Index: Source/core/loader/DocumentThreadableLoader.cpp |
diff --git a/Source/core/loader/DocumentThreadableLoader.cpp b/Source/core/loader/DocumentThreadableLoader.cpp |
index c497a11efbbd8a6f6c5da97955cb00b4ac7fe57c..05f28d73e88b62fd72b7b35530424e2c74430e67 100644 |
--- a/Source/core/loader/DocumentThreadableLoader.cpp |
+++ b/Source/core/loader/DocumentThreadableLoader.cpp |
@@ -367,7 +367,7 @@ void DocumentThreadableLoader::redirectReceived(Resource* resource, ResourceRequ |
// The redirect response must pass the access control check if the |
// original request was not same-origin. |
allowRedirect = CrossOriginAccessControl::isLegalRedirectLocation(request.url(), accessControlErrorDescription) |
- && (m_sameOriginRequest || passesAccessControlCheck(redirectResponse, effectiveAllowCredentials(), securityOrigin(), accessControlErrorDescription)); |
+ && (m_sameOriginRequest || passesAccessControlCheck(redirectResponse, effectiveAllowCredentials(), securityOrigin(), accessControlErrorDescription, m_requestContext)); |
} |
if (allowRedirect) { |
@@ -456,7 +456,7 @@ void DocumentThreadableLoader::handlePreflightResponse(const ResourceResponse& r |
{ |
String accessControlErrorDescription; |
- if (!passesAccessControlCheck(response, effectiveAllowCredentials(), securityOrigin(), accessControlErrorDescription)) { |
+ if (!passesAccessControlCheck(response, effectiveAllowCredentials(), securityOrigin(), accessControlErrorDescription, m_requestContext)) { |
handlePreflightFailure(response.url().string(), "Response to preflight request doesn't pass access control check: " + accessControlErrorDescription); |
return; |
} |
@@ -530,7 +530,7 @@ void DocumentThreadableLoader::handleResponse(unsigned long identifier, const Re |
if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessControl) { |
String accessControlErrorDescription; |
- if (!passesAccessControlCheck(response, effectiveAllowCredentials(), securityOrigin(), accessControlErrorDescription)) { |
+ if (!passesAccessControlCheck(response, effectiveAllowCredentials(), securityOrigin(), accessControlErrorDescription, m_requestContext)) { |
reportResponseReceived(identifier, response); |
m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkInternal, 0, response.url().string(), accessControlErrorDescription)); |
return; |