OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. |
3 * Copyright (C) 2013, Intel Corporation | 3 * Copyright (C) 2013, Intel Corporation |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions are | 6 * modification, are permitted provided that the following conditions are |
7 * met: | 7 * met: |
8 * | 8 * |
9 * * Redistributions of source code must retain the above copyright | 9 * * Redistributions of source code must retain the above copyright |
10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
(...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
92 } | 92 } |
93 | 93 |
94 makeCrossOriginAccessRequest(request); | 94 makeCrossOriginAccessRequest(request); |
95 } | 95 } |
96 | 96 |
97 void DocumentThreadableLoader::makeCrossOriginAccessRequest(const ResourceReques
t& request) | 97 void DocumentThreadableLoader::makeCrossOriginAccessRequest(const ResourceReques
t& request) |
98 { | 98 { |
99 ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl); | 99 ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl); |
100 | 100 |
101 OwnPtr<ResourceRequest> crossOriginRequest = adoptPtr(new ResourceRequest(re
quest)); | 101 OwnPtr<ResourceRequest> crossOriginRequest = adoptPtr(new ResourceRequest(re
quest)); |
102 updateRequestForAccessControl(*crossOriginRequest, securityOrigin(), m_optio
ns.allowCredentials); | |
103 | 102 |
104 if ((m_options.preflightPolicy == ConsiderPreflight && isSimpleCrossOriginAc
cessRequest(crossOriginRequest->httpMethod(), crossOriginRequest->httpHeaderFiel
ds())) || m_options.preflightPolicy == PreventPreflight) | 103 if ((m_options.preflightPolicy == ConsiderPreflight && isSimpleCrossOriginAc
cessRequest(crossOriginRequest->httpMethod(), crossOriginRequest->httpHeaderFiel
ds())) || m_options.preflightPolicy == PreventPreflight) { |
| 104 updateRequestForAccessControl(*crossOriginRequest, m_options.allowCreden
tials, securityOrigin()); |
105 makeSimpleCrossOriginAccessRequest(*crossOriginRequest); | 105 makeSimpleCrossOriginAccessRequest(*crossOriginRequest); |
106 else { | 106 } else { |
107 m_simpleRequest = false; | 107 m_simpleRequest = false; |
| 108 // Do not set the Origin header for preflight requests. |
| 109 updateRequestForAccessControl(*crossOriginRequest, m_options.allowCreden
tials); |
108 m_actualRequest = crossOriginRequest.release(); | 110 m_actualRequest = crossOriginRequest.release(); |
109 | 111 |
110 if (CrossOriginPreflightResultCache::shared().canSkipPreflight(securityO
rigin()->toString(), m_actualRequest->url(), m_options.allowCredentials, m_actua
lRequest->httpMethod(), m_actualRequest->httpHeaderFields())) | 112 if (CrossOriginPreflightResultCache::shared().canSkipPreflight(securityO
rigin()->toString(), m_actualRequest->url(), m_options.allowCredentials, m_actua
lRequest->httpMethod(), m_actualRequest->httpHeaderFields())) |
111 preflightSuccess(); | 113 preflightSuccess(); |
112 else | 114 else |
113 makeCrossOriginAccessRequestWithPreflight(*m_actualRequest); | 115 makeCrossOriginAccessRequestWithPreflight(*m_actualRequest); |
114 } | 116 } |
115 } | 117 } |
116 | 118 |
117 void DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest(const Resource
Request& request) | 119 void DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest(const Resource
Request& request) |
(...skipping 361 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
479 return true; | 481 return true; |
480 return m_document->contentSecurityPolicy()->allowConnectToSource(url); | 482 return m_document->contentSecurityPolicy()->allowConnectToSource(url); |
481 } | 483 } |
482 | 484 |
483 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const | 485 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const |
484 { | 486 { |
485 return m_options.securityOrigin ? m_options.securityOrigin.get() : m_documen
t->securityOrigin(); | 487 return m_options.securityOrigin ? m_options.securityOrigin.get() : m_documen
t->securityOrigin(); |
486 } | 488 } |
487 | 489 |
488 } // namespace WebCore | 490 } // namespace WebCore |
OLD | NEW |