemptHeaders(
|
||||
allowed_exempt_headers.end()) {
|
||||
continue;
|
||||
}
|
||||
LOG(WARNING) << "|cors_exempt_headers| contains unexpected key: "
|
||||
LOG(WARNING) << "`cors_exempt_headers` contains unexpected key: "
|
||||
<< header.value;
|
||||
return false;
|
||||
}
|
||||
@ -357,8 +357,8 @@ bool CorsURLLoaderFactory::IsValidRequest(const ResourceRequest& request,
|
||||
if (!request.request_initiator &&
|
||||
request.mode != network::mojom::RequestMode::kNavigate &&
|
||||
request.mode != mojom::RequestMode::kNoCors) {
|
||||
LOG(WARNING) << "|mode| is " << request.mode
|
||||
<< ", but |request_initiator| is not set.";
|
||||
LOG(WARNING) << "`mode` is " << request.mode
|
||||
<< ", but `request_initiator` is not set.";
|
||||
mojo::ReportBadMessage("CorsURLLoaderFactory: cors without initiator");
|
||||
return false;
|
||||
}
|
||||
@ -492,7 +492,7 @@ bool CorsURLLoaderFactory::IsValidRequest(const ResourceRequest& request,
|
||||
break;
|
||||
|
||||
case InitiatorLockCompatibility::kNoLock:
|
||||
// |request_initiator_origin_lock| should always be set in a
|
||||
// `request_initiator_origin_lock` should always be set in a
|
||||
// URLLoaderFactory vended to a renderer process. See also
|
||||
// https://crbug.com/1114906.
|
||||
NOTREACHED();
|
||||
@ -538,7 +538,7 @@ bool CorsURLLoaderFactory::IsValidRequest(const ResourceRequest& request,
|
||||
return false;
|
||||
}
|
||||
|
||||
// We only support |kInclude| credentials mode with navigations. See also:
|
||||
// We only support `kInclude` credentials mode with navigations. See also:
|
||||
// a note at https://fetch.spec.whatwg.org/#concept-request-credentials-mode.
|
||||
if (request.credentials_mode != mojom::CredentialsMode::kInclude &&
|
||||
request.mode == network::mojom::RequestMode::kNavigate) {
|
||||
@ -566,7 +566,7 @@ bool CorsURLLoaderFactory::IsValidRequest(const ResourceRequest& request,
|
||||
}
|
||||
|
||||
if (!net::HttpUtil::IsToken(request.method)) {
|
||||
// Callers are expected to ensure that |method| follows RFC 7230.
|
||||
// Callers are expected to ensure that `method` follows RFC 7230.
|
||||
mojo::ReportBadMessage(
|
||||
"CorsURLLoaderFactory: invalid characters in method");
|
||||
return false;
|
||||
|
@ -44,12 +44,12 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) CorsURLLoaderFactory final
|
||||
allow_external_preflights_for_testing_ = allow;
|
||||
}
|
||||
|
||||
// Check if members in |headers| are permitted by |allowed_exempt_headers|.
|
||||
// Check if members in `headers` are permitted by `allowed_exempt_headers`.
|
||||
static bool IsValidCorsExemptHeaders(
|
||||
const base::flat_set<std::string>& allowed_exempt_headers,
|
||||
const net::HttpRequestHeaders& headers);
|
||||
|
||||
// |origin_access_list| should always outlive this factory instance.
|
||||
// `origin_access_list` should always outlive this factory instance.
|
||||
// Used by network::NetworkContext.
|
||||
CorsURLLoaderFactory(
|
||||
NetworkContext* context,
|
||||
@ -106,11 +106,11 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) CorsURLLoaderFactory final
|
||||
mojo::ReceiverSet<mojom::URLLoaderFactory> receivers_;
|
||||
|
||||
// Used when constructed by NetworkContext.
|
||||
// The NetworkContext owns |this|.
|
||||
// The NetworkContext owns `this`.
|
||||
NetworkContext* const context_ = nullptr;
|
||||
scoped_refptr<ResourceSchedulerClient> resource_scheduler_client_;
|
||||
|
||||
// If false, ResourceRequests cannot have their |trusted_params| fields set.
