| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/url_request/url_request_redirect_job.h" | 5 #include "net/url_request/url_request_redirect_job.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
| (...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 82 receive_headers_end_ = base::TimeTicks::Now(); | 82 receive_headers_end_ = base::TimeTicks::Now(); |
| 83 response_time_ = base::Time::Now(); | 83 response_time_ = base::Time::Now(); |
| 84 | 84 |
| 85 std::string header_string = | 85 std::string header_string = |
| 86 base::StringPrintf("HTTP/1.1 %i Internal Redirect\n" | 86 base::StringPrintf("HTTP/1.1 %i Internal Redirect\n" |
| 87 "Location: %s\n" | 87 "Location: %s\n" |
| 88 "Non-Authoritative-Reason: %s", | 88 "Non-Authoritative-Reason: %s", |
| 89 response_code_, | 89 response_code_, |
| 90 redirect_destination_.spec().c_str(), | 90 redirect_destination_.spec().c_str(), |
| 91 redirect_reason_.c_str()); | 91 redirect_reason_.c_str()); |
| 92 |
| 93 std::string http_origin; |
| 94 const net::HttpRequestHeaders& request_headers = |
| 95 request_->extra_request_headers(); |
| 96 if (request_headers.GetHeader("Origin", &http_origin)) { |
| 97 // If this redirect is used in a cross-origin request, add CORS headers to |
| 98 // make sure that the redirect gets through. Note that the destination URL |
| 99 // is still subject to the usual CORS policy, i.e. the resource will only |
| 100 // be available to web pages if the server serves the response with the |
| 101 // required CORS response headers. |
| 102 header_string += base::StringPrintf( |
| 103 "\n" |
| 104 "Access-Control-Allow-Origin: %s\n" |
| 105 "Access-Control-Allow-Credentials: true", |
| 106 http_origin.c_str()); |
| 107 } |
| 108 |
| 92 fake_headers_ = new HttpResponseHeaders( | 109 fake_headers_ = new HttpResponseHeaders( |
| 93 HttpUtil::AssembleRawHeaders(header_string.c_str(), | 110 HttpUtil::AssembleRawHeaders(header_string.c_str(), |
| 94 header_string.length())); | 111 header_string.length())); |
| 95 DCHECK(fake_headers_->IsRedirect(NULL)); | 112 DCHECK(fake_headers_->IsRedirect(NULL)); |
| 96 | 113 |
| 97 request()->net_log().AddEvent( | 114 request()->net_log().AddEvent( |
| 98 NetLog::TYPE_URL_REQUEST_FAKE_RESPONSE_HEADERS_CREATED, | 115 NetLog::TYPE_URL_REQUEST_FAKE_RESPONSE_HEADERS_CREATED, |
| 99 base::Bind( | 116 base::Bind( |
| 100 &HttpResponseHeaders::NetLogCallback, | 117 &HttpResponseHeaders::NetLogCallback, |
| 101 base::Unretained(fake_headers_.get()))); | 118 base::Unretained(fake_headers_.get()))); |
| 102 | 119 |
| 103 // TODO(mmenke): Consider calling the NetworkDelegate with the headers here. | 120 // TODO(mmenke): Consider calling the NetworkDelegate with the headers here. |
| 104 // There's some weirdness about how to handle the case in which the delegate | 121 // There's some weirdness about how to handle the case in which the delegate |
| 105 // tries to modify the redirect location, in terms of how IsSafeRedirect | 122 // tries to modify the redirect location, in terms of how IsSafeRedirect |
| 106 // should behave, and whether the fragment should be copied. | 123 // should behave, and whether the fragment should be copied. |
| 107 URLRequestJob::NotifyHeadersComplete(); | 124 URLRequestJob::NotifyHeadersComplete(); |
| 108 } | 125 } |
| 109 | 126 |
| 110 } // namespace net | 127 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 348253002:
Add CORS headers to URLRequestRedirectJob. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master