Reflow comments in core/fetch

third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp

 /*
  * Copyright (C) 2008 Apple Inc. All Rights Reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
@@ skipping 65 matching lines @@
   preflightRequest.setRequestContext(request.requestContext());
   preflightRequest.setSkipServiceWorker(WebURLRequest::SkipServiceWorker::All);
 
   if (request.isExternalRequest())
     preflightRequest.setHTTPHeaderField(
         HTTPNames::Access_Control_Request_External, "true");
 
   const HTTPHeaderMap& requestHeaderFields = request.httpHeaderFields();
 
   if (requestHeaderFields.size() > 0) {
-    // Fetch API Spec:
-    //   https://fetch.spec.whatwg.org/#cors-preflight-fetch-0
+    // Fetch API Spec: https://fetch.spec.whatwg.org/#cors-preflight-fetch-0
     Vector<String> headers;
     for (const auto& header : requestHeaderFields) {
       if (FetchUtils::isSimpleHeader(header.key, header.value)) {
         // Exclude simple headers.
         continue;
       }
       if (equalIgnoringCase(header.key, "referer")) {
-        // When the request is from a Worker, referrer header was added
-        // by WorkerThreadableLoader. But it should not be added to
+        // When the request is from a Worker, referrer header was added by
+        // WorkerThreadableLoader. But it should not be added to
         // Access-Control-Request-Headers header.
         continue;
       }
       headers.append(header.key.lower());
     }
     // Sort header names lexicographically.
     std::sort(headers.begin(), headers.end(), WTF::codePointCompareLessThan);
     StringBuilder headerBuffer;
     for (const String& header : headers) {
       if (!headerBuffer.isEmpty())
         headerBuffer.append(", ");
       headerBuffer.append(header);
     }
     preflightRequest.setHTTPHeaderField(
         HTTPNames::Access_Control_Request_Headers,
         AtomicString(headerBuffer.toString()));
   }
 
   return preflightRequest;
 }
 
 static bool isOriginSeparator(UChar ch) {
   return isASCIISpace(ch) || ch == ',';
 }
 
 static bool isInterestingStatusCode(int statusCode) {
-  // Predicate that gates what status codes should be included in
-  // console error messages for responses containing no access
-  // control headers.
+  // Predicate that gates what status codes should be included in console error
+  // messages for responses containing no access control headers.
   return statusCode >= 400;
 }
 
 static String buildAccessControlFailureMessage(
     const String& detail,
     const SecurityOrigin* securityOrigin) {
   return detail + " Origin '" + securityOrigin->toString() +
          "' is therefore not allowed access.";
 }
 
@@ skipping 19 matching lines @@
 
   if (!statusCode) {
     errorDescription =
         buildAccessControlFailureMessage("Invalid response.", securityOrigin);
     return false;
   }
 
   const AtomicString& allowOriginHeaderValue =
       response.httpHeaderField(allowOriginHeaderName);
 
-  // Check Suborigins, unless the Access-Control-Allow-Origin is '*',
-  // which implies that all Suborigins are okay as well.
+  // Check Suborigins, unless the Access-Control-Allow-Origin is '*', which
+  // implies that all Suborigins are okay as well.
   if (securityOrigin->hasSuborigin() && allowOriginHeaderValue != starAtom) {
     const AtomicString& allowSuboriginHeaderValue =
         response.httpHeaderField(allowSuboriginHeaderName);
     AtomicString atomicSuboriginName(securityOrigin->suborigin()->name());
     if (allowSuboriginHeaderValue != starAtom &&
         allowSuboriginHeaderValue != atomicSuboriginName) {
       errorDescription = buildAccessControlFailureMessage(
           "The 'Access-Control-Allow-Suborigin' header has a value '" +
               allowSuboriginHeaderValue +
               "' that is not equal to the supplied suborigin.",
           securityOrigin);
       return false;
     }
   }
 
   if (allowOriginHeaderValue == starAtom) {
-    // A wildcard Access-Control-Allow-Origin can not be used if credentials are to be sent,
-    // even with Access-Control-Allow-Credentials set to true.
+    // A wildcard Access-Control-Allow-Origin can not be used if credentials are
+    // to be sent, even with Access-Control-Allow-Credentials set to true.
     if (includeCredentials == DoNotAllowStoredCredentials)
       return true;
     if (response.isHTTP()) {
       errorDescription = buildAccessControlFailureMessage(
           "A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' "
           "header when the credentials flag is true.",
           securityOrigin);
 