|
||||
// If false, ResourceRequests cannot have their `trusted_params` fields set.
|
||||
bool is_trusted_;
|
||||
|
||||
// Retained from URLLoaderFactoryParams:
|
||||
@ -126,7 +126,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) CorsURLLoaderFactory final
|
||||
const absl::optional<mojom::PrivateNetworkRequestPolicy>
|
||||
private_network_request_policy_;
|
||||
|
||||
// Relative order of |network_loader_factory_| and |loaders_| matters -
|
||||
// Relative order of `network_loader_factory_` and `loaders_` matters -
|
||||
// URLLoaderFactory needs to live longer than URLLoaders created using the
|
||||
// factory. See also https://crbug.com/906305.
|
||||
std::unique_ptr<network::URLLoaderFactory> network_loader_factory_;
|
||||
@ -137,7 +137,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) CorsURLLoaderFactory final
|
||||
std::set<std::unique_ptr<mojom::URLLoader>, base::UniquePtrComparator>
|
||||
loaders_;
|
||||
|
||||
// Accessed by instances in |loaders_| too. Since the factory outlives them,
|
||||
// Accessed by instances in `loaders_` too. Since the factory outlives them,
|
||||
// it's safe.
|
||||
const OriginAccessList* const origin_access_list_;
|
||||
|
||||
|
@ -145,10 +145,10 @@ TEST_F(CorsURLLoaderFactoryTest, DestructionOrder) {
|
||||
request.url = url;
|
||||
request.request_initiator = url::Origin::Create(url);
|
||||
|
||||
// As of r609458 setting |keepalive| to true was triggerring a dereference of
|
||||
// |factory_params_| in the destructor of network::URLLoader. This
|
||||
// As of r609458 setting `keepalive` to true was triggerring a dereference of
|
||||
// `factory_params_` in the destructor of network::URLLoader. This
|
||||
// dereference assumes that the network::URLLoaderFactory (which keeps
|
||||
// |factory_params_| alive) lives longer than the network::URLLoaders created
|
||||
// `factory_params_` alive) lives longer than the network::URLLoaders created
|
||||
// via the factory (which necessitates being careful with the destruction
|
||||
// order of fields of network::cors::CorsURLLoaderFactory which owns both
|
||||
// network::URLLoaderFactory and the network::URLLoaders it creates).
|
||||
@ -175,7 +175,7 @@ TEST_F(CorsURLLoaderFactoryTest, CleanupWithSharedCacheObjectInUse) {
|
||||
test_cors_loader_clients().back()->RunUntilResponseReceived();
|
||||
|
||||
// Read only requests will fail synchonously on destruction of the request
|
||||
// they're waiting on if they're in the |done_headers_queue| when the other
|
||||
// they're waiting on if they're in the `done_headers_queue` when the other
|
||||
// request fails. Make a large number of such requests, spin the message loop
|
||||
// so they end up blocked on the hung request, and then destroy all loads. A
|
||||
// large number of loaders is needed because they're stored in a set, indexed
|
||||
|
@ -646,7 +646,7 @@ TEST_F(CorsURLLoaderTest, SameOriginWithoutInitiator) {
|
||||
TEST_F(CorsURLLoaderTest, NoCorsWithoutInitiator) {
|
||||
// This test needs to simulate a factory used from the browser process,
|
||||
// because only the browser process may start requests with no
|
||||
// |request_initiator|. A renderer process would have run into NOTREACHED and
|
||||
// `request_initiator`. A renderer process would have run into NOTREACHED and
|
||||
// mojo::ReportBadMessage via InitiatorLockCompatibility::kNoInitiator case in
|
||||
// CorsURLLoaderFactory::IsValidRequest.
|
||||
ResetFactory(absl::nullopt /* initiator */, mojom::kBrowserProcessId);
|
||||
@ -1694,7 +1694,7 @@ TEST_F(CorsURLLoaderTest, OriginAccessList_IsolatedWorldOrigin_Redirect) {
|
||||
const url::Origin isolated_world_origin =
|
||||
url::Origin::Create(GURL("http://isolated-world.example.com"));
|
||||
const GURL url("http://other.example.com/foo.png");
|
||||
// |new_url| is same-origin as |url| to avoid tainting the response
|
||||
// `new_url` is same-origin as `url` to avoid tainting the response
|
||||
// in CorsURLLoader::OnReceiveRedirect.
