Source/core/loader/DocumentThreadableLoader.cpp - Issue 18595008: Prevents sending of 'orgin' in the "Access-Control-Request-Headers" when preflight requests are mad…

Side by Side Diff: Source/core/loader/DocumentThreadableLoader.cpp

Issue 18595008: Prevents sending of 'orgin' in the "Access-Control-Request-Headers" when preflight requests are mad… (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master

Patch Set: Created 7 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved.	2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved.

3 * Copyright (C) 2013, Intel Corporation	3 * Copyright (C) 2013, Intel Corporation

4 *	4 *

5 * Redistribution and use in source and binary forms, with or without	5 * Redistribution and use in source and binary forms, with or without

6 * modification, are permitted provided that the following conditions are	6 * modification, are permitted provided that the following conditions are

7 * met:	7 * met:

8 *	8 *

9 * * Redistributions of source code must retain the above copyright	9 * * Redistributions of source code must retain the above copyright

10 * notice, this list of conditions and the following disclaimer.	10 * notice, this list of conditions and the following disclaimer.

(...skipping 81 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
92 }	92 }

93	93

94 makeCrossOriginAccessRequest(request);	94 makeCrossOriginAccessRequest(request);

95 }	95 }

96	96

97 void DocumentThreadableLoader::makeCrossOriginAccessRequest(const ResourceReques t& request)	97 void DocumentThreadableLoader::makeCrossOriginAccessRequest(const ResourceReques t& request)

98 {	98 {

99 ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl);	99 ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl);

100	100

101 OwnPtr<ResourceRequest> crossOriginRequest = adoptPtr(new ResourceRequest(re quest));	101 OwnPtr<ResourceRequest> crossOriginRequest = adoptPtr(new ResourceRequest(re quest));

102 updateRequestForAccessControl(*crossOriginRequest, securityOrigin(), m_optio ns.allowCredentials);

103	102

104 if ((m_options.preflightPolicy == ConsiderPreflight && isSimpleCrossOriginAc cessRequest(crossOriginRequest->httpMethod(), crossOriginRequest->httpHeaderFiel ds())) \|\| m_options.preflightPolicy == PreventPreflight)	103 if ((m_options.preflightPolicy == ConsiderPreflight && isSimpleCrossOriginAc cessRequest(crossOriginRequest->httpMethod(), crossOriginRequest->httpHeaderFiel ds())) \|\| m_options.preflightPolicy == PreventPreflight) {

	104 updateRequestForAccessControl(*crossOriginRequest, securityOrigin(), m_o ptions.allowCredentials);

105 makeSimpleCrossOriginAccessRequest(*crossOriginRequest);	105 makeSimpleCrossOriginAccessRequest(*crossOriginRequest);

106 else {	106 } else {

107 m_simpleRequest = false;	107 m_simpleRequest = false;

	108 updateRequestForAccessControl(*crossOriginRequest, m_options.allowCreden tials);

108 m_actualRequest = crossOriginRequest.release();	109 m_actualRequest = crossOriginRequest.release();

109	110

110 if (CrossOriginPreflightResultCache::shared().canSkipPreflight(securityO rigin()->toString(), m_actualRequest->url(), m_options.allowCredentials, m_actua lRequest->httpMethod(), m_actualRequest->httpHeaderFields()))	111 if (CrossOriginPreflightResultCache::shared().canSkipPreflight(securityO rigin()->toString(), m_actualRequest->url(), m_options.allowCredentials, m_actua lRequest->httpMethod(), m_actualRequest->httpHeaderFields()))

111 preflightSuccess();	112 preflightSuccess();

112 else	113 else

113 makeCrossOriginAccessRequestWithPreflight(*m_actualRequest);	114 makeCrossOriginAccessRequestWithPreflight(*m_actualRequest);

114 }	115 }

115 }	116 }

116	117

117 void DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest(const Resource Request& request)	118 void DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest(const Resource Request& request)

(...skipping 361 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
479 return true;	480 return true;

480 return m_document->contentSecurityPolicy()->allowConnectToSource(url);	481 return m_document->contentSecurityPolicy()->allowConnectToSource(url);

481 }	482 }

482	483

483 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const	484 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const

484 {	485 {

485 return m_options.securityOrigin ? m_options.securityOrigin.get() : m_documen t->securityOrigin();	486 return m_options.securityOrigin ? m_options.securityOrigin.get() : m_documen t->securityOrigin();

486 }	487 }

487	488

488 } // namespace WebCore	489 } // namespace WebCore

OLD	NEW

« Source/core/loader/CrossOriginAccessControl.cpp ('K') | « Source/core/loader/CrossOriginAccessControl.cpp ('k') | no next file » | no next file with comments »