Index: Source/core/loader/CrossOriginAccessControl.cpp |
diff --git a/Source/core/loader/CrossOriginAccessControl.cpp b/Source/core/loader/CrossOriginAccessControl.cpp |
index e77bf5db6299552e9fa4cb622ba05f6cd52566a9..082bdbbf6fb2d0475f1aa108fab41d623d9cf0f7 100644 |
--- a/Source/core/loader/CrossOriginAccessControl.cpp |
+++ b/Source/core/loader/CrossOriginAccessControl.cpp |
@@ -97,17 +97,19 @@ bool isOnAccessControlResponseHeaderWhitelist(const String& name) |
return allowedCrossOriginResponseHeaders->contains(name); |
} |
-void updateRequestForAccessControl(ResourceRequest& request, SecurityOrigin* securityOrigin, StoredCredentials allowCredentials) |
+void updateRequestForAccessControl(ResourceRequest& request, StoredCredentials allowCredentials, SecurityOrigin* securityOrigin) |
{ |
request.removeCredentials(); |
request.setAllowCookies(allowCredentials == AllowStoredCredentials); |
- request.setHTTPOrigin(securityOrigin->toString()); |
+ |
+ if (securityOrigin) |
+ request.setHTTPOrigin(securityOrigin->toString()); |
} |
ResourceRequest createAccessControlPreflightRequest(const ResourceRequest& request, SecurityOrigin* securityOrigin) |
{ |
ResourceRequest preflightRequest(request.url()); |
- updateRequestForAccessControl(preflightRequest, securityOrigin, DoNotAllowStoredCredentials); |
+ updateRequestForAccessControl(preflightRequest, DoNotAllowStoredCredentials, securityOrigin); |
preflightRequest.setHTTPMethod("OPTIONS"); |
preflightRequest.setHTTPHeaderField("Access-Control-Request-Method", request.httpMethod()); |
preflightRequest.setPriority(request.priority()); |