|
||||
const GURL new_url("http://other.example.com/bar.png");
|
||||
|
||||
@ -2264,7 +2264,7 @@ TEST_F(CorsURLLoaderTest, SetProxyAuthorizationHeaderOnRedirectFails) {
|
||||
TEST_F(CorsURLLoaderTest, SameOriginCredentialsModeWithoutInitiator) {
|
||||
// This test needs to simulate a factory used from the browser process,
|
||||
// because only the browser process may start requests with no
|
||||
// |request_initiator|. A renderer process would have run into NOTREACHED and
|
||||
// `request_initiator`. A renderer process would have run into NOTREACHED and
|
||||
// mojo::ReportBadMessage via InitiatorLockCompatibility::kNoInitiator case in
|
||||
// CorsURLLoaderFactory::IsValidRequest.
|
||||
ResetFactory(absl::nullopt /* initiator */, mojom::kBrowserProcessId);
|
||||
@ -2337,7 +2337,7 @@ TEST_F(CorsURLLoaderTest, OmitCredentialsModeOnNavigation) {
|
||||
"CorsURLLoaderFactory: unsupported credentials mode on navigation"));
|
||||
}
|
||||
|
||||
// Make sure than when a request is failed due to having |trusted_params| set
|
||||
// Make sure than when a request is failed due to having `trusted_params` set
|
||||
// and being sent to an untrusted URLLoaderFactory, no CORS request is made.
|
||||
TEST_F(CorsURLLoaderTest, TrustedParamsWithUntrustedFactoryFailsBeforeCORS) {
|
||||
url::Origin initiator = url::Origin::Create(GURL("https://example.com"));
|
||||
@ -2410,7 +2410,7 @@ TEST_F(CorsURLLoaderTest, RestrictedPrefetchSucceedsWithNIK) {
|
||||
request.load_flags |= net::LOAD_RESTRICTED_PREFETCH;
|
||||
request.trusted_params = ResourceRequest::TrustedParams();
|
||||
|
||||
// Fill up the |trusted_params| NetworkIsolationKey member.
|
||||
// Fill up the `trusted_params` NetworkIsolationKey member.
|
||||
url::Origin request_origin = url::Origin::Create(request.url);
|
||||
request.trusted_params->isolation_info = net::IsolationInfo::Create(
|
||||
net::IsolationInfo::RequestType::kOther, request_origin, request_origin,
|
||||
@ -2435,7 +2435,7 @@ TEST_F(CorsURLLoaderTest, RestrictedPrefetchSucceedsWithNIK) {
|
||||
// Test that when a request has LOAD_RESTRICTED_PREFETCH but no
|
||||
// NetworkIsolationKey, CorsURLLoaderFactory rejects the request. This is
|
||||
// because the LOAD_RESTRICTED_PREFETCH flag must only appear on requests that
|
||||
// make use of their TrustedParams' |isolation_info|.
|
||||
// make use of their TrustedParams' `isolation_info`.
|
||||
TEST_F(CorsURLLoaderTest, RestrictedPrefetchFailsWithoutNIK) {
|
||||
url::Origin initiator = url::Origin::Create(GURL("https://example.com"));
|
||||
|
||||
|
@ -76,7 +76,7 @@ void PreflightCache::AppendEntry(
|
||||
std::unique_ptr<PreflightResult> preflight_result) {
|
||||
DCHECK(preflight_result);
|
||||
|
||||
// Do not cache |preflight_result| if |url| is too long.
|
||||
// Do not cache `preflight_result` if `url` is too long.
|
||||
const std::string url_spec = url.spec();
|
||||
if (url_spec.length() >= kMaxKeyLength)
|
||||
return;
|
||||
@ -114,7 +114,7 @@ bool PreflightCache::CheckIfRequestCanSkipPreflight(
|
||||
|
||||
// Check if the entry is still valid.
