OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. |
3 * Copyright (C) 2013, Intel Corporation | 3 * Copyright (C) 2013, Intel Corporation |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions are | 6 * modification, are permitted provided that the following conditions are |
7 * met: | 7 * met: |
8 * | 8 * |
9 * * Redistributions of source code must retain the above copyright | 9 * * Redistributions of source code must retain the above copyright |
10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
(...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
104 return; | 104 return; |
105 } | 105 } |
106 | 106 |
107 makeCrossOriginAccessRequest(request); | 107 makeCrossOriginAccessRequest(request); |
108 } | 108 } |
109 | 109 |
110 void DocumentThreadableLoader::makeCrossOriginAccessRequest(const ResourceReques t& request) | 110 void DocumentThreadableLoader::makeCrossOriginAccessRequest(const ResourceReques t& request) |
111 { | 111 { |
112 ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl); | 112 ASSERT(m_options.crossOriginRequestPolicy == UseAccessControl); |
113 | 113 |
114 // Cross-origin requests are only allowed for HTTP and registered schemes. | |
115 // We would catch this when checking response headers later, but there is no reason to | |
116 // send a request, preflighted or not, that's guaranteed to be denied. | |
117 if (!SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(request.url().protoco l())) { | |
118 m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkIntern al, 0, request.url().string(), "Cross origin requests are only supported for HTT P.")); | |
abarth-chromium
2014/07/14 00:59:45
This message doesn't seem entirely correct. Can w
sof
2014/07/14 07:03:26
Certainly, it would help to be accurate. Doesn't i
| |
119 return; | |
120 } | |
121 | |
114 if ((m_options.preflightPolicy == ConsiderPreflight && isSimpleCrossOriginAc cessRequest(request.httpMethod(), request.httpHeaderFields())) || m_options.pref lightPolicy == PreventPreflight) { | 122 if ((m_options.preflightPolicy == ConsiderPreflight && isSimpleCrossOriginAc cessRequest(request.httpMethod(), request.httpHeaderFields())) || m_options.pref lightPolicy == PreventPreflight) { |
115 // Cross-origin requests are only allowed for HTTP and registered scheme s. We would catch this when checking response headers later, but there is no rea son to send a request that's guaranteed to be denied. | |
116 if (!SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(request.url().pro tocol())) { | |
117 m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkIn ternal, 0, request.url().string(), "Cross origin requests are only supported for HTTP.")); | |
118 return; | |
119 } | |
120 | |
121 ResourceRequest crossOriginRequest(request); | 123 ResourceRequest crossOriginRequest(request); |
122 ResourceLoaderOptions crossOriginOptions(m_resourceLoaderOptions); | 124 ResourceLoaderOptions crossOriginOptions(m_resourceLoaderOptions); |
123 updateRequestForAccessControl(crossOriginRequest, securityOrigin(), effe ctiveAllowCredentials()); | 125 updateRequestForAccessControl(crossOriginRequest, securityOrigin(), effe ctiveAllowCredentials()); |
124 loadRequest(crossOriginRequest, crossOriginOptions); | 126 loadRequest(crossOriginRequest, crossOriginOptions); |
125 } else { | 127 } else { |
126 m_simpleRequest = false; | 128 m_simpleRequest = false; |
127 | 129 |
128 OwnPtr<ResourceRequest> crossOriginRequest = adoptPtr(new ResourceReques t(request)); | 130 OwnPtr<ResourceRequest> crossOriginRequest = adoptPtr(new ResourceReques t(request)); |
129 OwnPtr<ResourceLoaderOptions> crossOriginOptions = adoptPtr(new Resource LoaderOptions(m_resourceLoaderOptions)); | 131 OwnPtr<ResourceLoaderOptions> crossOriginOptions = adoptPtr(new Resource LoaderOptions(m_resourceLoaderOptions)); |
130 // Do not set the Origin header for preflight requests. | 132 // Do not set the Origin header for preflight requests. |
(...skipping 365 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
496 return DoNotAllowStoredCredentials; | 498 return DoNotAllowStoredCredentials; |
497 return m_resourceLoaderOptions.allowCredentials; | 499 return m_resourceLoaderOptions.allowCredentials; |
498 } | 500 } |
499 | 501 |
500 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const | 502 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const |
501 { | 503 { |
502 return m_securityOrigin ? m_securityOrigin.get() : m_document.securityOrigin (); | 504 return m_securityOrigin ? m_securityOrigin.get() : m_document.securityOrigin (); |
503 } | 505 } |
504 | 506 |
505 } // namespace WebCore | 507 } // namespace WebCore |
OLD | NEW |