Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(244)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/loader/CrossOriginAccessControl.cpp

Issue 18595008: Prevents sending of 'orgin' in the "Access-Control-Request-Headers" when preflight requests are mad… (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « LayoutTests/http/tests/xmlhttprequest/resources/access-control-preflight-request-headers-origin.php ('k') | Source/core/loader/DocumentThreadableLoader.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2008 Apple Inc. All Rights Reserved. 2 * Copyright (C) 2008 Apple Inc. All Rights Reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after
94 { 94 {
95 AtomicallyInitializedStatic(HTTPHeaderSet*, allowedCrossOriginResponseHeader s = createAllowedCrossOriginResponseHeadersSet().leakPtr()); 95 AtomicallyInitializedStatic(HTTPHeaderSet*, allowedCrossOriginResponseHeader s = createAllowedCrossOriginResponseHeadersSet().leakPtr());
96 96
97 return allowedCrossOriginResponseHeaders->contains(name); 97 return allowedCrossOriginResponseHeaders->contains(name);
98 } 98 }
99 99
100 void updateRequestForAccessControl(ResourceRequest& request, SecurityOrigin* sec urityOrigin, StoredCredentials allowCredentials) 100 void updateRequestForAccessControl(ResourceRequest& request, SecurityOrigin* sec urityOrigin, StoredCredentials allowCredentials)
101 { 101 {
102 request.removeCredentials(); 102 request.removeCredentials();
103 request.setAllowCookies(allowCredentials == AllowStoredCredentials); 103 request.setAllowCookies(allowCredentials == AllowStoredCredentials);
104 request.setHTTPOrigin(securityOrigin->toString()); 104
105 if (securityOrigin)
106 request.setHTTPOrigin(securityOrigin->toString());
105 } 107 }
106 108
107 ResourceRequest createAccessControlPreflightRequest(const ResourceRequest& reque st, SecurityOrigin* securityOrigin) 109 ResourceRequest createAccessControlPreflightRequest(const ResourceRequest& reque st, SecurityOrigin* securityOrigin)
108 { 110 {
109 ResourceRequest preflightRequest(request.url()); 111 ResourceRequest preflightRequest(request.url());
110 updateRequestForAccessControl(preflightRequest, securityOrigin, DoNotAllowSt oredCredentials); 112 updateRequestForAccessControl(preflightRequest, securityOrigin, DoNotAllowSt oredCredentials);
111 preflightRequest.setHTTPMethod("OPTIONS"); 113 preflightRequest.setHTTPMethod("OPTIONS");
112 preflightRequest.setHTTPHeaderField("Access-Control-Request-Method", request .httpMethod()); 114 preflightRequest.setHTTPHeaderField("Access-Control-Request-Method", request .httpMethod());
113 preflightRequest.setPriority(request.priority()); 115 preflightRequest.setPriority(request.priority());
114 116
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after
174 Vector<String> headers; 176 Vector<String> headers;
175 headerValue.split(',', false, headers); 177 headerValue.split(',', false, headers);
176 for (unsigned headerCount = 0; headerCount < headers.size(); headerCount++) { 178 for (unsigned headerCount = 0; headerCount < headers.size(); headerCount++) {
177 String strippedHeader = headers[headerCount].stripWhiteSpace(); 179 String strippedHeader = headers[headerCount].stripWhiteSpace();
178 if (!strippedHeader.isEmpty()) 180 if (!strippedHeader.isEmpty())
179 headerSet.add(strippedHeader); 181 headerSet.add(strippedHeader);
180 } 182 }
181 } 183 }
182 184
183 } // namespace WebCore 185 } // namespace WebCore
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/xmlhttprequest/resources/access-control-preflight-request-headers-origin.php ('k') | Source/core/loader/DocumentThreadableLoader.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698