Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(129)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/fetch/CrossOriginAccessControl.cpp

Issue 379113002: Move fetch-related predicates to core/fetch. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Source/core/fetch/CrossOriginAccessControl.h ('k') | Source/core/fetch/FetchUtils.h » ('j') | Source/core/fetch/FetchUtils.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2008 Apple Inc. All Rights Reserved. 2 * Copyright (C) 2008 Apple Inc. All Rights Reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 22 matching lines...) Expand all
33 #include "platform/network/ResourceRequest.h" 33 #include "platform/network/ResourceRequest.h"
34 #include "platform/network/ResourceResponse.h" 34 #include "platform/network/ResourceResponse.h"
35 #include "platform/weborigin/SchemeRegistry.h" 35 #include "platform/weborigin/SchemeRegistry.h"
36 #include "platform/weborigin/SecurityOrigin.h" 36 #include "platform/weborigin/SecurityOrigin.h"
37 #include "wtf/Threading.h" 37 #include "wtf/Threading.h"
38 #include "wtf/text/AtomicString.h" 38 #include "wtf/text/AtomicString.h"
39 #include "wtf/text/StringBuilder.h" 39 #include "wtf/text/StringBuilder.h"
40 40
41 namespace blink { 41 namespace blink {
42 42
43 bool isOnAccessControlSimpleRequestMethodWhitelist(const String& method)
44 {
45 return method == "GET" || method == "HEAD" || method == "POST";
46 }
47
48 bool isOnAccessControlSimpleRequestHeaderWhitelist(const AtomicString& name, con st AtomicString& value)
49 {
50 if (equalIgnoringCase(name, "accept")
51 || equalIgnoringCase(name, "accept-language")
52 || equalIgnoringCase(name, "content-language")
53 || equalIgnoringCase(name, "origin")
54 || equalIgnoringCase(name, "referer"))
55 return true;
56
57 // Preflight is required for MIME types that can not be sent via form submis sion.
58 if (equalIgnoringCase(name, "content-type")) {
59 AtomicString mimeType = extractMIMETypeFromMediaType(value);
60 return equalIgnoringCase(mimeType, "application/x-www-form-urlencoded")
61 || equalIgnoringCase(mimeType, "multipart/form-data")
62 || equalIgnoringCase(mimeType, "text/plain");
63 }
64
65 return false;
66 }
67
68 bool isSimpleCrossOriginAccessRequest(const String& method, const HTTPHeaderMap& headerMap)
69 {
70 if (!isOnAccessControlSimpleRequestMethodWhitelist(method))
71 return false;
72
73 HTTPHeaderMap::const_iterator end = headerMap.end();
74 for (HTTPHeaderMap::const_iterator it = headerMap.begin(); it != end; ++it) {
75 if (!isOnAccessControlSimpleRequestHeaderWhitelist(it->key, it->value))
76 return false;
77 }
78
79 return true;
80 }
81
82 static PassOwnPtr<HTTPHeaderSet> createAllowedCrossOriginResponseHeadersSet() 43 static PassOwnPtr<HTTPHeaderSet> createAllowedCrossOriginResponseHeadersSet()
83 { 44 {
84 OwnPtr<HTTPHeaderSet> headerSet = adoptPtr(new HashSet<String, CaseFoldingHa sh>); 45 OwnPtr<HTTPHeaderSet> headerSet = adoptPtr(new HashSet<String, CaseFoldingHa sh>);
85 46
86 headerSet->add("cache-control"); 47 headerSet->add("cache-control");
87 headerSet->add("content-language"); 48 headerSet->add("content-language");
88 headerSet->add("content-type"); 49 headerSet->add("content-type");
89 headerSet->add("expires"); 50 headerSet->add("expires");
90 headerSet->add("last-modified"); 51 headerSet->add("last-modified");
91 headerSet->add("pragma"); 52 headerSet->add("pragma");
(...skipping 186 matching lines...) Expand 10 before | Expand all | Expand 10 after
278 request.setHTTPOrigin(securityOrigin->toAtomicString()); 239 request.setHTTPOrigin(securityOrigin->toAtomicString());
279 // If the user didn't request credentials in the first place, update our 240 // If the user didn't request credentials in the first place, update our
280 // state so we neither request them nor expect they must be allowed. 241 // state so we neither request them nor expect they must be allowed.
281 if (options.credentialsRequested == ClientDidNotRequestCredentials) 242 if (options.credentialsRequested == ClientDidNotRequestCredentials)
282 options.allowCredentials = DoNotAllowStoredCredentials; 243 options.allowCredentials = DoNotAllowStoredCredentials;
283 } 244 }
284 return true; 245 return true;
285 } 246 }
286 247
287 } // namespace blink 248 } // namespace blink
OLDNEW
« no previous file with comments | « Source/core/fetch/CrossOriginAccessControl.h ('k') | Source/core/fetch/FetchUtils.h » ('j') | Source/core/fetch/FetchUtils.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698