OOR-CORS: Remove unused code from threadable_loader.{cc|h}

Remove remained Blink CORS dead code from ThreadableLoader.
Even after this change, we still have some duplicated code
in the class. I will remove it in the next CL as it won't
change visible behavior, but it changes the timing for an
error detection. Let's keep this change containing only
mechanical changes though some of them are still a little
complicated.

Bug: 1053866
Change-Id: Iaa02a6682dda02f88b6a824a4542b6dc1608129e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2522277
Commit-Queue: Takashi Toyoshima <toyoshim@chromium.org>
Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Cr-Commit-Position: refs/heads/master@{#825252}

third_party/blink/renderer/core/loader/threadable_loader.h

@@ -44,16 +44,13 @@
 #include "third_party/blink/renderer/platform/loader/fetch/resource_loader_options.h"
 #include "third_party/blink/renderer/platform/network/http_header_map.h"
 #include "third_party/blink/renderer/platform/timer.h"
-#include "third_party/blink/renderer/platform/weborigin/referrer.h"
 #include "third_party/blink/renderer/platform/wtf/allocator/allocator.h"
-#include "third_party/blink/renderer/platform/wtf/cross_thread_copier.h"
 #include "third_party/blink/renderer/platform/wtf/forward.h"
 #include "third_party/blink/renderer/platform/wtf/text/wtf_string.h"
 
 namespace blink {
 
 class ExecutionContext;
-class KURL;
 class LocalFrame;
 class ResourceRequest;
 class SecurityOrigin;
@@ -104,10 +101,6 @@ class CORE_EXPORT ThreadableLoader final
                    ResourceFetcher* = nullptr);
   ~ThreadableLoader() override;
 
-  // Exposed for testing. Code outside this class should not call this function.
-  static std::unique_ptr<ResourceRequest>
-  CreateAccessControlPreflightRequestForTesting(const ResourceRequest&);
-
   // Must be called to actually begin the request.
   void Start(ResourceRequest);
 
@@ -123,7 +116,7 @@ class CORE_EXPORT ThreadableLoader final
 
   void Cancel();
 
-  // Detach the loader from the request. This ffunction is for "keepalive"
+  // Detach the loader from the request. This function is for "keepalive"
   // requests. No notification will be sent to the client, but the request
   // will be processed.
   void Detach();
@@ -133,21 +126,27 @@ class CORE_EXPORT ThreadableLoader final
   void Trace(Visitor* visitor) const override;
 
  private:
-  class AssignOnScopeExit;
-  class DetachedClient;
+  void Clear();
 
-  static std::unique_ptr<ResourceRequest> CreateAccessControlPreflightRequest(
-      const ResourceRequest&,
-      const SecurityOrigin*);
+  // Notify Inspector and log to console about resource response. Use this
+  // method if response is not going to be finished normally.
+  void ReportResponseReceived(uint64_t identifier, const ResourceResponse&);
 
-  void Clear();
+  void DidTimeout(TimerBase*);
 
-  // ResourceClient
-  void NotifyFinished(Resource*) override;
+  void DispatchDidFail(const ResourceError&);
+
+  const SecurityOrigin* GetSecurityOrigin() const;
 
+  // Returns null if the loader is not associated with a frame.
+  // TODO(kinuko): Remove dependency to frame.
+  LocalFrame* GetFrame() const;
+
+  // ResourceClient implementation:
+  void NotifyFinished(Resource*) override;
   String DebugName() const override { return "ThreadableLoader"; }
 
-  // RawResourceClient
+  // RawResourceClient implementation:
   void DataSent(Resource*,
                 uint64_t bytes_sent,
                 uint64_t total_bytes_to_be_sent) override;
@@ -162,112 +161,30 @@ class CORE_EXPORT ThreadableLoader final
   void DataDownloaded(Resource*, uint64_t) override;
   void DidDownloadToBlob(Resource*, scoped_refptr<BlobDataHandle>) override;
 
