Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1123)

Unified Diff: Source/core/loader/CrossOriginAccessControl.cpp

Issue 18595008: Prevents sending of 'orgin' in the "Access-Control-Request-Headers" when preflight requests are mad… (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: Source/core/loader/CrossOriginAccessControl.cpp
diff --git a/Source/core/loader/CrossOriginAccessControl.cpp b/Source/core/loader/CrossOriginAccessControl.cpp
index e77bf5db6299552e9fa4cb622ba05f6cd52566a9..082bdbbf6fb2d0475f1aa108fab41d623d9cf0f7 100644
--- a/Source/core/loader/CrossOriginAccessControl.cpp
+++ b/Source/core/loader/CrossOriginAccessControl.cpp
@@ -97,17 +97,19 @@ bool isOnAccessControlResponseHeaderWhitelist(const String& name)
return allowedCrossOriginResponseHeaders->contains(name);
}
-void updateRequestForAccessControl(ResourceRequest& request, SecurityOrigin* securityOrigin, StoredCredentials allowCredentials)
+void updateRequestForAccessControl(ResourceRequest& request, StoredCredentials allowCredentials, SecurityOrigin* securityOrigin)
{
request.removeCredentials();
request.setAllowCookies(allowCredentials == AllowStoredCredentials);
- request.setHTTPOrigin(securityOrigin->toString());
+
+ if (securityOrigin)
+ request.setHTTPOrigin(securityOrigin->toString());
}
ResourceRequest createAccessControlPreflightRequest(const ResourceRequest& request, SecurityOrigin* securityOrigin)
{
ResourceRequest preflightRequest(request.url());
- updateRequestForAccessControl(preflightRequest, securityOrigin, DoNotAllowStoredCredentials);
+ updateRequestForAccessControl(preflightRequest, DoNotAllowStoredCredentials, securityOrigin);
preflightRequest.setHTTPMethod("OPTIONS");
preflightRequest.setHTTPHeaderField("Access-Control-Request-Method", request.httpMethod());
preflightRequest.setPriority(request.priority());

Powered by Google App Engine
This is Rietveld 408576698