Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(134)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp

Issue 2635023003: Fix a bug in origin header generation for CORS preflight in extensions (Closed)
Patch Set: Rebase Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/fetch/CrossOriginAccessControlTest.cpp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved.
3 * Copyright (C) 2013, Intel Corporation 3 * Copyright (C) 2013, Intel Corporation
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are 6 * modification, are permitted provided that the following conditions are
7 * met: 7 * met:
8 * 8 *
9 * * Redistributions of source code must retain the above copyright 9 * * Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
(...skipping 437 matching lines...) Expand 10 before | Expand all | Expand 10 after
448 448
449 bool shouldForcePreflight = 449 bool shouldForcePreflight =
450 request.isExternalRequest() || 450 request.isExternalRequest() ||
451 InspectorInstrumentation::shouldForceCORSPreflight(m_document); 451 InspectorInstrumentation::shouldForceCORSPreflight(m_document);
452 bool canSkipPreflight = 452 bool canSkipPreflight =
453 CrossOriginPreflightResultCache::shared().canSkipPreflight( 453 CrossOriginPreflightResultCache::shared().canSkipPreflight(
454 getSecurityOrigin()->toString(), crossOriginRequest.url(), 454 getSecurityOrigin()->toString(), crossOriginRequest.url(),
455 effectiveAllowCredentials(), crossOriginRequest.httpMethod(), 455 effectiveAllowCredentials(), crossOriginRequest.httpMethod(),
456 crossOriginRequest.httpHeaderFields()); 456 crossOriginRequest.httpHeaderFields());
457 if (canSkipPreflight && !shouldForcePreflight) { 457 if (canSkipPreflight && !shouldForcePreflight) {
458 if (getSecurityOrigin())
459 crossOriginRequest.setHTTPOrigin(getSecurityOrigin());
460 if (m_overrideReferrer)
461 crossOriginRequest.setHTTPReferrer(m_referrerAfterRedirect);
462
463 prepareCrossOriginRequest(crossOriginRequest); 458 prepareCrossOriginRequest(crossOriginRequest);
464 loadRequest(crossOriginRequest, crossOriginOptions); 459 loadRequest(crossOriginRequest, crossOriginOptions);
465 } else { 460 } else {
466 ResourceRequest preflightRequest = createAccessControlPreflightRequest( 461 ResourceRequest preflightRequest =
467 crossOriginRequest, getSecurityOrigin()); 462 createAccessControlPreflightRequest(crossOriginRequest);
463 // TODO(tyoshino): Call prepareCrossOriginRequest(preflightRequest) to
464 // also set the referrer header.
465 if (getSecurityOrigin())
466 preflightRequest.setHTTPOrigin(getSecurityOrigin());
468 467
469 // Create a ResourceLoaderOptions for preflight. 468 // Create a ResourceLoaderOptions for preflight.
470 ResourceLoaderOptions preflightOptions = crossOriginOptions; 469 ResourceLoaderOptions preflightOptions = crossOriginOptions;
471 preflightOptions.allowCredentials = DoNotAllowStoredCredentials; 470 preflightOptions.allowCredentials = DoNotAllowStoredCredentials;
472 471
473 m_actualRequest = crossOriginRequest; 472 m_actualRequest = crossOriginRequest;
474 m_actualOptions = crossOriginOptions; 473 m_actualOptions = crossOriginOptions;
475 474
476 prepareCrossOriginRequest(crossOriginRequest);
477 loadRequest(preflightRequest, preflightOptions); 475 loadRequest(preflightRequest, preflightOptions);
478 } 476 }
479 } 477 }
480 } 478 }
481 479
482 DocumentThreadableLoader::~DocumentThreadableLoader() { 480 DocumentThreadableLoader::~DocumentThreadableLoader() {
483 if (m_client) { 481 if (m_client) {
484 auto clientSpec = m_clientSpec; 482 auto clientSpec = m_clientSpec;
485 WTF::debug::alias(&clientSpec); 483 WTF::debug::alias(&clientSpec);
486 switch (m_clientSpec) { 484 switch (m_clientSpec) {
(...skipping 761 matching lines...) Expand 10 before | Expand all | Expand 10 after
1248 } 1246 }
1249 1247
1250 DEFINE_TRACE(DocumentThreadableLoader) { 1248 DEFINE_TRACE(DocumentThreadableLoader) {
1251 visitor->trace(m_resource); 1249 visitor->trace(m_resource);
1252 visitor->trace(m_document); 1250 visitor->trace(m_document);
1253 ThreadableLoader::trace(visitor); 1251 ThreadableLoader::trace(visitor);
1254 RawResourceClient::trace(visitor); 1252 RawResourceClient::trace(visitor);
1255 } 1253 }
1256 1254
1257 } // namespace blink 1255 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/fetch/CrossOriginAccessControlTest.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698