Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(360)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/loader/DocumentThreadableLoader.cpp

Issue 21532002: CORS: Handle error HTTP status code 4XX/5XX in preflight requests. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 7 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« Source/core/loader/CrossOriginAccessControl.cpp ('K') | « Source/core/loader/CrossOriginAccessControl.cpp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved.
3 * Copyright (C) 2013, Intel Corporation 3 * Copyright (C) 2013, Intel Corporation
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are 6 * modification, are permitted provided that the following conditions are
7 * met: 7 * met:
8 * 8 *
9 * * Redistributions of source code must retain the above copyright 9 * * Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
(...skipping 268 matching lines...) Expand 10 before | Expand all | Expand 10 after
279 if (m_actualRequest) { 279 if (m_actualRequest) {
280 DocumentLoader* loader = m_document->frame()->loader()->documentLoader() ; 280 DocumentLoader* loader = m_document->frame()->loader()->documentLoader() ;
281 InspectorInstrumentationCookie cookie = InspectorInstrumentation::willRe ceiveResourceResponse(m_document->frame(), identifier, response); 281 InspectorInstrumentationCookie cookie = InspectorInstrumentation::willRe ceiveResourceResponse(m_document->frame(), identifier, response);
282 InspectorInstrumentation::didReceiveResourceResponse(cookie, identifier, loader, response, 0); 282 InspectorInstrumentation::didReceiveResourceResponse(cookie, identifier, loader, response, 0);
283 283
284 if (!passesAccessControlCheck(response, m_options.allowCredentials, secu rityOrigin(), accessControlErrorDescription)) { 284 if (!passesAccessControlCheck(response, m_options.allowCredentials, secu rityOrigin(), accessControlErrorDescription)) {
285 preflightFailure(identifier, response.url().string(), accessControlE rrorDescription); 285 preflightFailure(identifier, response.url().string(), accessControlE rrorDescription);
286 return; 286 return;
287 } 287 }
288 288
289 if (!passesPreflightStatusCheck(response, accessControlErrorDescription) ) {
290 preflightFailure(identifier, response.url().string(), accessControlE rrorDescription);
291 return;
292 }
293
289 OwnPtr<CrossOriginPreflightResultCacheItem> preflightResult = adoptPtr(n ew CrossOriginPreflightResultCacheItem(m_options.allowCredentials)); 294 OwnPtr<CrossOriginPreflightResultCacheItem> preflightResult = adoptPtr(n ew CrossOriginPreflightResultCacheItem(m_options.allowCredentials));
290 if (!preflightResult->parse(response, accessControlErrorDescription) 295 if (!preflightResult->parse(response, accessControlErrorDescription)
291 || !preflightResult->allowsCrossOriginMethod(m_actualRequest->httpMe thod(), accessControlErrorDescription) 296 || !preflightResult->allowsCrossOriginMethod(m_actualRequest->httpMe thod(), accessControlErrorDescription)
292 || !preflightResult->allowsCrossOriginHeaders(m_actualRequest->httpH eaderFields(), accessControlErrorDescription)) { 297 || !preflightResult->allowsCrossOriginHeaders(m_actualRequest->httpH eaderFields(), accessControlErrorDescription)) {
293 preflightFailure(identifier, response.url().string(), accessControlE rrorDescription); 298 preflightFailure(identifier, response.url().string(), accessControlE rrorDescription);
294 return; 299 return;
295 } 300 }
296 301
297 CrossOriginPreflightResultCache::shared().appendEntry(securityOrigin()-> toString(), m_actualRequest->url(), preflightResult.release()); 302 CrossOriginPreflightResultCache::shared().appendEntry(securityOrigin()-> toString(), m_actualRequest->url(), preflightResult.release());
298 } else { 303 } else {
(...skipping 182 matching lines...) Expand 10 before | Expand all | Expand 10 after
481 return true; 486 return true;
482 return m_document->contentSecurityPolicy()->allowConnectToSource(url); 487 return m_document->contentSecurityPolicy()->allowConnectToSource(url);
483 } 488 }
484 489
485 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const 490 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const
486 { 491 {
487 return m_options.securityOrigin ? m_options.securityOrigin.get() : m_documen t->securityOrigin(); 492 return m_options.securityOrigin ? m_options.securityOrigin.get() : m_documen t->securityOrigin();
488 } 493 }
489 494
490 } // namespace WebCore 495 } // namespace WebCore
OLDNEW
« Source/core/loader/CrossOriginAccessControl.cpp ('K') | « Source/core/loader/CrossOriginAccessControl.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698