Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(235)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/loader/CrossOriginAccessControl.cpp

Issue 18595008: Prevents sending of 'orgin' in the "Access-Control-Request-Headers" when preflight requests are mad… (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Source/core/loader/CrossOriginAccessControl.h ('k') | Source/core/loader/DocumentThreadableLoader.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2008 Apple Inc. All Rights Reserved. 2 * Copyright (C) 2008 Apple Inc. All Rights Reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after
90 return headerSet.release(); 90 return headerSet.release();
91 } 91 }
92 92
93 bool isOnAccessControlResponseHeaderWhitelist(const String& name) 93 bool isOnAccessControlResponseHeaderWhitelist(const String& name)
94 { 94 {
95 AtomicallyInitializedStatic(HTTPHeaderSet*, allowedCrossOriginResponseHeader s = createAllowedCrossOriginResponseHeadersSet().leakPtr()); 95 AtomicallyInitializedStatic(HTTPHeaderSet*, allowedCrossOriginResponseHeader s = createAllowedCrossOriginResponseHeadersSet().leakPtr());
96 96
97 return allowedCrossOriginResponseHeaders->contains(name); 97 return allowedCrossOriginResponseHeaders->contains(name);
98 } 98 }
99 99
100 void updateRequestForAccessControl(ResourceRequest& request, StoredCredentials a llowCredentials)
101 {
102 request.removeCredentials();
103 request.setAllowCookies(allowCredentials == AllowStoredCredentials);
104 }
105
bbudge 2013/07/12 19:10:11 Why not allow a NULL securityOrigin parameter in t
ancilgeorge 2013/07/15 15:32:46 Done. Could you please review the changes.
100 void updateRequestForAccessControl(ResourceRequest& request, SecurityOrigin* sec urityOrigin, StoredCredentials allowCredentials) 106 void updateRequestForAccessControl(ResourceRequest& request, SecurityOrigin* sec urityOrigin, StoredCredentials allowCredentials)
101 { 107 {
102 request.removeCredentials(); 108 request.removeCredentials();
103 request.setAllowCookies(allowCredentials == AllowStoredCredentials); 109 request.setAllowCookies(allowCredentials == AllowStoredCredentials);
104 request.setHTTPOrigin(securityOrigin->toString()); 110 request.setHTTPOrigin(securityOrigin->toString());
105 } 111 }
106 112
107 ResourceRequest createAccessControlPreflightRequest(const ResourceRequest& reque st, SecurityOrigin* securityOrigin) 113 ResourceRequest createAccessControlPreflightRequest(const ResourceRequest& reque st, SecurityOrigin* securityOrigin)
108 { 114 {
109 ResourceRequest preflightRequest(request.url()); 115 ResourceRequest preflightRequest(request.url());
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after
174 Vector<String> headers; 180 Vector<String> headers;
175 headerValue.split(',', false, headers); 181 headerValue.split(',', false, headers);
176 for (unsigned headerCount = 0; headerCount < headers.size(); headerCount++) { 182 for (unsigned headerCount = 0; headerCount < headers.size(); headerCount++) {
177 String strippedHeader = headers[headerCount].stripWhiteSpace(); 183 String strippedHeader = headers[headerCount].stripWhiteSpace();
178 if (!strippedHeader.isEmpty()) 184 if (!strippedHeader.isEmpty())
179 headerSet.add(strippedHeader); 185 headerSet.add(strippedHeader);
180 } 186 }
181 } 187 }
182 188
183 } // namespace WebCore 189 } // namespace WebCore
OLDNEW
« no previous file with comments | « Source/core/loader/CrossOriginAccessControl.h ('k') | Source/core/loader/DocumentThreadableLoader.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698