OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. |
3 * Copyright (C) 2013, Intel Corporation | 3 * Copyright (C) 2013, Intel Corporation |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions are | 6 * modification, are permitted provided that the following conditions are |
7 * met: | 7 * met: |
8 * | 8 * |
9 * * Redistributions of source code must retain the above copyright | 9 * * Redistributions of source code must retain the above copyright |
10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
(...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
92 } | 92 } |
93 | 93 |
94 makeCrossOriginAccessRequest(request); | 94 makeCrossOriginAccessRequest(request); |
95 } | 95 } |
96 | 96 |
97 void DocumentThreadableLoader::makeCrossOriginAccessRequest(const ResourceReques t& request) | 97 void DocumentThreadableLoader::makeCrossOriginAccessRequest(const ResourceReques t& request) |
98 { | 98 { |
99 ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl); | 99 ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl); |
100 | 100 |
101 OwnPtr<ResourceRequest> crossOriginRequest = adoptPtr(new ResourceRequest(re quest)); | 101 OwnPtr<ResourceRequest> crossOriginRequest = adoptPtr(new ResourceRequest(re quest)); |
102 updateRequestForAccessControl(*crossOriginRequest, securityOrigin(), m_optio ns.allowCredentials); | |
103 | 102 |
104 if ((m_options.preflightPolicy == ConsiderPreflight && isSimpleCrossOriginAc cessRequest(crossOriginRequest->httpMethod(), crossOriginRequest->httpHeaderFiel ds())) || m_options.preflightPolicy == PreventPreflight) | 103 if ((m_options.preflightPolicy == ConsiderPreflight && isSimpleCrossOriginAc cessRequest(crossOriginRequest->httpMethod(), crossOriginRequest->httpHeaderFiel ds())) || m_options.preflightPolicy == PreventPreflight) { |
104 updateRequestForAccessControl(*crossOriginRequest, securityOrigin(), m_o ptions.allowCredentials); | |
105 makeSimpleCrossOriginAccessRequest(*crossOriginRequest); | 105 makeSimpleCrossOriginAccessRequest(*crossOriginRequest); |
106 else { | 106 } else { |
107 m_simpleRequest = false; | 107 m_simpleRequest = false; |
108 // Do not set the Origin header for preflight requests. | |
109 updateRequestForAccessControl(*crossOriginRequest, static_cast<SecurityO rigin*>(0), m_options.allowCredentials); | |
abarth-chromium
2013/07/16 06:28:20
You shouldn't need the static_cast here.
ancilgeorge
2013/07/16 07:05:01
Done.
| |
108 m_actualRequest = crossOriginRequest.release(); | 110 m_actualRequest = crossOriginRequest.release(); |
109 | 111 |
110 if (CrossOriginPreflightResultCache::shared().canSkipPreflight(securityO rigin()->toString(), m_actualRequest->url(), m_options.allowCredentials, m_actua lRequest->httpMethod(), m_actualRequest->httpHeaderFields())) | 112 if (CrossOriginPreflightResultCache::shared().canSkipPreflight(securityO rigin()->toString(), m_actualRequest->url(), m_options.allowCredentials, m_actua lRequest->httpMethod(), m_actualRequest->httpHeaderFields())) |
111 preflightSuccess(); | 113 preflightSuccess(); |
112 else | 114 else |
113 makeCrossOriginAccessRequestWithPreflight(*m_actualRequest); | 115 makeCrossOriginAccessRequestWithPreflight(*m_actualRequest); |
114 } | 116 } |
115 } | 117 } |
116 | 118 |
117 void DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest(const Resource Request& request) | 119 void DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest(const Resource Request& request) |
(...skipping 361 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
479 return true; | 481 return true; |
480 return m_document->contentSecurityPolicy()->allowConnectToSource(url); | 482 return m_document->contentSecurityPolicy()->allowConnectToSource(url); |
481 } | 483 } |
482 | 484 |
483 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const | 485 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const |
484 { | 486 { |
485 return m_options.securityOrigin ? m_options.securityOrigin.get() : m_documen t->securityOrigin(); | 487 return m_options.securityOrigin ? m_options.securityOrigin.get() : m_documen t->securityOrigin(); |
486 } | 488 } |
487 | 489 |
488 } // namespace WebCore | 490 } // namespace WebCore |
OLD | NEW |