Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(82)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/url_request/url_request_redirect_job.cc

Issue 348253002: Add CORS headers to URLRequestRedirectJob. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: use a more efficient string concatenation method Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/url_request/url_request_redirect_job.h ('K') | « net/url_request/url_request_redirect_job.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/url_request/url_request_redirect_job.cc
diff --git a/net/url_request/url_request_redirect_job.cc b/net/url_request/url_request_redirect_job.cc
index 818d4c397ec5dee4a69c2116851eb283b5d71b70..b25f9076ce1cf5a79a8bfcbb012ceb5ab285714c 100644
--- a/net/url_request/url_request_redirect_job.cc
+++ b/net/url_request/url_request_redirect_job.cc
@@ -8,8 +8,10 @@
#include "base/compiler_specific.h"
#include "base/logging.h"
#include "base/message_loop/message_loop.h"
+#include "base/strings/stringprintf.h"
#include "net/base/load_timing_info.h"
#include "net/base/net_log.h"
+#include "net/http/http_response_headers.h"
#include "net/url_request/url_request.h"
namespace net {
@@ -57,6 +59,28 @@ void URLRequestRedirectJob::StartAsync() {
NotifyHeadersComplete();
}
+void URLRequestRedirectJob::GetResponseInfo(HttpResponseInfo* info) {
+ scoped_refptr<net::HttpResponseHeaders> response_headers(
+ new net::HttpResponseHeaders(std::string()));
+ std::string status_line(base::StringPrintf("HTTP/1.1 %d %s",
+ http_status_code_,
+ redirect_reason_.c_str()));
+
+
+ response_headers->ReplaceStatusLine(status_line);
+ const net::HttpRequestHeaders& headers = request_->extra_request_headers();
+ std::string http_origin;
+ if (headers.GetHeader("Origin", &http_origin)) {
+ // If this redirect is used in a cross-origin request, add the necessary
+ // CORS headers to prevent the redirect from being blocked by cross-origin
+ // access control. Note that the request is still blocked if the redirection
+ // target does not serve the necessary CORS headers.
+ response_headers->AddHeader("Access-Control-Allow-Origin: " + http_origin);
+ response_headers->AddHeader("Access-Control-Allow-Credentials: true");
+ }
+ info->headers = response_headers;
+}
+
void URLRequestRedirectJob::GetLoadTimingInfo(
LoadTimingInfo* load_timing_info) const {
// Set send_start and send_end to receive_headers_end_ to keep consistent
« net/url_request/url_request_redirect_job.h ('K') | « net/url_request/url_request_redirect_job.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698