Index: third_party/WebKit/WebCore/loader/CrossOriginAccessControl.cpp |
=================================================================== |
--- third_party/WebKit/WebCore/loader/CrossOriginAccessControl.cpp (revision 11711) |
+++ third_party/WebKit/WebCore/loader/CrossOriginAccessControl.cpp (working copy) |
@@ -36,12 +36,15 @@ |
bool isOnAccessControlSimpleRequestHeaderWhitelist(const String& name) |
{ |
- return equalIgnoringCase(name, "accept") || equalIgnoringCase(name, "accept-language") || equalIgnoringCase(name, "content-type"); |
+ return equalIgnoringCase(name, "accept") |
+ || equalIgnoringCase(name, "accept-language") |
+ || equalIgnoringCase(name, "content-language") |
+ || equalIgnoringCase(name, "content-type"); |
} |
bool isSimpleCrossOriginAccessRequest(const String& method, const HTTPHeaderMap& headerMap) |
{ |
- if (method != "GET" && method != "POST") |
+ if (method != "GET" && method != "HEAD" && method != "POST") |
return false; |
HTTPHeaderMap::const_iterator end = headerMap.end(); |
@@ -50,6 +53,15 @@ |
return false; |
} |
+ HTTPHeaderMap::const_iterator contentTypeIter = headerMap.find("Content-Type"); |
+ if (contentTypeIter != headerMap.end()) { |
+ const String& contentType = contentTypeIter->second; |
+ if (!equalIgnoringCase(contentType, "application/x-www-form-urlencoded") |
+ && !equalIgnoringCase(contentType, "multipart/form-data") |
+ && !equalIgnoringCase(contentType, "text/plain")) |
+ return false; |
+ } |
+ |
return true; |
} |