Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(11)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp

Issue 2635023003: Fix a bug in origin header generation for CORS preflight in extensions (Closed)
Patch Set: a Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/access-control-origin-header-in-isolated-world.html ('K') | « third_party/WebKit/Source/core/fetch/CrossOriginAccessControlTest.cpp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved.
3 * Copyright (C) 2013, Intel Corporation 3 * Copyright (C) 2013, Intel Corporation
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are 6 * modification, are permitted provided that the following conditions are
7 * met: 7 * met:
8 * 8 *
9 * * Redistributions of source code must retain the above copyright 9 * * Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
(...skipping 370 matching lines...) Expand 10 before | Expand all | Expand 10 after
381 381
382 bool shouldForcePreflight = 382 bool shouldForcePreflight =
383 request.isExternalRequest() || 383 request.isExternalRequest() ||
384 InspectorInstrumentation::shouldForceCORSPreflight(m_document); 384 InspectorInstrumentation::shouldForceCORSPreflight(m_document);
385 bool canSkipPreflight = 385 bool canSkipPreflight =
386 CrossOriginPreflightResultCache::shared().canSkipPreflight( 386 CrossOriginPreflightResultCache::shared().canSkipPreflight(
387 getSecurityOrigin()->toString(), crossOriginRequest.url(), 387 getSecurityOrigin()->toString(), crossOriginRequest.url(),
388 effectiveAllowCredentials(), crossOriginRequest.httpMethod(), 388 effectiveAllowCredentials(), crossOriginRequest.httpMethod(),
389 crossOriginRequest.httpHeaderFields()); 389 crossOriginRequest.httpHeaderFields());
390 if (canSkipPreflight && !shouldForcePreflight) { 390 if (canSkipPreflight && !shouldForcePreflight) {
391 if (getSecurityOrigin())
392 crossOriginRequest.setHTTPOrigin(getSecurityOrigin());
393 if (m_overrideReferrer)
394 crossOriginRequest.setHTTPReferrer(m_referrerAfterRedirect);
395
396 prepareCrossOriginRequest(crossOriginRequest); 391 prepareCrossOriginRequest(crossOriginRequest);
397 loadRequest(crossOriginRequest, crossOriginOptions); 392 loadRequest(crossOriginRequest, crossOriginOptions);
398 } else { 393 } else {
399 ResourceRequest preflightRequest = createAccessControlPreflightRequest( 394 ResourceRequest preflightRequest =
400 crossOriginRequest, getSecurityOrigin()); 395 createAccessControlPreflightRequest(crossOriginRequest);
396 // TODO: Call prepareCrossOriginRequest(preflightRequest) to also set the
yhirano 2017/01/18 05:28:03 TODO(tyoshino)
tyoshino (SeeGerritForStatus) 2017/01/18 06:53:42 Done.
397 // referrer header.
398 if (getSecurityOrigin())
399 preflightRequest.setHTTPOrigin(getSecurityOrigin());
401 400
402 // Create a ResourceLoaderOptions for preflight. 401 // Create a ResourceLoaderOptions for preflight.
403 ResourceLoaderOptions preflightOptions = crossOriginOptions; 402 ResourceLoaderOptions preflightOptions = crossOriginOptions;
404 preflightOptions.allowCredentials = DoNotAllowStoredCredentials; 403 preflightOptions.allowCredentials = DoNotAllowStoredCredentials;
405 404
406 m_actualRequest = crossOriginRequest; 405 m_actualRequest = crossOriginRequest;
407 m_actualOptions = crossOriginOptions; 406 m_actualOptions = crossOriginOptions;
408 407
409 prepareCrossOriginRequest(crossOriginRequest);
410 loadRequest(preflightRequest, preflightOptions); 408 loadRequest(preflightRequest, preflightOptions);
411 } 409 }
412 } 410 }
413 } 411 }
414 412
415 DocumentThreadableLoader::~DocumentThreadableLoader() { 413 DocumentThreadableLoader::~DocumentThreadableLoader() {
416 CHECK(!m_client); 414 CHECK(!m_client);
417 DCHECK(!m_resource); 415 DCHECK(!m_resource);
418 } 416 }
419 417
(...skipping 726 matching lines...) Expand 10 before | Expand all | Expand 10 after
1146 } 1144 }
1147 1145
1148 DEFINE_TRACE(DocumentThreadableLoader) { 1146 DEFINE_TRACE(DocumentThreadableLoader) {
1149 visitor->trace(m_resource); 1147 visitor->trace(m_resource);
1150 visitor->trace(m_document); 1148 visitor->trace(m_document);
1151 ThreadableLoader::trace(visitor); 1149 ThreadableLoader::trace(visitor);
1152 RawResourceClient::trace(visitor); 1150 RawResourceClient::trace(visitor);
1153 } 1151 }
1154 1152
1155 } // namespace blink 1153 } // namespace blink
OLDNEW
« third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/access-control-origin-header-in-isolated-world.html ('K') | « third_party/WebKit/Source/core/fetch/CrossOriginAccessControlTest.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698