Index: third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp |
diff --git a/third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp b/third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp |
index 8b794e834a16bb03b8310aec1f672aa14fd56640..b0567997cf45514a0de948d8577c41cff4d60f1b 100644 |
--- a/third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp |
+++ b/third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp |
@@ -81,6 +81,9 @@ ResourceRequest createAccessControlPreflightRequest(const ResourceRequest& reque |
preflightRequest.setRequestContext(request.requestContext()); |
preflightRequest.setSkipServiceWorker(true); |
+ if (request.isExternalRequest()) |
+ preflightRequest.setHTTPHeaderField(HTTPNames::Access_Control_Request_External, "true"); |
+ |
const HTTPHeaderMap& requestHeaderFields = request.httpHeaderFields(); |
if (requestHeaderFields.size() > 0) { |
@@ -227,6 +230,20 @@ bool passesPreflightStatusCheck(const ResourceResponse& response, String& errorD |
return true; |
} |
+bool passesExternalPreflightCheck(const ResourceResponse& response, String& errorDescription) |
+{ |
+ AtomicString result = response.httpHeaderField(HTTPNames::Access_Control_Allow_External); |
+ if (result.isNull()) { |
+ errorDescription = "No 'Access-Control-Allow-External' header was present in the preflight response for this external request (This is an experimental header which is defined in 'https://mikewest.github.io/cors-rfc1918/')."; |
+ return false; |
+ } |
+ if (!equalIgnoringCase(result, "true")) { |
+ errorDescription = "The 'Access-Control-Allow-External' header in the preflight response for this external request had a value of '" + result + "', not 'true' (This is an experimental header which is defined in 'https://mikewest.github.io/cors-rfc1918/')."; |
+ return false; |
+ } |
+ return true; |
+} |
+ |
void parseAccessControlExposeHeadersAllowList(const String& headerValue, HTTPHeaderSet& headerSet) |
{ |
Vector<String> headers; |