Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(13)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/url_request/url_request_redirect_job.cc

Issue 348253002: Add CORS headers to URLRequestRedirectJob. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rebase to deal with changes by CL 422233006 Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/test/data/extensions/api_test/webrequest/test_blocking.js ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/url_request/url_request_redirect_job.h" 5 #include "net/url_request/url_request_redirect_job.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/bind.h" 9 #include "base/bind.h"
10 #include "base/compiler_specific.h" 10 #include "base/compiler_specific.h"
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after
71 71
72 int URLRequestRedirectJob::GetResponseCode() const { 72 int URLRequestRedirectJob::GetResponseCode() const {
73 // Should only be called after the URLRequest has been notified there's header 73 // Should only be called after the URLRequest has been notified there's header
74 // information. 74 // information.
75 DCHECK(fake_headers_); 75 DCHECK(fake_headers_);
76 return response_code_; 76 return response_code_;
77 } 77 }
78 78
79 URLRequestRedirectJob::~URLRequestRedirectJob() {} 79 URLRequestRedirectJob::~URLRequestRedirectJob() {}
80 80
81 void URLRequestRedirectJob::StartAsync() { 81 void URLRequestRedirectJob::StartAsync() {
Mike West 2014/09/03 10:35:28 Please note somewhere in this class's header that,
robwu 2014/09/03 17:45:31 Done.
82 receive_headers_end_ = base::TimeTicks::Now(); 82 receive_headers_end_ = base::TimeTicks::Now();
83 response_time_ = base::Time::Now(); 83 response_time_ = base::Time::Now();
84 84
85 std::string header_string = 85 std::string header_string =
86 base::StringPrintf("HTTP/1.1 %i Internal Redirect\n" 86 base::StringPrintf("HTTP/1.1 %i Internal Redirect\n"
87 "Location: %s\n" 87 "Location: %s\n"
88 "Non-Authoritative-Reason: %s", 88 "Non-Authoritative-Reason: %s",
89 response_code_, 89 response_code_,
90 redirect_destination_.spec().c_str(), 90 redirect_destination_.spec().c_str(),
91 redirect_reason_.c_str()); 91 redirect_reason_.c_str());
92
93 std::string http_origin;
94 const net::HttpRequestHeaders& request_headers =
95 request_->extra_request_headers();
96 if (request_headers.GetHeader("Origin", &http_origin)) {
97 // If this redirect is used in a cross-origin request, add CORS headers to
98 // make sure that the redirect gets through. Note that the destination URL
99 // is still subject to the usual CORS policy, i.e. the resource will only
100 // be available to web pages if the server serves the response with the
101 // required CORS response headers.
102 // The Origin header is generated by Blink, so its value can safely be used
103 // in the header string.
104 header_string += base::StringPrintf(
105 "\n"
106 "Access-Control-Allow-Origin: %s\n"
107 "Access-Control-Allow-Credentials: true",
108 http_origin.c_str());
Mike West 2014/09/03 10:35:27 It's probably worth DCHECKing that http_origin doe
robwu 2014/09/03 17:45:31 https://codereview.chromium.org/491123004 added DC
109 }
110
92 fake_headers_ = new HttpResponseHeaders( 111 fake_headers_ = new HttpResponseHeaders(
93 HttpUtil::AssembleRawHeaders(header_string.c_str(), 112 HttpUtil::AssembleRawHeaders(header_string.c_str(),
94 header_string.length())); 113 header_string.length()));
95 DCHECK(fake_headers_->IsRedirect(NULL)); 114 DCHECK(fake_headers_->IsRedirect(NULL));
96 115
97 request()->net_log().AddEvent( 116 request()->net_log().AddEvent(
98 NetLog::TYPE_URL_REQUEST_FAKE_RESPONSE_HEADERS_CREATED, 117 NetLog::TYPE_URL_REQUEST_FAKE_RESPONSE_HEADERS_CREATED,
99 base::Bind( 118 base::Bind(
100 &HttpResponseHeaders::NetLogCallback, 119 &HttpResponseHeaders::NetLogCallback,
101 base::Unretained(fake_headers_.get()))); 120 base::Unretained(fake_headers_.get())));
102 121
103 // TODO(mmenke): Consider calling the NetworkDelegate with the headers here. 122 // TODO(mmenke): Consider calling the NetworkDelegate with the headers here.
104 // There's some weirdness about how to handle the case in which the delegate 123 // There's some weirdness about how to handle the case in which the delegate
105 // tries to modify the redirect location, in terms of how IsSafeRedirect 124 // tries to modify the redirect location, in terms of how IsSafeRedirect
106 // should behave, and whether the fragment should be copied. 125 // should behave, and whether the fragment should be copied.
107 URLRequestJob::NotifyHeadersComplete(); 126 URLRequestJob::NotifyHeadersComplete();
108 } 127 }
109 128
110 } // namespace net 129 } // namespace net
OLDNEW
« no previous file with comments | « chrome/test/data/extensions/api_test/webrequest/test_blocking.js ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698