Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(6)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp

Issue 2290193003: Include the Origin header for XHR and Fetch API even if the request is same-origin
Patch Set: a Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/loader/ThreadableLoader.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2004, 2006, 2008 Apple Inc. All rights reserved. 2 * Copyright (C) 2004, 2006, 2008 Apple Inc. All rights reserved.
3 * Copyright (C) 2005-2007 Alexey Proskuryakov <ap@webkit.org> 3 * Copyright (C) 2005-2007 Alexey Proskuryakov <ap@webkit.org>
4 * Copyright (C) 2007, 2008 Julien Chaffraix <jchaffraix@webkit.org> 4 * Copyright (C) 2007, 2008 Julien Chaffraix <jchaffraix@webkit.org>
5 * Copyright (C) 2008, 2011 Google Inc. All rights reserved. 5 * Copyright (C) 2008, 2011 Google Inc. All rights reserved.
6 * Copyright (C) 2012 Intel Corporation 6 * Copyright (C) 2012 Intel Corporation
7 * 7 *
8 * This library is free software; you can redistribute it and/or 8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public 9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either 10 * License as published by the Free Software Foundation; either
(...skipping 887 matching lines...) Expand 10 before | Expand all | Expand 10 after
898 898
899 if (m_requestHeaders.size() > 0) 899 if (m_requestHeaders.size() > 0)
900 request.addHTTPHeaderFields(m_requestHeaders); 900 request.addHTTPHeaderFields(m_requestHeaders);
901 901
902 ThreadableLoaderOptions options; 902 ThreadableLoaderOptions options;
903 options.preflightPolicy = uploadEvents ? ForcePreflight : ConsiderPreflight; 903 options.preflightPolicy = uploadEvents ? ForcePreflight : ConsiderPreflight;
904 options.crossOriginRequestPolicy = UseAccessControl; 904 options.crossOriginRequestPolicy = UseAccessControl;
905 options.initiator = FetchInitiatorTypeNames::xmlhttprequest; 905 options.initiator = FetchInitiatorTypeNames::xmlhttprequest;
906 options.contentSecurityPolicyEnforcement = ContentSecurityPolicy::shouldBypa ssMainWorld(&executionContext) ? DoNotEnforceContentSecurityPolicy : EnforceCont entSecurityPolicy; 906 options.contentSecurityPolicyEnforcement = ContentSecurityPolicy::shouldBypa ssMainWorld(&executionContext) ? DoNotEnforceContentSecurityPolicy : EnforceCont entSecurityPolicy;
907 options.timeoutMilliseconds = m_timeoutMilliseconds; 907 options.timeoutMilliseconds = m_timeoutMilliseconds;
908 options.sameOriginHeaderPolicy = IncludeSameOriginHeader;
908 909
909 ResourceLoaderOptions resourceLoaderOptions; 910 ResourceLoaderOptions resourceLoaderOptions;
910 resourceLoaderOptions.allowCredentials = (m_sameOriginRequest || m_includeCr edentials) ? AllowStoredCredentials : DoNotAllowStoredCredentials; 911 resourceLoaderOptions.allowCredentials = (m_sameOriginRequest || m_includeCr edentials) ? AllowStoredCredentials : DoNotAllowStoredCredentials;
911 resourceLoaderOptions.credentialsRequested = m_includeCredentials ? ClientRe questedCredentials : ClientDidNotRequestCredentials; 912 resourceLoaderOptions.credentialsRequested = m_includeCredentials ? ClientRe questedCredentials : ClientDidNotRequestCredentials;
912 resourceLoaderOptions.securityOrigin = getSecurityOrigin(); 913 resourceLoaderOptions.securityOrigin = getSecurityOrigin();
913 914
914 // When responseType is set to "blob", we redirect the downloaded data to a 915 // When responseType is set to "blob", we redirect the downloaded data to a
915 // file-handle directly. 916 // file-handle directly.
916 m_downloadingToFile = getResponseTypeCode() == ResponseTypeBlob; 917 m_downloadingToFile = getResponseTypeCode() == ResponseTypeBlob;
917 if (m_downloadingToFile) { 918 if (m_downloadingToFile) {
(...skipping 807 matching lines...) Expand 10 before | Expand all | Expand 10 after
1725 visitor->traceWrappers(m_responseDocument); 1726 visitor->traceWrappers(m_responseDocument);
1726 visitor->traceWrappers(m_responseArrayBuffer); 1727 visitor->traceWrappers(m_responseArrayBuffer);
1727 } 1728 }
1728 1729
1729 std::ostream& operator<<(std::ostream& ostream, const XMLHttpRequest* xhr) 1730 std::ostream& operator<<(std::ostream& ostream, const XMLHttpRequest* xhr)
1730 { 1731 {
1731 return ostream << "XMLHttpRequest " << static_cast<const void*>(xhr); 1732 return ostream << "XMLHttpRequest " << static_cast<const void*>(xhr);
1732 } 1733 }
1733 1734
1734 } // namespace blink 1735 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/loader/ThreadableLoader.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698