-  // Notify Inspector and log to console about resource response. Use this
-  // method if response is not going to be finished normally.
-  void ReportResponseReceived(uint64_t identifier, const ResourceResponse&);
-
-  void DidTimeout(TimerBase*);
-  // Calls the appropriate loading method according to policy and data about
-  // origin. Only for handling the initial load (including fallback after
-  // consulting ServiceWorker).
-  void DispatchInitialRequest(ResourceRequest&);
-  void MakeCrossOriginAccessRequest(const ResourceRequest&);
-
-  // Loads m_fallbackRequestForServiceWorker.
-  void LoadFallbackRequestForServiceWorker();
-  // Issues a CORS preflight.
-  void LoadPreflightRequest(const ResourceRequest&,
-                            const ResourceLoaderOptions&);
-  // Loads actual_request_.
-  void LoadActualRequest();
-  // Clears actual_request_ and reports access control check failure to
-  // m_client.
-  void HandlePreflightFailure(const KURL&, const network::CorsErrorStatus&);
-  // Investigates the response for the preflight request. If successful,
-  // the actual request will be made later in NotifyFinished().
-  void HandlePreflightResponse(const ResourceResponse&);
-
-  void DispatchDidFail(const ResourceError&);
-
-  void PrepareCrossOriginRequest(ResourceRequest&) const;
-
-  // This method modifies the ResourceRequest by calling
-  // SetAllowStoredCredentials() on it based on same-origin-ness and the
-  // credentials mode.
-  //
-  // This method configures the ResourceLoaderOptions so that the underlying
-  // ResourceFetcher doesn't perform some part of the CORS logic since this
-  // class performs it by itself.
-  void LoadRequest(ResourceRequest&, ResourceLoaderOptions);
-
-  const SecurityOrigin* GetSecurityOrigin() const;
-
-  // Returns null if the loader is not associated with a frame.
-  // TODO(kinuko): Remove dependency to frame.
-  LocalFrame* GetFrame() const;
-
   Member<ThreadableLoaderClient> client_;
   Member<ExecutionContext> execution_context_;
   Member<ResourceFetcher> resource_fetcher_;
 
-  base::TimeDelta timeout_;
   // Some items may be overridden by m_forceDoNotAllowStoredCredentials and
   // m_securityOrigin. In such a case, build a ResourceLoaderOptions with
   // up-to-date values from them and this variable, and use it.
   const ResourceLoaderOptions resource_loader_options_;
 
-  // Always true. TODO(1053866): Remove this flag and code hidden by this flag.
-  const bool out_of_blink_cors_;
-
   // Corresponds to the CORS flag in the Fetch spec.
-  bool cors_flag_ = false;
   scoped_refptr<const SecurityOrigin> security_origin_;
-  scoped_refptr<const SecurityOrigin> original_security_origin_;
-
-  const bool async_;
-
-  // Holds the original request context (used for sanity checks).
-  mojom::blink::RequestContextType request_context_;
 
-  // Saved so that we can use the original value for the modes in
-  // ResponseReceived() where |resource| might be a reused one (e.g. preloaded
-  // resource) which can have different modes.
+  // Saved so that we can use the original mode in ResponseReceived() where
+  // |resource| might be a reused one (e.g. preloaded resource) which can have a
+  // different mode.
   network::mojom::RequestMode request_mode_;
-  network::mojom::CredentialsMode credentials_mode_;
-
-  // Holds the original request for fallback in case the Service Worker
-  // does not respond.
-  ResourceRequest fallback_request_for_service_worker_;
-
-  // Holds the original request and options for it during preflight request
-  // handling phase.
-  ResourceRequest actual_request_;
-  ResourceLoaderOptions actual_options_{nullptr /* world */};
-  network::mojom::FetchResponseType response_tainting_ =
-      network::mojom::FetchResponseType::kBasic;
-
-  KURL initial_request_url_;
-  KURL last_request_url_;
-
-  // stores request headers in case of a cross-origin redirect.
-  HTTPHeaderMap request_headers_;
 
+  // Set via SetTimeout() by a user before Start().
+  base::TimeDelta timeout_;
+  // Used to detect |timeout_| is over.
   TaskRunnerTimer<ThreadableLoader> timeout_timer_;
-  base::TimeTicks
-      request_started_;  // Time an asynchronous fetch request is started
-
-  // Max number of times that this ThreadableLoader can follow.
-  int redirect_limit_;
-
-  network::mojom::RedirectMode redirect_mode_;
-
-  // Holds the referrer after a redirect response was received. This referrer is
-  // used to populate the HTTP Referer header when following the redirect.
-  bool override_referrer_;
-  bool report_upload_progress_ = false;
-  Referrer referrer_after_redirect_;
 
