Chromium Code Reviews Chromium Code Reviews
Issue 18595008:
Prevents sending of 'orgin' in the "Access-Control-Request-Headers" when preflight requests are mad… (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master| Index: Source/core/loader/CrossOriginAccessControl.cpp |
| diff --git a/Source/core/loader/CrossOriginAccessControl.cpp b/Source/core/loader/CrossOriginAccessControl.cpp |
| index e77bf5db6299552e9fa4cb622ba05f6cd52566a9..bdeba735cc577424f548de11f8d885225bcd8c9b 100644 |
| --- a/Source/core/loader/CrossOriginAccessControl.cpp |
| +++ b/Source/core/loader/CrossOriginAccessControl.cpp |
| @@ -97,6 +97,12 @@ bool isOnAccessControlResponseHeaderWhitelist(const String& name) |
| return allowedCrossOriginResponseHeaders->contains(name); |
| } |
| +void updateRequestForAccessControl(ResourceRequest& request, StoredCredentials allowCredentials) |
| +{ |
| + request.removeCredentials(); |
| + request.setAllowCookies(allowCredentials == AllowStoredCredentials); |
| +} |
| + |
|
bbudge
2013/07/12 19:10:11
Why not allow a NULL securityOrigin parameter in t
ancilgeorge
2013/07/15 15:32:46
Done. Could you please review the changes.
|
| void updateRequestForAccessControl(ResourceRequest& request, SecurityOrigin* securityOrigin, StoredCredentials allowCredentials) |
| { |
| request.removeCredentials(); |
