| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2008 Apple Inc. All Rights Reserved. | 2 * Copyright (C) 2008 Apple Inc. All Rights Reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 164 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 175 | 175 |
| 176 bool passesPreflightStatusCheck(const ResourceResponse& response, String& errorD
escription) | 176 bool passesPreflightStatusCheck(const ResourceResponse& response, String& errorD
escription) |
| 177 { | 177 { |
| 178 // CORS preflight with 3XX is considered network error in | 178 // CORS preflight with 3XX is considered network error in |
| 179 // Fetch API Spec: | 179 // Fetch API Spec: |
| 180 // https://fetch.spec.whatwg.org/#cors-preflight-fetch | 180 // https://fetch.spec.whatwg.org/#cors-preflight-fetch |
| 181 // CORS Spec: | 181 // CORS Spec: |
| 182 // http://www.w3.org/TR/cors/#cross-origin-request-with-preflight-0 | 182 // http://www.w3.org/TR/cors/#cross-origin-request-with-preflight-0 |
| 183 // https://crbug.com/452394 | 183 // https://crbug.com/452394 |
| 184 if (response.httpStatusCode() < 200 || response.httpStatusCode() >= 300) { | 184 if (response.httpStatusCode() < 200 || response.httpStatusCode() >= 300) { |
| 185 errorDescription = "Invalid HTTP status code " + String::number(response
.httpStatusCode()); | 185 errorDescription = "Response for preflight has invalid HTTP status code
" + String::number(response.httpStatusCode()); |
| 186 return false; | 186 return false; |
| 187 } | 187 } |
| 188 | 188 |
| 189 return true; | 189 return true; |
| 190 } | 190 } |
| 191 | 191 |
| 192 void parseAccessControlExposeHeadersAllowList(const String& headerValue, HTTPHea
derSet& headerSet) | 192 void parseAccessControlExposeHeadersAllowList(const String& headerValue, HTTPHea
derSet& headerSet) |
| 193 { | 193 { |
| 194 Vector<String> headers; | 194 Vector<String> headers; |
| 195 headerValue.split(',', false, headers); | 195 headerValue.split(',', false, headers); |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 256 request.setHTTPOrigin(securityOrigin->toAtomicString()); | 256 request.setHTTPOrigin(securityOrigin->toAtomicString()); |
| 257 // If the user didn't request credentials in the first place, update our | 257 // If the user didn't request credentials in the first place, update our |
| 258 // state so we neither request them nor expect they must be allowed. | 258 // state so we neither request them nor expect they must be allowed. |
| 259 if (options.credentialsRequested == ClientDidNotRequestCredentials) | 259 if (options.credentialsRequested == ClientDidNotRequestCredentials) |
| 260 options.allowCredentials = DoNotAllowStoredCredentials; | 260 options.allowCredentials = DoNotAllowStoredCredentials; |
| 261 } | 261 } |
| 262 return true; | 262 return true; |
| 263 } | 263 } |
| 264 | 264 |
| 265 } // namespace blink | 265 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1219693006:
Say that the cause is preflight when CORS fails on invalid status code on preflight (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master