Source/core/loader/CrossOriginAccessControl.h - Issue 18595008: Prevents sending of 'orgin' in the "Access-Control-Request-Headers" when preflight requests are mad…

Side by Side Diff: Source/core/loader/CrossOriginAccessControl.h

Issue 18595008: Prevents sending of 'orgin' in the "Access-Control-Request-Headers" when preflight requests are mad… (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master

Patch Set: Created 7 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « LayoutTests/http/tests/xmlhttprequest/resources/access-control-preflight-request-headers-origin.php ('k') | Source/core/loader/CrossOriginAccessControl.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 2008 Apple Inc. All Rights Reserved.	2 * Copyright (C) 2008 Apple Inc. All Rights Reserved.

3 *	3 *

4 * Redistribution and use in source and binary forms, with or without	4 * Redistribution and use in source and binary forms, with or without

5 * modification, are permitted provided that the following conditions	5 * modification, are permitted provided that the following conditions

6 * are met:	6 * are met:

7 * 1. Redistributions of source code must retain the above copyright	7 * 1. Redistributions of source code must retain the above copyright

8 * notice, this list of conditions and the following disclaimer.	8 * notice, this list of conditions and the following disclaimer.

9 * 2. Redistributions in binary form must reproduce the above copyright	9 * 2. Redistributions in binary form must reproduce the above copyright

10 * notice, this list of conditions and the following disclaimer in the	10 * notice, this list of conditions and the following disclaimer in the

(...skipping 27 matching lines...) Expand all Loading...
38	38

39 class HTTPHeaderMap;	39 class HTTPHeaderMap;

40 class ResourceResponse;	40 class ResourceResponse;

41 class SecurityOrigin;	41 class SecurityOrigin;

42	42

43 bool isSimpleCrossOriginAccessRequest(const String& method, const HTTPHeaderMap& );	43 bool isSimpleCrossOriginAccessRequest(const String& method, const HTTPHeaderMap& );

44 bool isOnAccessControlSimpleRequestMethodWhitelist(const String&);	44 bool isOnAccessControlSimpleRequestMethodWhitelist(const String&);

45 bool isOnAccessControlSimpleRequestHeaderWhitelist(const String& name, const Str ing& value);	45 bool isOnAccessControlSimpleRequestHeaderWhitelist(const String& name, const Str ing& value);

46 bool isOnAccessControlResponseHeaderWhitelist(const String&);	46 bool isOnAccessControlResponseHeaderWhitelist(const String&);

47	47

48 void updateRequestForAccessControl(ResourceRequest&, SecurityOrigin*, StoredCred entials);	48 void updateRequestForAccessControl(ResourceRequest&, StoredCredentials, Security Origin* = 0);
	bbudge 2013/07/15 17:00:25 If you don't supply a default parameter value, you If you don't supply a default parameter value, you can leave the ordering unchanged. I think I prefer the original parameter ordering too. Then you will have to explicitly pass a NULL parameter at the call site where you want to prevent sending the origin. I think that will help make the code clearer too. ancilgeorge 2013/07/16 06:26:27 Done. Show quoted text On 2013/07/15 17:00:25, bbudge1 wrote: > If you don't supply a default parameter value, you can leave the ordering > unchanged. I think I prefer the original parameter ordering too. > > Then you will have to explicitly pass a NULL parameter at the call site where > you want to prevent sending the origin. I think that will help make the code > clearer too. Done.
49 ResourceRequest createAccessControlPreflightRequest(const ResourceRequest&, Secu rityOrigin*);	49 ResourceRequest createAccessControlPreflightRequest(const ResourceRequest&, Secu rityOrigin*);

50	50

51 bool passesAccessControlCheck(const ResourceResponse&, StoredCredentials, Securi tyOrigin*, String& errorDescription);	51 bool passesAccessControlCheck(const ResourceResponse&, StoredCredentials, Securi tyOrigin*, String& errorDescription);

52 void parseAccessControlExposeHeadersAllowList(const String& headerValue, HTTPHea derSet&);	52 void parseAccessControlExposeHeadersAllowList(const String& headerValue, HTTPHea derSet&);

53	53

54 } // namespace WebCore	54 } // namespace WebCore

55	55

56 #endif // CrossOriginAccessControl_h	56 #endif // CrossOriginAccessControl_h

OLD	NEW