|
||||
if (!cache_entry->second->IsExpired()) {
|
||||
// Both |origin| and |url| are in cache. Check if the entry is sufficient to
|
||||
// Both `origin` and `url` are in cache. Check if the entry is sufficient to
|
||||
// skip CORS-preflight.
|
||||
if (cache_entry->second->EnsureAllowedRequest(
|
||||
credentials_mode, method, request_headers, is_revalidating,
|
||||
|
@ -40,8 +40,8 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) PreflightCache final {
|
||||
|
||||
~PreflightCache();
|
||||
|
||||
// Appends new |preflight_result| entry to the cache for a specified |origin|
|
||||
// and |url|.
|
||||
// Appends new `preflight_result` entry to the cache for a specified `origin`
|
||||
// and `url`.
|
||||
void AppendEntry(const url::Origin& origin,
|
||||
const GURL& url,
|
||||
const net::NetworkIsolationKey& network_isolation_key,
|
||||
@ -62,7 +62,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) PreflightCache final {
|
||||
// Counts cached entries for testing.
|
||||
size_t CountEntriesForTesting() const;
|
||||
|
||||
// Purges one cache entry if number of entries is larger than |max_entries|
|
||||
// Purges one cache entry if number of entries is larger than `max_entries`
|
||||
// for testing.
|
||||
void MayPurgeForTesting(size_t max_entries, size_t purge_unit);
|
||||
|
||||
|
@ -158,10 +158,10 @@ std::unique_ptr<ResourceRequest> CreatePreflightRequest(
|
||||
preflight_request->headers.SetHeader("Sec-Fetch-Mode", "cors");
|
||||
|
||||
if (devtools_request_id) {
|
||||
// Set |enable_load_timing| flag to make URLLoader fill the LoadTimingInfo
|
||||
// Set `enable_load_timing` flag to make URLLoader fill the LoadTimingInfo
|
||||
// in URLResponseHead, which will be sent to DevTools.
|
||||
preflight_request->enable_load_timing = true;
|
||||
// Set |devtools_request_id| to make URLLoader send the raw request and the
|
||||
// Set `devtools_request_id` to make URLLoader send the raw request and the
|
||||
// raw response to DevTools.
|
||||
preflight_request->devtools_request_id = devtools_request_id->ToString();
|
||||
}
|
||||
@ -187,7 +187,7 @@ std::unique_ptr<ResourceRequest> CreatePreflightRequest(
|
||||
|
||||
// Performs a CORS access check on the CORS-preflight response parameters.
|
||||
// According to the note at https://fetch.spec.whatwg.org/#cors-preflight-fetch
|
||||
// step 6, even for a preflight check, |credentials_mode| should be checked on
|
||||
// step 6, even for a preflight check, `credentials_mode` should be checked on
|
||||
// the actual request rather than preflight one.
|
||||
absl::optional<CorsErrorStatus> CheckPreflightAccess(
|
||||
const GURL& response_url,
|
||||
@ -422,7 +422,7 @@ class PreflightController::PreflightLoader final {
|
||||
false);
|
||||
|
||||
RemoveFromController();
|
||||
// |this| is deleted here.
|
||||
// `this` is deleted here.
|
||||
}
|
||||
|
||||
void HandleResponseHeader(const GURL& final_url,
|
||||
@ -448,7 +448,7 @@ class PreflightController::PreflightLoader final {
|
||||
net_log_.AddEvent(net::NetLogEventType::CORS_PREFLIGHT_RESULT,
|
||||
[&result] { return result->NetLogParams(); });
|
||||
|
||||
// Preflight succeeded. Check |original_request_| with |result|.
|
||||
// Preflight succeeded. Check `original_request_` with `result`.
|
||||
DCHECK(!detected_error_status);
|
||||
detected_error_status =
|
||||
CheckPreflightResult(result.get(), original_request_,
|
||||
@ -494,10 +494,10 @@ class PreflightController::PreflightLoader final {
|
||||
}
|
||||
|
||||
RemoveFromController();
|
||||
// |this| is deleted here.
|
||||
// `this` is deleted here.
