Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(728)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp

Issue 2421093003: Allow redirects for requests that require preflight. (Closed)
Patch Set: Layout tests Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« third_party/WebKit/LayoutTests/http/tests/fetch/script-tests/thorough/redirect.js ('K') | « third_party/WebKit/Source/core/loader/DocumentThreadableLoader.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp
diff --git a/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp b/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp
index b98a47d5d7b4b8a63946e9f1ee0907c199c44183..848fb5d92eb790f7aacecc0d128142e97567673a 100644
--- a/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp
+++ b/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp
@@ -161,7 +161,6 @@ DocumentThreadableLoader::DocumentThreadableLoader(
m_forceDoNotAllowStoredCredentials(false),
m_securityOrigin(m_resourceLoaderOptions.securityOrigin),
m_sameOriginRequest(false),
- m_crossOriginNonSimpleRequest(false),
m_isUsingDataConsumerHandle(false),
m_async(blockingBehavior == LoadAsynchronously),
m_requestContext(WebURLRequest::RequestContextUnspecified),
@@ -374,7 +373,6 @@ void DocumentThreadableLoader::makeCrossOriginAccessRequest(
}
loadRequest(crossOriginRequest, crossOriginOptions);
} else {
- m_crossOriginNonSimpleRequest = true;
// Do not set the Origin header for preflight requests.
updateRequestForAccessControl(crossOriginRequest, 0,
effectiveAllowCredentials());
@@ -564,16 +562,8 @@ bool DocumentThreadableLoader::redirectReceived(
bool allowRedirect = false;
String accessControlErrorDescription;
yhirano 2016/10/27 06:19:44 The preflight request (not a request w/preflight)
Jack Bates 2016/11/03 17:22:03 Right. I confirm that if you try to redirect the p
- if (m_crossOriginNonSimpleRequest) {
- // Non-simple cross origin requests (both preflight and actual one) are not
- // allowed to follow redirect.
- accessControlErrorDescription =
- "Redirect from '" + redirectResponse.url().getString() + "' to '" +
- request.url().getString() +
- "' has been blocked by CORS policy: Request requires preflight, which "
- "is disallowed to follow cross-origin redirect.";
- } else if (!CrossOriginAccessControl::isLegalRedirectLocation(
- request.url(), accessControlErrorDescription)) {
+ if (!CrossOriginAccessControl::isLegalRedirectLocation(
+ request.url(), accessControlErrorDescription)) {
accessControlErrorDescription =
"Redirect from '" + redirectResponse.url().getString() +
"' has been blocked by CORS policy: " + accessControlErrorDescription;
« third_party/WebKit/LayoutTests/http/tests/fetch/script-tests/thorough/redirect.js ('K') | « third_party/WebKit/Source/core/loader/DocumentThreadableLoader.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698