Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(141)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp

Issue 2642043004: Fix a bug in origin header generation for CORS preflight in extensions (Closed)
Patch Set: Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/fetch/CrossOriginAccessControlTest.cpp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved.
3 * Copyright (C) 2013, Intel Corporation 3 * Copyright (C) 2013, Intel Corporation
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are 6 * modification, are permitted provided that the following conditions are
7 * met: 7 * met:
8 * 8 *
9 * * Redistributions of source code must retain the above copyright 9 * * Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
(...skipping 379 matching lines...) Expand 10 before | Expand all | Expand 10 after
390 390
391 bool shouldForcePreflight = 391 bool shouldForcePreflight =
392 request.isExternalRequest() || 392 request.isExternalRequest() ||
393 InspectorInstrumentation::shouldForceCORSPreflight(m_document); 393 InspectorInstrumentation::shouldForceCORSPreflight(m_document);
394 bool canSkipPreflight = 394 bool canSkipPreflight =
395 CrossOriginPreflightResultCache::shared().canSkipPreflight( 395 CrossOriginPreflightResultCache::shared().canSkipPreflight(
396 getSecurityOrigin()->toString(), crossOriginRequest.url(), 396 getSecurityOrigin()->toString(), crossOriginRequest.url(),
397 effectiveAllowCredentials(), crossOriginRequest.httpMethod(), 397 effectiveAllowCredentials(), crossOriginRequest.httpMethod(),
398 crossOriginRequest.httpHeaderFields()); 398 crossOriginRequest.httpHeaderFields());
399 if (canSkipPreflight && !shouldForcePreflight) { 399 if (canSkipPreflight && !shouldForcePreflight) {
400 if (getSecurityOrigin())
401 crossOriginRequest.setHTTPOrigin(getSecurityOrigin());
402 if (m_overrideReferrer)
403 crossOriginRequest.setHTTPReferrer(m_referrerAfterRedirect);
404
405 prepareCrossOriginRequest(crossOriginRequest); 400 prepareCrossOriginRequest(crossOriginRequest);
406 loadRequest(crossOriginRequest, crossOriginOptions); 401 loadRequest(crossOriginRequest, crossOriginOptions);
407 } else { 402 } else {
408 ResourceRequest preflightRequest = createAccessControlPreflightRequest( 403 ResourceRequest preflightRequest =
409 crossOriginRequest, getSecurityOrigin()); 404 createAccessControlPreflightRequest(crossOriginRequest);
405 // TODO(tyoshino): Call prepareCrossOriginRequest(preflightRequest) to
406 // also set the referrer header.
407 if (getSecurityOrigin())
408 preflightRequest.setHTTPOrigin(getSecurityOrigin());
410 409
411 // Create a ResourceLoaderOptions for preflight. 410 // Create a ResourceLoaderOptions for preflight.
412 ResourceLoaderOptions preflightOptions = crossOriginOptions; 411 ResourceLoaderOptions preflightOptions = crossOriginOptions;
413 preflightOptions.allowCredentials = DoNotAllowStoredCredentials; 412 preflightOptions.allowCredentials = DoNotAllowStoredCredentials;
414 413
415 m_actualRequest = crossOriginRequest; 414 m_actualRequest = crossOriginRequest;
416 m_actualOptions = crossOriginOptions; 415 m_actualOptions = crossOriginOptions;
417 416
418 prepareCrossOriginRequest(crossOriginRequest);
419 loadRequest(preflightRequest, preflightOptions); 417 loadRequest(preflightRequest, preflightOptions);
420 } 418 }
421 } 419 }
422 } 420 }
423 421
424 DocumentThreadableLoader::~DocumentThreadableLoader() { 422 DocumentThreadableLoader::~DocumentThreadableLoader() {
425 CHECK(!m_client); 423 CHECK(!m_client);
426 DCHECK(!m_resource); 424 DCHECK(!m_resource);
427 } 425 }
428 426
(...skipping 706 matching lines...) Expand 10 before | Expand all | Expand 10 after
1135 } 1133 }
1136 1134
1137 DEFINE_TRACE(DocumentThreadableLoader) { 1135 DEFINE_TRACE(DocumentThreadableLoader) {
1138 visitor->trace(m_resource); 1136 visitor->trace(m_resource);
1139 visitor->trace(m_document); 1137 visitor->trace(m_document);
1140 ThreadableLoader::trace(visitor); 1138 ThreadableLoader::trace(visitor);
1141 RawResourceClient::trace(visitor); 1139 RawResourceClient::trace(visitor);
1142 } 1140 }
1143 1141
1144 } // namespace blink 1142 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/fetch/CrossOriginAccessControlTest.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698