diff options
Diffstat (limited to 'Source/WebCore/loader/ImageLoader.cpp')
-rw-r--r-- | Source/WebCore/loader/ImageLoader.cpp | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/Source/WebCore/loader/ImageLoader.cpp b/Source/WebCore/loader/ImageLoader.cpp index 069b40e..0c1fe99 100644 --- a/Source/WebCore/loader/ImageLoader.cpp +++ b/Source/WebCore/loader/ImageLoader.cpp @@ -24,6 +24,7 @@ #include "CachedImage.h" #include "CachedResourceLoader.h" +#include "CrossOriginAccessControl.h" #include "Document.h" #include "Element.h" #include "HTMLNames.h" @@ -160,16 +161,24 @@ void ImageLoader::updateFromElement() // need (<rdar://problem/5994621>). CachedImage* newImage = 0; if (!(attr.isNull() || (attr.isEmpty() && document->baseURI().isLocalFile()))) { + ResourceRequest request = ResourceRequest(document->completeURL(sourceURI(attr))); + + String crossOriginMode = m_element->fastGetAttribute(HTMLNames::crossoriginAttr); + if (!crossOriginMode.isNull()) { + bool allowCredentials = equalIgnoringCase(crossOriginMode, "use-credentials"); + updateRequestForAccessControl(request, document->securityOrigin(), allowCredentials); + } + if (m_loadManually) { bool autoLoadOtherImages = document->cachedResourceLoader()->autoLoadImages(); document->cachedResourceLoader()->setAutoLoadImages(false); - newImage = new CachedImage(sourceURI(attr)); + newImage = new CachedImage(request); newImage->setLoading(true); newImage->setOwningCachedResourceLoader(document->cachedResourceLoader()); document->cachedResourceLoader()->m_documentResources.set(newImage->url(), newImage); document->cachedResourceLoader()->setAutoLoadImages(autoLoadOtherImages); } else - newImage = document->cachedResourceLoader()->requestImage(sourceURI(attr)); + newImage = document->cachedResourceLoader()->requestImage(request); // If we do not have an image here, it means that a cross-site // violation occurred. |