(Re)organize handling of CORS access control during resource loading.
Common up and simplify the various pieces of code that handles CORS
access control, avoiding per resource type handling.
That is, a ResourceLoader's host will now be called upon by the loader
when it receives the initial response. The host deciding if a response
should be allowed loaded or not:
bool ResourceLoaderHost::canAccessResource(Resource*, const KURL&);
If not, the loader cancels the loading of the resource and signals an
error. The loader host is responsible for emitting a suitable console
error message.
Switch over the 'loader' resource clients to rely on that, avoiding
custom CORS checks (and error reporting) for scripts, imports, images,
text tracks.
As the resource loader now needs to know if a load operation is CORS
enabled or not, this is now/again recorded by ResourceLoaderOptions.
R=abarth@chromium.org,japhet@chromium.org
BUG=178787
Review URL: https://codereview.chromium.org/137983010
git-svn-id: svn://svn.chromium.org/blink/trunk@165877 bbb929c8-8fbe-4397-9dbb-9b2b20218538
34 files changed
