1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
// Copyright 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef THIRD_PARTY_BLINK_RENDERER_PLATFORM_LOADER_FETCH_SCRIPT_FETCH_OPTIONS_H_
#define THIRD_PARTY_BLINK_RENDERER_PLATFORM_LOADER_FETCH_SCRIPT_FETCH_OPTIONS_H_
#include "services/network/public/mojom/referrer_policy.mojom-blink-forward.h"
#include "third_party/blink/public/mojom/fetch/fetch_api_request.mojom-blink.h"
#include "third_party/blink/public/platform/web_url_request.h"
#include "third_party/blink/renderer/platform/loader/fetch/cross_origin_attribute_value.h"
#include "third_party/blink/renderer/platform/loader/fetch/fetch_parameters.h"
#include "third_party/blink/renderer/platform/loader/fetch/integrity_metadata.h"
#include "third_party/blink/renderer/platform/loader/fetch/resource_loader_options.h"
#include "third_party/blink/renderer/platform/platform_export.h"
#include "third_party/blink/renderer/platform/wtf/allocator/allocator.h"
#include "third_party/blink/renderer/platform/wtf/text/text_encoding.h"
#include "third_party/blink/renderer/platform/wtf/text/wtf_string.h"
namespace blink {
class DOMWrapperWorld;
class KURL;
class SecurityOrigin;
// ScriptFetchOptions corresponds to the spec concept "script fetch options".
// https://html.spec.whatwg.org/C/#script-fetch-options
class PLATFORM_EXPORT ScriptFetchOptions final {
DISALLOW_NEW();
public:
// https://html.spec.whatwg.org/C/#default-classic-script-fetch-options
// "The default classic script fetch options are a script fetch options whose
// cryptographic nonce is the empty string, integrity metadata is the empty
// string, parser metadata is "not-parser-inserted", and credentials mode
// is "omit"." [spec text]
// TODO(domfarolino): Update this to use probably "include" or "same-origin"
// credentials mode, once spec decision is made at
// https://github.com/whatwg/html/pull/3656.
ScriptFetchOptions()
: nonce_(),
integrity_metadata_(),
integrity_attribute_(),
parser_state_(ParserDisposition::kNotParserInserted),
credentials_mode_(network::mojom::CredentialsMode::kOmit),
referrer_policy_(network::mojom::ReferrerPolicy::kDefault),
importance_(mojom::FetchImportanceMode::kImportanceAuto) {}
ScriptFetchOptions(const String& nonce,
const IntegrityMetadataSet& integrity_metadata,
const String& integrity_attribute,
ParserDisposition parser_state,
network::mojom::CredentialsMode credentials_mode,
network::mojom::ReferrerPolicy referrer_policy,
mojom::FetchImportanceMode importance,
RejectCoepUnsafeNone reject_coep_unsafe_none =
RejectCoepUnsafeNone(false))
: nonce_(nonce),
integrity_metadata_(integrity_metadata),
integrity_attribute_(integrity_attribute),
parser_state_(parser_state),
credentials_mode_(credentials_mode),
referrer_policy_(referrer_policy),
importance_(importance),
reject_coep_unsafe_none_(reject_coep_unsafe_none) {}
~ScriptFetchOptions() = default;
const String& Nonce() const { return nonce_; }
const IntegrityMetadataSet& GetIntegrityMetadata() const {
return integrity_metadata_;
}
const String& GetIntegrityAttributeValue() const {
return integrity_attribute_;
}
const ParserDisposition& ParserState() const { return parser_state_; }
network::mojom::CredentialsMode CredentialsMode() const {
return credentials_mode_;
}
network::mojom::ReferrerPolicy GetReferrerPolicy() const {
return referrer_policy_;
}
mojom::FetchImportanceMode Importance() const { return importance_; }
RejectCoepUnsafeNone GetRejectCoepUnsafeNone() const {
return reject_coep_unsafe_none_;
}
// https://html.spec.whatwg.org/C/#fetch-a-classic-script
// Steps 1 and 3.
FetchParameters CreateFetchParameters(
const KURL&,
const SecurityOrigin*,
scoped_refptr<const DOMWrapperWorld> world,
CrossOriginAttributeValue,
const WTF::TextEncoding&,
FetchParameters::DeferOption) const;
private:
// https://html.spec.whatwg.org/C/#concept-script-fetch-options-nonce
const String nonce_;
// https://html.spec.whatwg.org/C/#concept-script-fetch-options-integrity
const IntegrityMetadataSet integrity_metadata_;
const String integrity_attribute_;
// https://html.spec.whatwg.org/C/#concept-script-fetch-options-parser
const ParserDisposition parser_state_;
// https://html.spec.whatwg.org/C/#concept-script-fetch-options-credentials
const network::mojom::CredentialsMode credentials_mode_;
// https://html.spec.whatwg.org/C/#concept-script-fetch-options-referrer-policy
const network::mojom::ReferrerPolicy referrer_policy_;
// Priority Hints and a request's "importance" mode are currently
// non-standard. See https://crbug.com/821464, and the HTML Standard issue
// https://github.com/whatwg/html/issues/3670 for some discussion on adding an
// "importance" member to the script fetch options struct.
const mojom::FetchImportanceMode importance_;
// True when we should reject a response with COEP: none.
// https://wicg.github.io/cross-origin-embedder-policy/#integration-html
// This is for dedicated workers.
// TODO(crbug.com/1064920): Remove this once PlzDedicatedWorker ships.
const RejectCoepUnsafeNone reject_coep_unsafe_none_ =
RejectCoepUnsafeNone(false);
};
} // namespace blink
#endif
|
