Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(793)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/core/fetch/ResourceFetcher.cpp

Issue 1016373002: Perform CORS access checks on Beacon redirects. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« LayoutTests/http/tests/navigation/beacon-cross-origin-redirect.html ('K') | « Source/core/fetch/CrossOriginAccessControl.cpp ('k') | Source/core/loader/BeaconLoader.h » ('j') | Source/core/loader/BeaconLoader.cpp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/fetch/ResourceFetcher.cpp
diff --git a/Source/core/fetch/ResourceFetcher.cpp b/Source/core/fetch/ResourceFetcher.cpp
index 40d584d4be345bfa6f12ffdbab1ab7bc6e1a594c..19363d1b3692d90c1eabcb6561b776fa82930b89 100644
--- a/Source/core/fetch/ResourceFetcher.cpp
+++ b/Source/core/fetch/ResourceFetcher.cpp
@@ -1159,7 +1159,8 @@ bool ResourceFetcher::canAccessRedirect(Resource* resource, ResourceRequest& req
sourceOrigin = context().securityOrigin();
String errorMessage;
- if (!CrossOriginAccessControl::handleRedirect(context().executionContext(), resource, sourceOrigin, request, redirectResponse, options, errorMessage)) {
+ StoredCredentials withCredentials = resource->lastResourceRequest().allowStoredCredentials() ? AllowStoredCredentials : DoNotAllowStoredCredentials;
+ if (!CrossOriginAccessControl::handleRedirect(context().executionContext(), sourceOrigin, request, redirectResponse, withCredentials, options, errorMessage)) {
if (resource->type() == Resource::Font)
toFontResource(resource)->setCORSFailed();
context().addConsoleMessage(errorMessage);
« LayoutTests/http/tests/navigation/beacon-cross-origin-redirect.html ('K') | « Source/core/fetch/CrossOriginAccessControl.cpp ('k') | Source/core/loader/BeaconLoader.h » ('j') | Source/core/loader/BeaconLoader.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698