       if (context == WebURLRequest::RequestContextXMLHttpRequest)
         errorDescription.append(
@@ skipping 64 matching lines @@
       return false;
     }
   }
 
   return true;
 }
 
 bool passesPreflightStatusCheck(const ResourceResponse& response,
                                 String& errorDescription) {
   // CORS preflight with 3XX is considered network error in
-  // Fetch API Spec:
-  //   https://fetch.spec.whatwg.org/#cors-preflight-fetch
-  // CORS Spec:
-  //   http://www.w3.org/TR/cors/#cross-origin-request-with-preflight-0
+  // Fetch API Spec: https://fetch.spec.whatwg.org/#cors-preflight-fetch
+  // CORS Spec: http://www.w3.org/TR/cors/#cross-origin-request-with-preflight-0
   // https://crbug.com/452394
   if (response.httpStatusCode() < 200 || response.httpStatusCode() >= 300) {
     errorDescription = "Response for preflight has invalid HTTP status code " +
                        String::number(response.httpStatusCode());
     return false;
   }
 
   return true;
 }
 
@@ skipping 29 matching lines @@
     String strippedHeader = headers[headerCount].stripWhiteSpace();
     if (!strippedHeader.isEmpty())
       headerSet.add(strippedHeader);
   }
 }
 
 void extractCorsExposedHeaderNamesList(const ResourceResponse& response,
                                        HTTPHeaderSet& headerSet) {
   // If a response was fetched via a service worker, it will always have
   // corsExposedHeaderNames set, either from the Access-Control-Expose-Headers
-  // header, or explicitly via foreign fetch. For requests that didn't come
-  // from a service worker, foreign fetch doesn't apply so just parse the CORS
+  // header, or explicitly via foreign fetch. For requests that didn't come from
+  // a service worker, foreign fetch doesn't apply so just parse the CORS
   // header.
   if (response.wasFetchedViaServiceWorker()) {
     for (const auto& header : response.corsExposedHeaderNames())
       headerSet.add(header);
     return;
   }
   parseAccessControlExposeHeadersAllowList(
       response.httpHeaderField(HTTPNames::Access_Control_Expose_Headers),
       headerSet);
 }
 
 bool CrossOriginAccessControl::isLegalRedirectLocation(
     const KURL& requestURL,
     String& errorDescription) {
   // Block non HTTP(S) schemes as specified in the step 4 in
   // https://fetch.spec.whatwg.org/#http-redirect-fetch. Chromium also allows
   // the data scheme.
   //
-  // TODO(tyoshino): This check should be performed regardless of the CORS
-  // flag and request's mode.
+  // TODO(tyoshino): This check should be performed regardless of the CORS flag
+  // and request's mode.
   if (!SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(
           requestURL.protocol())) {
     errorDescription = "Redirect location '" + requestURL.getString() +
                        "' has a disallowed scheme for cross-origin requests.";
     return false;
   }
 
   // Block URLs including credentials as specified in the step 9 in
   // https://fetch.spec.whatwg.org/#http-redirect-fetch.
   //
@@ skipping 51 matching lines @@
     if (!lastOrigin->canRequest(newURL)) {
       options.securityOrigin = SecurityOrigin::createUnique();
       newSecurityOrigin = options.securityOrigin;
     }
   }
 
   if (!currentSecurityOrigin->canRequest(newURL)) {
     newRequest.clearHTTPOrigin();
     newRequest.setHTTPOrigin(newSecurityOrigin.get());
 
-    // Unset credentials flag if request's credentials mode is
-    // "same-origin" as request's response tainting becomes "cors".
+    // Unset credentials flag if request's credentials mode is "same-origin" as
+    // request's response tainting becomes "cors".
     //
     // This is equivalent to the step 2 in
     // https://fetch.spec.whatwg.org/#http-network-or-cache-fetch
     if (options.credentialsRequested == ClientDidNotRequestCredentials)
       options.allowCredentials = DoNotAllowStoredCredentials;
   }
   return true;
 }
 
 }  // namespace blink