| Index: Source/core/fetch/CrossOriginAccessControl.cpp
|
| diff --git a/Source/core/fetch/CrossOriginAccessControl.cpp b/Source/core/fetch/CrossOriginAccessControl.cpp
|
| index d2a87bf2abb80e348a9c74a42f1098733e7c9d46..e5e536baf406cc24de4a5b1941bef56474c4ca4a 100644
|
| --- a/Source/core/fetch/CrossOriginAccessControl.cpp
|
| +++ b/Source/core/fetch/CrossOriginAccessControl.cpp
|
| @@ -29,6 +29,7 @@
|
|
|
| #include "platform/network/HTTPParsers.h"
|
| #include "platform/network/ResourceResponse.h"
|
| +#include "platform/weborigin/SchemeRegistry.h"
|
| #include "platform/weborigin/SecurityOrigin.h"
|
| #include "wtf/Threading.h"
|
| #include "wtf/text/AtomicString.h"
|
| @@ -203,4 +204,19 @@ void parseAccessControlExposeHeadersAllowList(const String& headerValue, HTTPHea
|
| }
|
| }
|
|
|
| +bool checkCrossOriginAccessRedirectionUrl(const KURL& requestUrl, String& errorDescription)
|
| +{
|
| + if (!SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(requestUrl.protocol())) {
|
| + errorDescription = "The request was redirected to a URL ('" + requestUrl.string() + "') which has a disallowed scheme for cross-origin requests.";
|
| + return false;
|
| + }
|
| +
|
| + if (!(requestUrl.user().isEmpty() && requestUrl.pass().isEmpty())) {
|
| + errorDescription = "The request was redirected to a URL ('" + requestUrl.string() + "') containing userinfo, which is disallowed for cross-origin requests.";
|
| + return false;
|
| + }
|
| +
|
| + return true;
|
| +}
|
| +
|
| } // namespace WebCore
|
|
|
Chromium Code Reviews
Issue 149643003:
Improve handling of CORS redirects for some resource loads. (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master