-
Takeshi Yoshino authored
ResourceFetcher/ResourceLoader now saves the result of the CORS check on the Resource object. Though the result of the CORS check varies depending on the source origin, reusing an existing resource fetched by a different source origin is allowed by mistake. This patch introduces a logic to prevent MemoryCache entries from being reused for requests with a different source (requestor) origin by saving the source origin on the Resource object and comparing that with the new source origin in Resource::CanReuse(), so that the result of the CORS check is reused only when the source origin is the same. An alternative possibly-better approach is to isolate MemoryCache for different origins by changing the cache identifier to take into account the source origin of requests. However, to keep the patch small and fix the issue quickly, this patch just prevents reuse. Bug: 799477, 809350 Change-Id: Ib96c9e728abe969a53f3d80519118a83392067b4 Reviewed-on: https://chromium-review.googlesource.com/897040 Commit-Queue: Takeshi Yoshino <tyoshino@chromium.org> Reviewed-by:
Takashi Toyoshima <toyoshim@chromium.org> Reviewed-by:
Yutaka Hirano <yhirano@chromium.org> Cr-Commit-Position: refs/heads/master@{#537580}
c1df0048
