| Index: third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp
|
| diff --git a/third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp b/third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp
|
| index d1ccf8c19a3ff107c3bde9a364ad4e52185f0edc..003bc5556185e1f7eafc6f25d051779763da8b1e 100644
|
| --- a/third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp
|
| +++ b/third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp
|
| @@ -1368,13 +1368,7 @@ String XMLHttpRequest::getAllResponseHeaders() const {
|
| HTTPHeaderMap::const_iterator end = response_.HttpHeaderFields().end();
|
| for (HTTPHeaderMap::const_iterator it = response_.HttpHeaderFields().begin();
|
| it != end; ++it) {
|
| - // Hide any headers whose name is a forbidden response-header name.
|
| - // This is required for all kinds of filtered responses.
|
| - //
|
| - // TODO: Consider removing canLoadLocalResources() call.
|
| - // crbug.com/567527
|
| - if (FetchUtils::IsForbiddenResponseHeaderName(it->key) &&
|
| - !GetSecurityOrigin()->CanLoadLocalResources())
|
| + if (FetchUtils::IsForbiddenResponseHeaderName(it->key))
|
| continue;
|
|
|
| if (!same_origin_request_ &&
|
| @@ -1398,9 +1392,7 @@ const AtomicString& XMLHttpRequest::getResponseHeader(
|
| if (state_ < kHeadersReceived || error_)
|
| return g_null_atom;
|
|
|
| - // See comment in getAllResponseHeaders above.
|
| - if (FetchUtils::IsForbiddenResponseHeaderName(name) &&
|
| - !GetSecurityOrigin()->CanLoadLocalResources()) {
|
| + if (FetchUtils::IsForbiddenResponseHeaderName(name)) {
|
| LogConsoleError(GetExecutionContext(),
|
| "Refused to get unsafe header \"" + name + "\"");
|
| return g_null_atom;
|
|
|
Chromium Code Reviews
Issue 2925783002:
[XMLHttpRequest] Filter forbidden response headers.
