Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(60)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/fetch/ResourceLoader.cpp

Issue 2616323002: CrossOriginAccessControl: separate access checks and error message generation (Closed)
Patch Set: initialize allowRedirect correctly Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp ('K') | « third_party/WebKit/Source/core/fetch/Resource.cpp ('k') | third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/core/fetch/ResourceLoader.cpp
diff --git a/third_party/WebKit/Source/core/fetch/ResourceLoader.cpp b/third_party/WebKit/Source/core/fetch/ResourceLoader.cpp
index dc438c8e512153a3b79514f12ecc1bc7a9c7ce1f..cd3276d6ad16255c454ef9b41133febb6001d6c4 100644
--- a/third_party/WebKit/Source/core/fetch/ResourceLoader.cpp
+++ b/third_party/WebKit/Source/core/fetch/ResourceLoader.cpp
@@ -47,6 +47,7 @@
#include "wtf/Assertions.h"
#include "wtf/CurrentTime.h"
#include "wtf/PtrUtil.h"
+#include "wtf/text/StringBuilder.h"
#include <memory>
namespace blink {
@@ -279,19 +280,28 @@ ResourceRequestBlockedReason ResourceLoader::canAccessResponse(
(resource->isCacheValidator() && response.httpStatusCode() == 304)
? resource->response()
: response;
- String errorDescription;
- if (!passesAccessControlCheck(
+
+ CrossOriginAccessControl::AccessStatus corsStatus =
+ CrossOriginAccessControl::checkAccess(
responseForAccessControl, resource->options().allowCredentials,
- sourceOrigin, errorDescription,
- resource->lastResourceRequest().requestContext())) {
+ sourceOrigin);
+ if (corsStatus != CrossOriginAccessControl::kAccessAllowed) {
resource->setCORSFailed();
if (!forPreload) {
String resourceType = Resource::resourceTypeToString(
resource->getType(), resource->options().initiatorInfo.name);
- context().addConsoleMessage(
- "Access to " + resourceType + " at '" + response.url().getString() +
- "' from origin '" + sourceOrigin->toString() +
- "' has been blocked by CORS policy: " + errorDescription);
+ StringBuilder builder;
+ builder.append("Access to ");
+ builder.append(resourceType);
+ builder.append(" at '");
+ builder.append(response.url().getString());
+ builder.append("' from origin '");
+ builder.append(sourceOrigin->toString());
+ builder.append("' has been blocked by CORS policy: ");
+ CrossOriginAccessControl::accessControlErrorString(
+ builder, corsStatus, responseForAccessControl, sourceOrigin,
+ resource->lastResourceRequest().requestContext());
+ context().addConsoleMessage(builder.toString());
}
return ResourceRequestBlockedReason::Other;
}
« third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp ('K') | « third_party/WebKit/Source/core/fetch/Resource.cpp ('k') | third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698