Chromium Code Reviews Chromium Code Reviews
Issue 2633423003:
Leave out empty-valued Access-Control-Request-Headers: on preflights. (Closed)
| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2008 Apple Inc. All Rights Reserved. | 2 * Copyright (C) 2008 Apple Inc. All Rights Reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 63 continue; | 63 continue; |
| 64 } | 64 } |
| 65 if (equalIgnoringCase(header.key, "referer")) { | 65 if (equalIgnoringCase(header.key, "referer")) { |
| 66 // When the request is from a Worker, referrer header was added by | 66 // When the request is from a Worker, referrer header was added by |
| 67 // WorkerThreadableLoader. But it should not be added to | 67 // WorkerThreadableLoader. But it should not be added to |
| 68 // Access-Control-Request-Headers header. | 68 // Access-Control-Request-Headers header. |
| 69 continue; | 69 continue; |
| 70 } | 70 } |
| 71 filteredHeaders.push_back(header.key.lower()); | 71 filteredHeaders.push_back(header.key.lower()); |
| 72 } | 72 } |
| 73 if (!filteredHeaders.size()) | |
| 74 return nullAtom; | |
| 73 | 75 |
| 74 // Sort header names lexicographically. | 76 // Sort header names lexicographically. |
| 75 std::sort(filteredHeaders.begin(), filteredHeaders.end(), | 77 std::sort(filteredHeaders.begin(), filteredHeaders.end(), |
| 76 WTF::codePointCompareLessThan); | 78 WTF::codePointCompareLessThan); |
| 77 StringBuilder headerBuffer; | 79 StringBuilder headerBuffer; |
| 78 for (const String& header : filteredHeaders) { | 80 for (const String& header : filteredHeaders) { |
| 79 if (!headerBuffer.isEmpty()) | 81 if (!headerBuffer.isEmpty()) |
| 80 headerBuffer.append(","); | 82 headerBuffer.append(","); |
| 81 headerBuffer.append(header); | 83 headerBuffer.append(header); |
| 82 } | 84 } |
| (...skipping 16 matching lines...) Expand all Loading... | |
| 99 AtomicString(request.httpMethod())); | 101 AtomicString(request.httpMethod())); |
| 100 preflightRequest.setPriority(request.priority()); | 102 preflightRequest.setPriority(request.priority()); |
| 101 preflightRequest.setRequestContext(request.requestContext()); | 103 preflightRequest.setRequestContext(request.requestContext()); |
| 102 preflightRequest.setSkipServiceWorker(WebURLRequest::SkipServiceWorker::All); | 104 preflightRequest.setSkipServiceWorker(WebURLRequest::SkipServiceWorker::All); |
| 103 | 105 |
| 104 if (request.isExternalRequest()) { | 106 if (request.isExternalRequest()) { |
| 105 preflightRequest.setHTTPHeaderField( | 107 preflightRequest.setHTTPHeaderField( |
| 106 HTTPNames::Access_Control_Request_External, "true"); | 108 HTTPNames::Access_Control_Request_External, "true"); |
| 107 } | 109 } |
| 108 | 110 |
| 109 if (request.httpHeaderFields().size() > 0) { | 111 if (request.httpHeaderFields().size()) { |
|
yhirano
2017/01/18 05:41:55
Do we need this outer branch?
sof
2017/01/18 06:57:48
It almost always holds, i reckon & the extra code
| |
| 110 preflightRequest.setHTTPHeaderField( | 112 AtomicString headers = |
| 111 HTTPNames::Access_Control_Request_Headers, | 113 createAccessControlRequestHeadersHeader(request.httpHeaderFields()); |
| 112 createAccessControlRequestHeadersHeader(request.httpHeaderFields())); | 114 if (headers != nullAtom) { |
| 115 preflightRequest.setHTTPHeaderField( | |
| 116 HTTPNames::Access_Control_Request_Headers, headers); | |
| 117 } | |
| 113 } | 118 } |
| 114 | 119 |
| 115 return preflightRequest; | 120 return preflightRequest; |
| 116 } | 121 } |
| 117 | 122 |
| 118 static bool isOriginSeparator(UChar ch) { | 123 static bool isOriginSeparator(UChar ch) { |
| 119 return isASCIISpace(ch) || ch == ','; | 124 return isASCIISpace(ch) || ch == ','; |
| 120 } | 125 } |
| 121 | 126 |
| 122 static bool isInterestingStatusCode(int statusCode) { | 127 static bool isInterestingStatusCode(int statusCode) { |
| (...skipping 407 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 530 // | 535 // |
| 531 // This is equivalent to the step 2 in | 536 // This is equivalent to the step 2 in |
| 532 // https://fetch.spec.whatwg.org/#http-network-or-cache-fetch | 537 // https://fetch.spec.whatwg.org/#http-network-or-cache-fetch |
| 533 if (options.credentialsRequested == ClientDidNotRequestCredentials) | 538 if (options.credentialsRequested == ClientDidNotRequestCredentials) |
| 534 options.allowCredentials = DoNotAllowStoredCredentials; | 539 options.allowCredentials = DoNotAllowStoredCredentials; |
| 535 } | 540 } |
| 536 return true; | 541 return true; |
| 537 } | 542 } |
| 538 | 543 |
| 539 } // namespace blink | 544 } // namespace blink |
| OLD | NEW |
