Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(40)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp

Issue 1859313002: Save-Data should not be added to CORS Access-Control-Request-Headers (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rebased Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/test/embedded_test_server/http_request.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2008 Apple Inc. All Rights Reserved. 2 * Copyright (C) 2008 Apple Inc. All Rights Reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after
87 // Fetch API Spec: 87 // Fetch API Spec:
88 // https://fetch.spec.whatwg.org/#cors-preflight-fetch-0 88 // https://fetch.spec.whatwg.org/#cors-preflight-fetch-0
89 Vector<String> headers; 89 Vector<String> headers;
90 for (const auto& header : requestHeaderFields) { 90 for (const auto& header : requestHeaderFields) {
91 if (equalIgnoringCase(header.key, "referer")) { 91 if (equalIgnoringCase(header.key, "referer")) {
92 // When the request is from a Worker, referrer header was added 92 // When the request is from a Worker, referrer header was added
93 // by WorkerThreadableLoader. But it should not be added to 93 // by WorkerThreadableLoader. But it should not be added to
94 // Access-Control-Request-Headers header. 94 // Access-Control-Request-Headers header.
95 continue; 95 continue;
96 } 96 }
97 if (equalIgnoringCase(header.key, "save-data")) {
98 // As a short-term fix, exclude Save-Data from
99 // Access-Control-Request-Headers header.
100 // TODO(crbug.com/601092): Longer-term all simple headers should
kinuko 2016/04/07 01:12:28 TODO(name): crbug.com/601092 Longer-term all simpl
Raj 2016/04/07 01:18:14 Done.
101 // be excluded as well.
102 continue;
103 }
97 headers.append(header.key.lower()); 104 headers.append(header.key.lower());
98 } 105 }
99 std::sort(headers.begin(), headers.end(), WTF::codePointCompareLessThan) ; 106 std::sort(headers.begin(), headers.end(), WTF::codePointCompareLessThan) ;
100 StringBuilder headerBuffer; 107 StringBuilder headerBuffer;
101 for (const String& header : headers) { 108 for (const String& header : headers) {
102 if (!headerBuffer.isEmpty()) 109 if (!headerBuffer.isEmpty())
103 headerBuffer.appendLiteral(", "); 110 headerBuffer.appendLiteral(", ");
104 headerBuffer.append(header); 111 headerBuffer.append(header);
105 } 112 }
106 preflightRequest.setHTTPHeaderField(HTTPNames::Access_Control_Request_He aders, AtomicString(headerBuffer.toString())); 113 preflightRequest.setHTTPHeaderField(HTTPNames::Access_Control_Request_He aders, AtomicString(headerBuffer.toString()));
(...skipping 182 matching lines...) Expand 10 before | Expand all | Expand 10 after
289 newRequest.setHTTPOrigin(securityOrigin); 296 newRequest.setHTTPOrigin(securityOrigin);
290 // If the user didn't request credentials in the first place, update our 297 // If the user didn't request credentials in the first place, update our
291 // state so we neither request them nor expect they must be allowed. 298 // state so we neither request them nor expect they must be allowed.
292 if (options.credentialsRequested == ClientDidNotRequestCredentials) 299 if (options.credentialsRequested == ClientDidNotRequestCredentials)
293 options.allowCredentials = DoNotAllowStoredCredentials; 300 options.allowCredentials = DoNotAllowStoredCredentials;
294 } 301 }
295 return true; 302 return true;
296 } 303 }
297 304
298 } // namespace blink 305 } // namespace blink
OLDNEW
« no previous file with comments | « net/test/embedded_test_server/http_request.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698