|
||||
}
|
||||
|
||||
// Removes |this| instance from |controller_|. Once the method returns, |this|
|
||||
// Removes `this` instance from `controller_`. Once the method returns, `this`
|
||||
// is already removed.
|
||||
void RemoveFromController() { controller_->RemoveLoader(this); }
|
||||
|
||||
|
@ -46,7 +46,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) PreflightController final {
|
||||
using EnforcePrivateNetworkAccessHeader =
|
||||
base::StrongAlias<class EnforcePrivateNetworkAccessHeaderTag, bool>;
|
||||
|
||||
// Creates a CORS-preflight ResourceRequest for a specified |request| for a
|
||||
// Creates a CORS-preflight ResourceRequest for a specified `request` for a
|
||||
// URL that is originally requested.
|
||||
static std::unique_ptr<ResourceRequest> CreatePreflightRequestForTesting(
|
||||
const ResourceRequest& request,
|
||||
|
@ -78,8 +78,8 @@ base::TimeDelta ParseAccessControlMaxAge(
|
||||
return base::Seconds(seconds);
|
||||
}
|
||||
|
||||
// Parses |string| as a Access-Control-Allow-* header value, storing the result
|
||||
// in |set|. This function returns false when |string| does not satisfy the
|
||||
// Parses `string` as a Access-Control-Allow-* header value, storing the result
|
||||
// in `set`. This function returns false when `string` does not satisfy the
|
||||
// syntax here: https://fetch.spec.whatwg.org/#http-new-header-syntax.
|
||||
bool ParseAccessControlAllowList(const absl::optional<std::string>& string,
|
||||
base::flat_set<std::string>* set,
|
||||
|
@ -43,7 +43,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) PreflightResult final {
|
||||
static void SetTickClockForTesting(const base::TickClock* tick_clock);
|
||||
|
||||
// Creates a PreflightResult instance from a CORS-preflight result. Returns
|
||||
// nullptr and |detected_error| is populated with the failed reason if the
|
||||
// nullptr and `detected_error` is populated with the failed reason if the
|
||||
// passed parameters contain an invalid entry, and the pointer is valid.
|
||||
static std::unique_ptr<PreflightResult> Create(
|
||||
const mojom::CredentialsMode credentials_mode,
|
||||
@ -57,11 +57,11 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) PreflightResult final {
|
||||
|
||||
~PreflightResult();
|
||||
|
||||
// Checks if the given |method| is allowed by the CORS-preflight response.
|
||||
// Checks if the given `method` is allowed by the CORS-preflight response.
|
||||
absl::optional<CorsErrorStatus> EnsureAllowedCrossOriginMethod(
|
||||
const std::string& method) const;
|
||||
|
||||
// Checks if the given all |headers| are allowed by the CORS-preflight
|
||||
// Checks if the given all `headers` are allowed by the CORS-preflight
|
||||
// response.
|
||||
// This does not reject when the headers contain forbidden headers
|
||||
// (https://fetch.spec.whatwg.org/#forbidden-header-name) because they may be
|
||||
@ -76,8 +76,8 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) PreflightResult final {
|
||||
// Checks if this entry is expired.
|
||||
bool IsExpired() const;
|
||||
|
||||
// Checks if the given combination of |credentials_mode|, |method|, and
|
||||
// |headers| is allowed by the CORS-preflight response.
|
||||
// Checks if the given combination of `credentials_mode`, `method`, and
|
||||
// `headers` is allowed by the CORS-preflight response.
|
||||
// This also does not reject the forbidden headers as
|
||||
// EnsureAllowCrossOriginHeaders does not.
|
||||
bool EnsureAllowedRequest(
|
||||
@ -126,7 +126,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) PreflightResult final {
|
||||
|
||||
// Corresponds to the fields of the CORS-preflight cache with the same name in
|
||||
// the fetch spec.
|
||||
// |headers_| holds strings in lower case for case-insensitive search.
|
||||
// `headers_` holds strings in lower case for case-insensitive search.
|
||||
bool credentials_;
|
||||
base::flat_set<std::string> methods_;
|
||||
base::flat_set<std::string> headers_;
|
||||
|
Reference in New Issue
Block a user