-  bool detached_ = false;
+  // Time an asynchronous fetch request is started
+  base::TimeTicks request_started_;
 
   RawResourceClientStateChecker checker_;
 

third_party/blink/renderer/core/loader/threadable_loader_test.cc

@@ -518,74 +518,6 @@ TEST_F(ThreadableLoaderTest, ClearInRedirectDidFinishLoading) {
   ServeRequests();
 }
 
-TEST(ThreadableLoaderCreatePreflightRequestTest, LexicographicalOrder) {
-  ResourceRequest request;
-  request.AddHttpHeaderField("Orange", "Orange");
-  request.AddHttpHeaderField("Apple", "Red");
-  request.AddHttpHeaderField("Kiwifruit", "Green");
-  request.AddHttpHeaderField("Content-Type", "application/octet-stream");
-  request.AddHttpHeaderField("Strawberry", "Red");
-
-  std::unique_ptr<ResourceRequest> preflight =
-      ThreadableLoader::CreateAccessControlPreflightRequestForTesting(request);
-
-  EXPECT_EQ("apple,content-type,kiwifruit,orange,strawberry",
-            preflight->HttpHeaderField("Access-Control-Request-Headers"));
-}
-
-TEST(ThreadableLoaderCreatePreflightRequestTest, ExcludeSimpleHeaders) {
-  ResourceRequest request;
-  request.AddHttpHeaderField("Accept", "everything");
-  request.AddHttpHeaderField("Accept-Language", "everything");
-  request.AddHttpHeaderField("Content-Language", "everything");
-  request.AddHttpHeaderField("Save-Data", "on");
-
-  std::unique_ptr<ResourceRequest> preflight =
-      ThreadableLoader::CreateAccessControlPreflightRequestForTesting(request);
-
-  // Do not emit empty-valued headers; an empty list of non-"CORS safelisted"
-  // request headers should cause "Access-Control-Request-Headers:" to be
-  // left out in the preflight request.
-  EXPECT_EQ(g_null_atom,
-            preflight->HttpHeaderField("Access-Control-Request-Headers"));
-}
-
-TEST(ThreadableLoaderCreatePreflightRequestTest,
-     ExcludeSimpleContentTypeHeader) {
-  ResourceRequest request;
-  request.AddHttpHeaderField("Content-Type", "text/plain");
-
-  std::unique_ptr<ResourceRequest> preflight =
-      ThreadableLoader::CreateAccessControlPreflightRequestForTesting(request);
-
-  // Empty list also; see comment in test above.
-  EXPECT_EQ(g_null_atom,
-            preflight->HttpHeaderField("Access-Control-Request-Headers"));
-}
-
-TEST(ThreadableLoaderCreatePreflightRequestTest, IncludeNonSimpleHeader) {
-  ResourceRequest request;
-  request.AddHttpHeaderField("X-Custom-Header", "foobar");
-
-  std::unique_ptr<ResourceRequest> preflight =
-      ThreadableLoader::CreateAccessControlPreflightRequestForTesting(request);
-
-  EXPECT_EQ("x-custom-header",
-            preflight->HttpHeaderField("Access-Control-Request-Headers"));
-}
-
-TEST(ThreadableLoaderCreatePreflightRequestTest,
-     IncludeNonSimpleContentTypeHeader) {
-  ResourceRequest request;
-  request.AddHttpHeaderField("Content-Type", "application/octet-stream");
-
-  std::unique_ptr<ResourceRequest> preflight =
-      ThreadableLoader::CreateAccessControlPreflightRequestForTesting(request);
-
-  EXPECT_EQ("content-type",
-            preflight->HttpHeaderField("Access-Control-Request-Headers"));
-}
-
 }  // namespace
 
 }  // namespace blink

third_party/blink/renderer/core/workers/worker_classic_script_loader.cc

@@ -51,6 +51,7 @@
 #include "third_party/blink/renderer/platform/network/http_names.h"
 #include "third_party/blink/renderer/platform/network/network_utils.h"
 #include "third_party/blink/renderer/platform/runtime_enabled_features.h"
+#include "third_party/blink/renderer/platform/weborigin/referrer.h"
 #include "third_party/blink/renderer/platform/weborigin/security_origin.h"
 
 namespace blink {