Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(112)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/loader/CrossOriginPreflightResultCache.cpp

Issue 379113002: Move fetch-related predicates to core/fetch. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Source/core/fetch/FetchUtils.cpp ('k') | Source/core/loader/DocumentThreadableLoader.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2008, 2009 Apple Inc. All Rights Reserved. 2 * Copyright (C) 2008, 2009 Apple Inc. All Rights Reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution. 11 * documentation and/or other materials provided with the distribution.
12 * 12 *
13 * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY 13 * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR 16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR
17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 * 24 *
25 */ 25 */
26 26
27 #include "config.h" 27 #include "config.h"
28 #include "core/loader/CrossOriginPreflightResultCache.h" 28 #include "core/loader/CrossOriginPreflightResultCache.h"
29 29
30 #include "core/fetch/CrossOriginAccessControl.h" 30 #include "core/fetch/FetchUtils.h"
31 #include "platform/network/ResourceResponse.h" 31 #include "platform/network/ResourceResponse.h"
32 #include "wtf/CurrentTime.h" 32 #include "wtf/CurrentTime.h"
33 #include "wtf/MainThread.h" 33 #include "wtf/MainThread.h"
34 #include "wtf/StdLibExtras.h" 34 #include "wtf/StdLibExtras.h"
35 35
36 namespace blink { 36 namespace blink {
37 37
38 // These values are at the discretion of the user agent. 38 // These values are at the discretion of the user agent.
39 static const unsigned defaultPreflightCacheTimeoutSeconds = 5; 39 static const unsigned defaultPreflightCacheTimeoutSeconds = 5;
40 static const unsigned maxPreflightCacheTimeoutSeconds = 600; // Should be short enough to minimize the risk of using a poisoned cache after switching to a secur e network. 40 static const unsigned maxPreflightCacheTimeoutSeconds = 600; // Should be short enough to minimize the risk of using a poisoned cache after switching to a secur e network.
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after
96 m_headers.clear(); 96 m_headers.clear();
97 if (!parseAccessControlAllowList(response.httpHeaderField("Access-Control-Al low-Headers"), m_headers)) { 97 if (!parseAccessControlAllowList(response.httpHeaderField("Access-Control-Al low-Headers"), m_headers)) {
98 errorDescription = "Cannot parse Access-Control-Allow-Headers response h eader field."; 98 errorDescription = "Cannot parse Access-Control-Allow-Headers response h eader field.";
99 return false; 99 return false;
100 } 100 }
101 101
102 unsigned expiryDelta; 102 unsigned expiryDelta;
103 if (parseAccessControlMaxAge(response.httpHeaderField("Access-Control-Max-Ag e"), expiryDelta)) { 103 if (parseAccessControlMaxAge(response.httpHeaderField("Access-Control-Max-Ag e"), expiryDelta)) {
104 if (expiryDelta > maxPreflightCacheTimeoutSeconds) 104 if (expiryDelta > maxPreflightCacheTimeoutSeconds)
105 expiryDelta = maxPreflightCacheTimeoutSeconds; 105 expiryDelta = maxPreflightCacheTimeoutSeconds;
106 } else 106 } else {
107 expiryDelta = defaultPreflightCacheTimeoutSeconds; 107 expiryDelta = defaultPreflightCacheTimeoutSeconds;
108 }
108 109
109 m_absoluteExpiryTime = currentTime() + expiryDelta; 110 m_absoluteExpiryTime = currentTime() + expiryDelta;
110 return true; 111 return true;
111 } 112 }
112 113
113 bool CrossOriginPreflightResultCacheItem::allowsCrossOriginMethod(const String& method, String& errorDescription) const 114 bool CrossOriginPreflightResultCacheItem::allowsCrossOriginMethod(const String& method, String& errorDescription) const
114 { 115 {
115 if (m_methods.contains(method) || isOnAccessControlSimpleRequestMethodWhitel ist(method)) 116 if (m_methods.contains(method) || FetchUtils::isSimpleMethod(method))
116 return true; 117 return true;
117 118
118 errorDescription = "Method " + method + " is not allowed by Access-Control-A llow-Methods."; 119 errorDescription = "Method " + method + " is not allowed by Access-Control-A llow-Methods.";
119 return false; 120 return false;
120 } 121 }
121 122
122 bool CrossOriginPreflightResultCacheItem::allowsCrossOriginHeaders(const HTTPHea derMap& requestHeaders, String& errorDescription) const 123 bool CrossOriginPreflightResultCacheItem::allowsCrossOriginHeaders(const HTTPHea derMap& requestHeaders, String& errorDescription) const
123 { 124 {
124 HTTPHeaderMap::const_iterator end = requestHeaders.end(); 125 HTTPHeaderMap::const_iterator end = requestHeaders.end();
125 for (HTTPHeaderMap::const_iterator it = requestHeaders.begin(); it != end; + +it) { 126 for (HTTPHeaderMap::const_iterator it = requestHeaders.begin(); it != end; + +it) {
126 if (!m_headers.contains(it->key) && !isOnAccessControlSimpleRequestHeade rWhitelist(it->key, it->value)) { 127 if (!m_headers.contains(it->key) && !FetchUtils::isSimpleHeader(it->key, it->value) && !FetchUtils::isForbiddenHeaderName(it->key)) {
127 errorDescription = "Request header field " + it->key.string() + " is not allowed by Access-Control-Allow-Headers."; 128 errorDescription = "Request header field " + it->key.string() + " is not allowed by Access-Control-Allow-Headers.";
128 return false; 129 return false;
129 } 130 }
130 } 131 }
131 return true; 132 return true;
132 } 133 }
133 134
134 bool CrossOriginPreflightResultCacheItem::allowsRequest(StoredCredentials includ eCredentials, const String& method, const HTTPHeaderMap& requestHeaders) const 135 bool CrossOriginPreflightResultCacheItem::allowsRequest(StoredCredentials includ eCredentials, const String& method, const HTTPHeaderMap& requestHeaders) const
135 { 136 {
136 String ignoredExplanation; 137 String ignoredExplanation;
(...skipping 29 matching lines...) Expand all
166 return false; 167 return false;
167 168
168 if (cacheIt->value->allowsRequest(includeCredentials, method, requestHeaders )) 169 if (cacheIt->value->allowsRequest(includeCredentials, method, requestHeaders ))
169 return true; 170 return true;
170 171
171 m_preflightHashMap.remove(cacheIt); 172 m_preflightHashMap.remove(cacheIt);
172 return false; 173 return false;
173 } 174 }
174 175
175 } // namespace blink 176 } // namespace blink
OLDNEW
« no previous file with comments | « Source/core/fetch/FetchUtils.cpp ('k') | Source/core/loader/DocumentThreadableLoader.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698