OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2008 Apple Inc. All Rights Reserved. | 2 * Copyright (C) 2008 Apple Inc. All Rights Reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
122 return statusCode >= 400; | 122 return statusCode >= 400; |
123 } | 123 } |
124 | 124 |
125 static String buildAccessControlFailureMessage(const String& detail, SecurityOri
gin* securityOrigin) | 125 static String buildAccessControlFailureMessage(const String& detail, SecurityOri
gin* securityOrigin) |
126 { | 126 { |
127 return detail + " Origin '" + securityOrigin->toString() + "' is therefore n
ot allowed access."; | 127 return detail + " Origin '" + securityOrigin->toString() + "' is therefore n
ot allowed access."; |
128 } | 128 } |
129 | 129 |
130 bool passesAccessControlCheck(const ResourceResponse& response, StoredCredential
s includeCredentials, SecurityOrigin* securityOrigin, String& errorDescription,
WebURLRequest::RequestContext context) | 130 bool passesAccessControlCheck(const ResourceResponse& response, StoredCredential
s includeCredentials, SecurityOrigin* securityOrigin, String& errorDescription,
WebURLRequest::RequestContext context) |
131 { | 131 { |
132 DEFINE_THREAD_SAFE_STATIC_LOCAL(AtomicString, allowOriginHeaderName, (new At
omicString("access-control-allow-origin", AtomicString::ConstructFromLiteral))); | 132 DEFINE_THREAD_SAFE_STATIC_LOCAL(AtomicString, allowOriginHeaderName, (new At
omicString("access-control-allow-origin"))); |
133 DEFINE_THREAD_SAFE_STATIC_LOCAL(AtomicString, allowCredentialsHeaderName, (n
ew AtomicString("access-control-allow-credentials", AtomicString::ConstructFromL
iteral))); | 133 DEFINE_THREAD_SAFE_STATIC_LOCAL(AtomicString, allowCredentialsHeaderName, (n
ew AtomicString("access-control-allow-credentials"))); |
134 DEFINE_THREAD_SAFE_STATIC_LOCAL(AtomicString, allowSuboriginHeaderName, (new
AtomicString("access-control-allow-suborigin", AtomicString::ConstructFromLiter
al))); | 134 DEFINE_THREAD_SAFE_STATIC_LOCAL(AtomicString, allowSuboriginHeaderName, (new
AtomicString("access-control-allow-suborigin"))); |
135 | 135 |
136 int statusCode = response.httpStatusCode(); | 136 int statusCode = response.httpStatusCode(); |
137 | 137 |
138 if (!statusCode) { | 138 if (!statusCode) { |
139 errorDescription = buildAccessControlFailureMessage("Invalid response.",
securityOrigin); | 139 errorDescription = buildAccessControlFailureMessage("Invalid response.",
securityOrigin); |
140 return false; | 140 return false; |
141 } | 141 } |
142 | 142 |
143 const AtomicString& allowOriginHeaderValue = response.httpHeaderField(allowO
riginHeaderName); | 143 const AtomicString& allowOriginHeaderValue = response.httpHeaderField(allowO
riginHeaderName); |
144 | 144 |
(...skipping 144 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
289 newRequest.setHTTPOrigin(securityOrigin); | 289 newRequest.setHTTPOrigin(securityOrigin); |
290 // If the user didn't request credentials in the first place, update our | 290 // If the user didn't request credentials in the first place, update our |
291 // state so we neither request them nor expect they must be allowed. | 291 // state so we neither request them nor expect they must be allowed. |
292 if (options.credentialsRequested == ClientDidNotRequestCredentials) | 292 if (options.credentialsRequested == ClientDidNotRequestCredentials) |
293 options.allowCredentials = DoNotAllowStoredCredentials; | 293 options.allowCredentials = DoNotAllowStoredCredentials; |
294 } | 294 } |
295 return true; | 295 return true; |
296 } | 296 } |
297 | 297 |
298 } // namespace blink | 298 } // namespace blink |
OLD | NEW |