Chromium Code Reviews Chromium Code Reviews
Issue 613733002:
Enabled CORS for chrome://resources. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/webui/url_data_manager_backend.h" | 5 #include "content/browser/webui/url_data_manager_backend.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 | 8 |
| 9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 253 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 264 return net::HTTP_OK; | 264 return net::HTTP_OK; |
| 265 } | 265 } |
| 266 | 266 |
| 267 void URLRequestChromeJob::GetResponseInfo(net::HttpResponseInfo* info) { | 267 void URLRequestChromeJob::GetResponseInfo(net::HttpResponseInfo* info) { |
| 268 DCHECK(!info->headers.get()); | 268 DCHECK(!info->headers.get()); |
| 269 // Set the headers so that requests serviced by ChromeURLDataManager return a | 269 // Set the headers so that requests serviced by ChromeURLDataManager return a |
| 270 // status code of 200. Without this they return a 0, which makes the status | 270 // status code of 200. Without this they return a 0, which makes the status |
| 271 // indistiguishable from other error types. Instant relies on getting a 200. | 271 // indistiguishable from other error types. Instant relies on getting a 200. |
| 272 info->headers = new net::HttpResponseHeaders("HTTP/1.1 200 OK"); | 272 info->headers = new net::HttpResponseHeaders("HTTP/1.1 200 OK"); |
| 273 | 273 |
| 274 info->headers->AddHeader("Access-Control-Allow-Origin: *"); | |
|
dglazkov
2014/09/29 17:01:21
Is '*' really what you want here?
dzhioev (left Google)
2014/09/29 17:32:11
It seems 'Access-Control-Allow-Origin' can be eith
| |
| 275 | |
| 274 // Determine the least-privileged content security policy header, if any, | 276 // Determine the least-privileged content security policy header, if any, |
| 275 // that is compatible with a given WebUI URL, and append it to the existing | 277 // that is compatible with a given WebUI URL, and append it to the existing |
| 276 // response headers. | 278 // response headers. |
| 277 if (add_content_security_policy_) { | 279 if (add_content_security_policy_) { |
| 278 std::string base = kChromeURLContentSecurityPolicyHeaderBase; | 280 std::string base = kChromeURLContentSecurityPolicyHeaderBase; |
| 279 base.append(content_security_policy_object_source_); | 281 base.append(content_security_policy_object_source_); |
| 280 base.append(content_security_policy_frame_source_); | 282 base.append(content_security_policy_frame_source_); |
| 281 info->headers->AddHeader(base); | 283 info->headers->AddHeader(base); |
| 282 } | 284 } |
| 283 | 285 |
| (...skipping 446 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 730 | 732 |
| 731 } // namespace | 733 } // namespace |
| 732 | 734 |
| 733 net::URLRequestJobFactory::ProtocolHandler* | 735 net::URLRequestJobFactory::ProtocolHandler* |
| 734 CreateDevToolsProtocolHandler(content::ResourceContext* resource_context, | 736 CreateDevToolsProtocolHandler(content::ResourceContext* resource_context, |
| 735 bool is_incognito) { | 737 bool is_incognito) { |
| 736 return new DevToolsJobFactory(resource_context, is_incognito); | 738 return new DevToolsJobFactory(resource_context, is_incognito); |
| 737 } | 739 } |
| 738 | 740 |
| 739 } // namespace content | 741 } // namespace content |
| OLD | NEW |
