third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp - Issue 1890053002: Exclude simple headers when building Access-Control-Request-Headers

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp

Issue 1890053002: Exclude simple headers when building Access-Control-Request-Headers (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Rebase Created 4 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.h ('k') | third_party/WebKit/Source/core/fetch/CrossOriginAccessControlTest.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp

diff --git a/third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp b/third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp

index 7d3f7a5fbd2fc6416da0afdd35ab4324368f4975..8b794e834a16bb03b8310aec1f672aa14fd56640 100644

--- a/third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp

+++ b/third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp

@@ -26,6 +26,7 @@

#include "core/fetch/CrossOriginAccessControl.h"

+#include "core/fetch/FetchUtils.h"

#include "core/fetch/Resource.h"

#include "core/fetch/ResourceLoaderOptions.h"

#include "platform/network/HTTPParsers.h"

@@ -83,26 +84,23 @@ ResourceRequest createAccessControlPreflightRequest(const ResourceRequest& reque

const HTTPHeaderMap& requestHeaderFields = request.httpHeaderFields();

if (requestHeaderFields.size() > 0) {

- // Sort header names lexicographically: https://crbug.com/452391

// Fetch API Spec:

// https://fetch.spec.whatwg.org/#cors-preflight-fetch-0

Vector<String> headers;

for (const auto& header : requestHeaderFields) {

+ if (FetchUtils::isSimpleHeader(header.key, header.value)) {

+ // Exclude simple headers.

+ continue;

+ }

if (equalIgnoringCase(header.key, "referer")) {

// When the request is from a Worker, referrer header was added

// by WorkerThreadableLoader. But it should not be added to

// Access-Control-Request-Headers header.

continue;

}

- if (equalIgnoringCase(header.key, "save-data")) {

- // As a short-term fix, exclude Save-Data from

- // Access-Control-Request-Headers header.

- // TODO(rajendrant): crbug.com/601092 Longer-term all simple

- // headers should be excluded as well.

- continue;

- }

headers.append(header.key.lower());

}

+ // Sort header names lexicographically.

std::sort(headers.begin(), headers.end(), WTF::codePointCompareLessThan);

StringBuilder headerBuffer;

for (const String& header : headers) {