Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(864)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/url_request/url_request_redirect_job.cc

Issue 348253002: Add CORS headers to URLRequestRedirectJob. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/url_request/url_request_redirect_job.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/url_request/url_request_redirect_job.cc
diff --git a/net/url_request/url_request_redirect_job.cc b/net/url_request/url_request_redirect_job.cc
index 818d4c397ec5dee4a69c2116851eb283b5d71b70..7f85b744d9a588a4017a8c518595239ec8d2f8fe 100644
--- a/net/url_request/url_request_redirect_job.cc
+++ b/net/url_request/url_request_redirect_job.cc
@@ -8,8 +8,10 @@
#include "base/compiler_specific.h"
#include "base/logging.h"
#include "base/message_loop/message_loop.h"
+#include "base/strings/string_number_conversions.h"
#include "net/base/load_timing_info.h"
#include "net/base/net_log.h"
+#include "net/http/http_response_headers.h"
#include "net/url_request/url_request.h"
namespace net {
@@ -57,6 +59,28 @@ void URLRequestRedirectJob::StartAsync() {
NotifyHeadersComplete();
}
+void URLRequestRedirectJob::GetResponseInfo(HttpResponseInfo* info) {
+ scoped_refptr<net::HttpResponseHeaders> response_headers(
+ new net::HttpResponseHeaders(std::string()));
+ std::string status_line;
+ status_line += "HTTP/1.1 ";
+ status_line += base::IntToString(http_status_code_);
+ status_line += " " + redirect_reason_;;
abarth-chromium 2014/06/23 17:01:09 This is a very slow way to construct a string.
robwu 2014/06/23 17:28:19 What about: std::string status_line(base::StringP
+
+ response_headers->ReplaceStatusLine(status_line);
+ const net::HttpRequestHeaders& headers = request_->extra_request_headers();
+ std::string http_origin;
+ if (headers.GetHeader("Origin", &http_origin)) {
+ // If this redirect is used in a cross-origin request, add the necessary
+ // CORS headers to prevent the redirect from being blocked by cross-origin
+ // access control. Note that the request is still blocked if the redirection
+ // target does not serve the necessary CORS headers.
+ response_headers->AddHeader("Access-Control-Allow-Origin: " + http_origin);
abarth-chromium 2014/06/23 17:01:09 Does this line represent an HTTP header injection
robwu 2014/06/23 17:28:19 The Origin request header is set by the browser (B
+ response_headers->AddHeader("Access-Control-Allow-Credentials: true");
+ }
+ info->headers = response_headers;
+}
+
void URLRequestRedirectJob::GetLoadTimingInfo(
LoadTimingInfo* load_timing_info) const {
// Set send_start and send_end to receive_headers_end_ to keep consistent
« no previous file with comments | « net/url_request/url_request_redirect_job.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698