Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(77)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/WebCore/loader/CrossOriginAccessControl.cpp

Issue 46097: WebKit merge 41660:41709 (WebKit side).... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Created 11 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « third_party/WebKit/WebCore/editing/ReplaceSelectionCommand.cpp ('k') | third_party/WebKit/WebCore/make-generated-sources.sh » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2008 Apple Inc. All Rights Reserved. 2 * Copyright (C) 2008 Apple Inc. All Rights Reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 18 matching lines...) Expand all
29 29
30 #include "AtomicString.h" 30 #include "AtomicString.h"
31 #include "ResourceResponse.h" 31 #include "ResourceResponse.h"
32 #include "SecurityOrigin.h" 32 #include "SecurityOrigin.h"
33 #include <wtf/Threading.h> 33 #include <wtf/Threading.h>
34 34
35 namespace WebCore { 35 namespace WebCore {
36 36
37 bool isOnAccessControlSimpleRequestHeaderWhitelist(const String& name) 37 bool isOnAccessControlSimpleRequestHeaderWhitelist(const String& name)
38 { 38 {
39 return equalIgnoringCase(name, "accept") || equalIgnoringCase(name, "accept- language") || equalIgnoringCase(name, "content-type"); 39 return equalIgnoringCase(name, "accept")
40 || equalIgnoringCase(name, "accept-language")
41 || equalIgnoringCase(name, "content-language")
42 || equalIgnoringCase(name, "content-type");
40 } 43 }
41 44
42 bool isSimpleCrossOriginAccessRequest(const String& method, const HTTPHeaderMap& headerMap) 45 bool isSimpleCrossOriginAccessRequest(const String& method, const HTTPHeaderMap& headerMap)
43 { 46 {
44 if (method != "GET" && method != "POST") 47 if (method != "GET" && method != "HEAD" && method != "POST")
45 return false; 48 return false;
46 49
47 HTTPHeaderMap::const_iterator end = headerMap.end(); 50 HTTPHeaderMap::const_iterator end = headerMap.end();
48 for (HTTPHeaderMap::const_iterator it = headerMap.begin(); it != end; ++it) { 51 for (HTTPHeaderMap::const_iterator it = headerMap.begin(); it != end; ++it) {
49 if (!isOnAccessControlSimpleRequestHeaderWhitelist(it->first)) 52 if (!isOnAccessControlSimpleRequestHeaderWhitelist(it->first))
50 return false; 53 return false;
51 } 54 }
52 55
56 HTTPHeaderMap::const_iterator contentTypeIter = headerMap.find("Content-Type ");
57 if (contentTypeIter != headerMap.end()) {
58 const String& contentType = contentTypeIter->second;
59 if (!equalIgnoringCase(contentType, "application/x-www-form-urlencoded")
60 && !equalIgnoringCase(contentType, "multipart/form-data")
61 && !equalIgnoringCase(contentType, "text/plain"))
62 return false;
63 }
64
53 return true; 65 return true;
54 } 66 }
55 67
56 typedef HashSet<String, CaseFoldingHash> HTTPHeaderSet; 68 typedef HashSet<String, CaseFoldingHash> HTTPHeaderSet;
57 static HTTPHeaderSet* createAllowedCrossOriginResponseHeadersSet() 69 static HTTPHeaderSet* createAllowedCrossOriginResponseHeadersSet()
58 { 70 {
59 HTTPHeaderSet* headerSet = new HashSet<String, CaseFoldingHash>; 71 HTTPHeaderSet* headerSet = new HashSet<String, CaseFoldingHash>;
60 72
61 headerSet->add("cache-control"); 73 headerSet->add("cache-control");
62 headerSet->add("content-language"); 74 headerSet->add("content-language");
(...skipping 25 matching lines...) Expand all
88 if (includeCredentials) { 100 if (includeCredentials) {
89 const String& accessControlCredentialsString = response.httpHeaderField( "Access-Control-Allow-Credentials"); 101 const String& accessControlCredentialsString = response.httpHeaderField( "Access-Control-Allow-Credentials");
90 if (accessControlCredentialsString != "true") 102 if (accessControlCredentialsString != "true")
91 return false; 103 return false;
92 } 104 }
93 105
94 return true; 106 return true;
95 } 107 }
96 108
97 } // namespace WebCore 109 } // namespace WebCore
OLDNEW
« no previous file with comments | « third_party/WebKit/WebCore/editing/ReplaceSelectionCommand.cpp ('k') | third_party/WebKit/WebCore/make-generated-sources.sh » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698