Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(106)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/fetch/FetchRequest.cpp

Issue 1801513003: Cross origin requests to same origin should match Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fixed failing CORS tests Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/Source/core/dom/ScriptLoader.cpp ('k') | third_party/WebKit/Source/core/fetch/ResourceLoaderOptions.h » ('j') | third_party/WebKit/Source/core/fetch/ResourceLoaderOptions.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/core/fetch/FetchRequest.cpp
diff --git a/third_party/WebKit/Source/core/fetch/FetchRequest.cpp b/third_party/WebKit/Source/core/fetch/FetchRequest.cpp
index 7fe6ab527e118d8693f95b878173e8e8bbe4f019..a3c24ddc1e064f912c5041884b065fa32cb5783e 100644
--- a/third_party/WebKit/Source/core/fetch/FetchRequest.cpp
+++ b/third_party/WebKit/Source/core/fetch/FetchRequest.cpp
@@ -73,23 +73,24 @@ FetchRequest::~FetchRequest()
void FetchRequest::setCrossOriginAccessControl(SecurityOrigin* origin, CrossOriginAttributeValue crossOrigin)
{
- ASSERT(crossOrigin != CrossOriginAttributeNotSet);
const bool useCredentials = crossOrigin == CrossOriginAttributeUseCredentials;
const bool isSameOriginRequest = origin && origin->canRequestNoSuborigin(m_resourceRequest.url());
+ const CORSEnabled corsEnabled = (crossOrigin != CrossOriginAttributeNotSet) ? IsCORSEnabled : NotCORSEnabled;
- // Currently FetchRequestMode and FetchCredentialsMode are only used when the request goes to Service Worker.
- m_resourceRequest.setFetchRequestMode(WebURLRequest::FetchRequestModeCORS);
- m_resourceRequest.setFetchCredentialsMode(useCredentials ? WebURLRequest::FetchCredentialsModeInclude : WebURLRequest::FetchCredentialsModeSameOrigin);
- m_options.allowCredentials = (isSameOriginRequest || useCredentials) ? AllowStoredCredentials : DoNotAllowStoredCredentials;
- m_options.corsEnabled = IsCORSEnabled;
- m_options.securityOrigin = origin;
- m_options.credentialsRequested = useCredentials ? ClientRequestedCredentials : ClientDidNotRequestCredentials;
-
- updateRequestForAccessControl(m_resourceRequest, origin, m_options.allowCredentials);
+ m_options.sameOrigin = isSameOriginRequest ? IsSameOrigin : NotSameOrigin;
Nate Chapin 2016/03/17 22:58:18 Instead of having this sameOrigin property, why no
Yoav Weiss 2016/03/18 07:53:14 Because we don't necessarily have the securityOrig
+ m_options.corsEnabled = corsEnabled;
+ if (corsEnabled) {
+ // Currently FetchRequestMode and FetchCredentialsMode are only used when the request goes to Service Worker.
+ m_resourceRequest.setFetchRequestMode(WebURLRequest::FetchRequestModeCORS);
+ m_resourceRequest.setFetchCredentialsMode(useCredentials ? WebURLRequest::FetchCredentialsModeInclude : WebURLRequest::FetchCredentialsModeSameOrigin);
+ m_options.allowCredentials = (isSameOriginRequest || useCredentials) ? AllowStoredCredentials : DoNotAllowStoredCredentials;
+ m_options.securityOrigin = origin;
+ m_options.credentialsRequested = useCredentials ? ClientRequestedCredentials : ClientDidNotRequestCredentials;
+ updateRequestForAccessControl(m_resourceRequest, origin, m_options.allowCredentials);
+ }
}
-
void FetchRequest::setResourceWidth(ResourceWidth resourceWidth)
{
if (resourceWidth.isSet) {
« no previous file with comments | « third_party/WebKit/Source/core/dom/ScriptLoader.cpp ('k') | third_party/WebKit/Source/core/fetch/ResourceLoaderOptions.h » ('j') | third_party/WebKit/Source/core/fetch/ResourceLoaderOptions.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698