| Index: third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp
|
| diff --git a/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp b/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp
|
| index d323bb2befc05e3524ee1c60da797f4a97d1aaa4..509185c67303c61953a7abb87d487261d4649157 100644
|
| --- a/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp
|
| +++ b/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp
|
| @@ -256,6 +256,9 @@ void DocumentThreadableLoader::makeCrossOriginAccessRequest(const ResourceReques
|
| ResourceRequest crossOriginRequest(request);
|
| ResourceLoaderOptions crossOriginOptions(m_resourceLoaderOptions);
|
| updateRequestForAccessControl(crossOriginRequest, securityOrigin(), effectiveAllowCredentials());
|
| + // We update the credentials mode according to effectiveAllowCredentials() here for backward compatibility. But this is not correct.
|
| + // FIXME: We should set it in the caller of DocumentThreadableLoader.
|
| + crossOriginRequest.setFetchCredentialsMode(effectiveAllowCredentials() == AllowStoredCredentials ? WebURLRequest::FetchCredentialsModeInclude : WebURLRequest::FetchCredentialsModeOmit);
|
| loadRequest(crossOriginRequest, crossOriginOptions);
|
| } else {
|
| m_crossOriginNonSimpleRequest = true;
|
| @@ -264,6 +267,9 @@ void DocumentThreadableLoader::makeCrossOriginAccessRequest(const ResourceReques
|
| OwnPtr<ResourceLoaderOptions> crossOriginOptions = adoptPtr(new ResourceLoaderOptions(m_resourceLoaderOptions));
|
| // Do not set the Origin header for preflight requests.
|
| updateRequestForAccessControl(*crossOriginRequest, 0, effectiveAllowCredentials());
|
| + // We update the credentials mode according to effectiveAllowCredentials() here for backward compatibility. But this is not correct.
|
| + // FIXME: We should set it in the caller of DocumentThreadableLoader.
|
| + crossOriginRequest->setFetchCredentialsMode(effectiveAllowCredentials() == AllowStoredCredentials ? WebURLRequest::FetchCredentialsModeInclude : WebURLRequest::FetchCredentialsModeOmit);
|
| m_actualRequest = crossOriginRequest.release();
|
| m_actualOptions = crossOriginOptions.release();
|
|
|
|
|
Chromium Code Reviews
Issue 1487343002:
Set credentials mode "same-origin" when crossOrigin=anonymous is set. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master