Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(511)

Unified Diff: third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp

Issue 2471533005: Preserve custom headers when following cross-origin redirects. (Closed)
Patch Set: Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp
diff --git a/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp b/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp
index f7f1622aab03358c717827a354bdc4b488b71504..56d92e96bc6ff124dc6683f94eb0a08ecfb796c7 100644
--- a/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp
+++ b/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp
@@ -199,21 +199,12 @@ void DocumentThreadableLoader::start(const ResourceRequest& request) {
m_requestStartedSeconds = monotonicallyIncreasingTime();
- // Save any CORS simple headers on the request here. If this request redirects
+ // Save any headers on the request here. If this request redirects
// cross-origin, we cancel the old request create a new one, and copy these
// headers.
const HTTPHeaderMap& headerMap = request.httpHeaderFields();
yhirano 2016/11/07 12:30:50 m_requestHeaders = request.httpHeaderFields();
Jack Bates 2016/11/12 21:13:30 Done.
for (const auto& header : headerMap) {
- if (FetchUtils::isSimpleHeader(header.key, header.value)) {
- m_simpleRequestHeaders.add(header.key, header.value);
- } else if (equalIgnoringCase(header.key, HTTPNames::Range) &&
- m_options.crossOriginRequestPolicy == UseAccessControl &&
- m_options.preflightPolicy == PreventPreflight) {
- // Allow an exception for the "range" header for when CORS callers request
- // no preflight, this ensures cross-origin redirects work correctly for
- // crossOrigin enabled WebURLRequest::RequestContextVideo type requests.
- m_simpleRequestHeaders.add(header.key, header.value);
- }
+ m_requestHeaders.add(header.key, header.value);
}
// DocumentThreadableLoader is used by all javascript initiated fetch, so we
@@ -644,7 +635,7 @@ bool DocumentThreadableLoader::redirectReceived(
crossOriginRequest.clearHTTPUserAgent();
// Add any CORS simple request headers which we previously saved from the
// original request.
- for (const auto& header : m_simpleRequestHeaders)
+ for (const auto& header : m_requestHeaders)
crossOriginRequest.setHTTPHeaderField(header.key, header.value);
makeCrossOriginAccessRequest(crossOriginRequest);

Powered by Google App Engine
This is Rietveld 408576698