Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1285)

Unified Diff: Source/core/loader/DocumentThreadableLoader.cpp

Issue 1300083002: Add suggestion to use "no-cors" with Fetch fails CORS check. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Update case where header is present but not for the correct origin. Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: Source/core/loader/DocumentThreadableLoader.cpp
diff --git a/Source/core/loader/DocumentThreadableLoader.cpp b/Source/core/loader/DocumentThreadableLoader.cpp
index c497a11efbbd8a6f6c5da97955cb00b4ac7fe57c..05f28d73e88b62fd72b7b35530424e2c74430e67 100644
--- a/Source/core/loader/DocumentThreadableLoader.cpp
+++ b/Source/core/loader/DocumentThreadableLoader.cpp
@@ -367,7 +367,7 @@ void DocumentThreadableLoader::redirectReceived(Resource* resource, ResourceRequ
// The redirect response must pass the access control check if the
// original request was not same-origin.
allowRedirect = CrossOriginAccessControl::isLegalRedirectLocation(request.url(), accessControlErrorDescription)
- && (m_sameOriginRequest || passesAccessControlCheck(redirectResponse, effectiveAllowCredentials(), securityOrigin(), accessControlErrorDescription));
+ && (m_sameOriginRequest || passesAccessControlCheck(redirectResponse, effectiveAllowCredentials(), securityOrigin(), accessControlErrorDescription, m_requestContext));
}
if (allowRedirect) {
@@ -456,7 +456,7 @@ void DocumentThreadableLoader::handlePreflightResponse(const ResourceResponse& r
{
String accessControlErrorDescription;
- if (!passesAccessControlCheck(response, effectiveAllowCredentials(), securityOrigin(), accessControlErrorDescription)) {
+ if (!passesAccessControlCheck(response, effectiveAllowCredentials(), securityOrigin(), accessControlErrorDescription, m_requestContext)) {
handlePreflightFailure(response.url().string(), "Response to preflight request doesn't pass access control check: " + accessControlErrorDescription);
return;
}
@@ -530,7 +530,7 @@ void DocumentThreadableLoader::handleResponse(unsigned long identifier, const Re
if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessControl) {
String accessControlErrorDescription;
- if (!passesAccessControlCheck(response, effectiveAllowCredentials(), securityOrigin(), accessControlErrorDescription)) {
+ if (!passesAccessControlCheck(response, effectiveAllowCredentials(), securityOrigin(), accessControlErrorDescription, m_requestContext)) {
reportResponseReceived(identifier, response);
m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkInternal, 0, response.url().string(), accessControlErrorDescription));
return;
« Source/core/fetch/CrossOriginAccessControl.h ('K') | « Source/core/fetch/Resource.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698