Index: net/url_request/url_request_redirect_job.cc |
diff --git a/net/url_request/url_request_redirect_job.cc b/net/url_request/url_request_redirect_job.cc |
index 818d4c397ec5dee4a69c2116851eb283b5d71b70..7f85b744d9a588a4017a8c518595239ec8d2f8fe 100644 |
--- a/net/url_request/url_request_redirect_job.cc |
+++ b/net/url_request/url_request_redirect_job.cc |
@@ -8,8 +8,10 @@ |
#include "base/compiler_specific.h" |
#include "base/logging.h" |
#include "base/message_loop/message_loop.h" |
+#include "base/strings/string_number_conversions.h" |
#include "net/base/load_timing_info.h" |
#include "net/base/net_log.h" |
+#include "net/http/http_response_headers.h" |
#include "net/url_request/url_request.h" |
namespace net { |
@@ -57,6 +59,28 @@ void URLRequestRedirectJob::StartAsync() { |
NotifyHeadersComplete(); |
} |
+void URLRequestRedirectJob::GetResponseInfo(HttpResponseInfo* info) { |
+ scoped_refptr<net::HttpResponseHeaders> response_headers( |
+ new net::HttpResponseHeaders(std::string())); |
+ std::string status_line; |
+ status_line += "HTTP/1.1 "; |
+ status_line += base::IntToString(http_status_code_); |
+ status_line += " " + redirect_reason_;; |
abarth-chromium
2014/06/23 17:01:09
This is a very slow way to construct a string.
robwu
2014/06/23 17:28:19
What about:
std::string status_line(base::StringP
|
+ |
+ response_headers->ReplaceStatusLine(status_line); |
+ const net::HttpRequestHeaders& headers = request_->extra_request_headers(); |
+ std::string http_origin; |
+ if (headers.GetHeader("Origin", &http_origin)) { |
+ // If this redirect is used in a cross-origin request, add the necessary |
+ // CORS headers to prevent the redirect from being blocked by cross-origin |
+ // access control. Note that the request is still blocked if the redirection |
+ // target does not serve the necessary CORS headers. |
+ response_headers->AddHeader("Access-Control-Allow-Origin: " + http_origin); |
abarth-chromium
2014/06/23 17:01:09
Does this line represent an HTTP header injection
robwu
2014/06/23 17:28:19
The Origin request header is set by the browser (B
|
+ response_headers->AddHeader("Access-Control-Allow-Credentials: true"); |
+ } |
+ info->headers = response_headers; |
+} |
+ |
void URLRequestRedirectJob::GetLoadTimingInfo( |
LoadTimingInfo* load_timing_info) const { |
// Set send_start and send_end to receive_headers_end_ to keep consistent |