Chromium Code Reviews Chromium Code Reviews
Issue 613733002:
Enabled CORS for chrome://resources. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: content/browser/webui/url_data_manager_backend.cc |
| diff --git a/content/browser/webui/url_data_manager_backend.cc b/content/browser/webui/url_data_manager_backend.cc |
| index cda08bbda0d2e0f596df81a6eccebd6f7cd2c56f..ccc257d1a61306750bc7da48bb12560b9d35c742 100644 |
| --- a/content/browser/webui/url_data_manager_backend.cc |
| +++ b/content/browser/webui/url_data_manager_backend.cc |
| @@ -90,6 +90,20 @@ void URLToRequestPath(const GURL& url, std::string* path) { |
| path->assign(spec.substr(offset)); |
| } |
| +// Returns a value of 'Origin:' header for the |request| if the header is set. |
| +// Otherwise returns an empty string. |
| +std::string GetOriginHeaderValue(const net::URLRequest* request) { |
| + std::string result; |
| + if (request->extra_request_headers().GetHeader( |
| + net::HttpRequestHeaders::kOrigin, &result)) |
| + return result; |
| + net::HttpRequestHeaders headers; |
| + if (request->GetFullRequestHeaders(&headers) && |
| + headers.GetHeader(net::HttpRequestHeaders::kOrigin, &result)) |
| + return result; |
| + return result; |
|
Charlie Reis
2014/10/06 19:43:20
nit: This is a strange way to phrase it, because w
dzhioev (left Google)
2014/10/08 18:41:37
Done.
|
| +} |
| + |
| } // namespace |
| // URLRequestChromeJob is a net::URLRequestJob that manages running |
| @@ -152,6 +166,10 @@ class URLRequestChromeJob : public net::URLRequestJob, |
| send_content_type_header_ = send_content_type_header; |
| } |
| + void set_access_control_allow_origin(const std::string& value) { |
| + access_control_allow_origin_ = value; |
| + } |
| + |
| // Returns true when job was generated from an incognito profile. |
| bool is_incognito() const { |
| return is_incognito_; |
| @@ -202,6 +220,10 @@ class URLRequestChromeJob : public net::URLRequestJob, |
| // If true, sets the "Content-Type: <mime-type>" header. |
| bool send_content_type_header_; |
| + // If not empty, "Access-Control-Allow-Origin:" is set to the value of this |
| + // string. |
| + std::string access_control_allow_origin_; |
| + |
| // True when job is generated from an incognito profile. |
| const bool is_incognito_; |
| @@ -293,6 +315,12 @@ void URLRequestChromeJob::GetResponseInfo(net::HttpResponseInfo* info) { |
| mime_type_.c_str()); |
| info->headers->AddHeader(content_type); |
| } |
| + |
| + if (!access_control_allow_origin_.empty()) { |
| + info->headers->AddHeader("Access-Control-Allow-Origin: " + |
| + access_control_allow_origin_); |
| + info->headers->AddHeader("Vary: Origin"); |
| + } |
| } |
| void URLRequestChromeJob::MimeTypeAvailable(const std::string& mime_type) { |
| @@ -578,6 +606,15 @@ bool URLDataManagerBackend::StartRequest(const net::URLRequest* request, |
| job->set_send_content_type_header( |
| source->source()->ShouldServeMimeTypeAsContentTypeHeader()); |
| + std::string origin = GetOriginHeaderValue(request); |
| + if (!origin.empty()) { |
| + std::string header = |
| + source->source()->GetAccessControlAllowOriginForOrigin(origin); |
| + DCHECK(header.empty() || header == origin || header == "*" || |
| + header == "null"); |
| + job->set_access_control_allow_origin(header); |
| + } |
| + |
| // Look up additional request info to pass down. |
| int render_process_id = -1; |
| int render_frame_id = -1; |
