Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(84)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp

Issue 1859313002: Save-Data should not be added to CORS Access-Control-Request-Headers (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Addressed falken comments Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« content/browser/service_worker/service_worker_browsertest.cc ('K') | « net/test/embedded_test_server/http_request.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2008 Apple Inc. All Rights Reserved. 2 * Copyright (C) 2008 Apple Inc. All Rights Reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after
87 // Fetch API Spec: 87 // Fetch API Spec:
88 // https://fetch.spec.whatwg.org/#cors-preflight-fetch-0 88 // https://fetch.spec.whatwg.org/#cors-preflight-fetch-0
89 Vector<String> headers; 89 Vector<String> headers;
90 for (const auto& header : requestHeaderFields) { 90 for (const auto& header : requestHeaderFields) {
91 if (equalIgnoringCase(header.key, "referer")) { 91 if (equalIgnoringCase(header.key, "referer")) {
92 // When the request is from a Worker, referrer header was added 92 // When the request is from a Worker, referrer header was added
93 // by WorkerThreadableLoader. But it should not be added to 93 // by WorkerThreadableLoader. But it should not be added to
94 // Access-Control-Request-Headers header. 94 // Access-Control-Request-Headers header.
95 continue; 95 continue;
96 } 96 }
97 if (equalIgnoringCase(header.key, "save-data")) {
98 // As a short-term fix, filter Save-Data out of
bengr 2016/04/06 16:50:30 Reference a bug so we don't lose track of this.
Raj 2016/04/06 17:45:19 Done.
99 // Access-Control-Request-Headers header. Longer-term all simple
100 // headers should be filtered out as well.
101 continue;
102 }
97 headers.append(header.key.lower()); 103 headers.append(header.key.lower());
98 } 104 }
99 std::sort(headers.begin(), headers.end(), WTF::codePointCompareLessThan) ; 105 std::sort(headers.begin(), headers.end(), WTF::codePointCompareLessThan) ;
100 StringBuilder headerBuffer; 106 StringBuilder headerBuffer;
101 for (const String& header : headers) { 107 for (const String& header : headers) {
102 if (!headerBuffer.isEmpty()) 108 if (!headerBuffer.isEmpty())
103 headerBuffer.appendLiteral(", "); 109 headerBuffer.appendLiteral(", ");
104 headerBuffer.append(header); 110 headerBuffer.append(header);
105 } 111 }
106 preflightRequest.setHTTPHeaderField(HTTPNames::Access_Control_Request_He aders, AtomicString(headerBuffer.toString())); 112 preflightRequest.setHTTPHeaderField(HTTPNames::Access_Control_Request_He aders, AtomicString(headerBuffer.toString()));
(...skipping 182 matching lines...) Expand 10 before | Expand all | Expand 10 after
289 newRequest.setHTTPOrigin(securityOrigin); 295 newRequest.setHTTPOrigin(securityOrigin);
290 // If the user didn't request credentials in the first place, update our 296 // If the user didn't request credentials in the first place, update our
291 // state so we neither request them nor expect they must be allowed. 297 // state so we neither request them nor expect they must be allowed.
292 if (options.credentialsRequested == ClientDidNotRequestCredentials) 298 if (options.credentialsRequested == ClientDidNotRequestCredentials)
293 options.allowCredentials = DoNotAllowStoredCredentials; 299 options.allowCredentials = DoNotAllowStoredCredentials;
294 } 300 }
295 return true; 301 return true;
296 } 302 }
297 303
298 } // namespace blink 304 } // namespace blink
OLDNEW
« content/browser/service_worker/service_worker_browsertest.cc ('K') | « net/test/embedded_test_server/http_request.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698