Index: Source/core/loader/DocumentThreadableLoader.cpp |
diff --git a/Source/core/loader/DocumentThreadableLoader.cpp b/Source/core/loader/DocumentThreadableLoader.cpp |
index a430b1b00ded78d66b84b6e7111a2c20b702046d..bc44a3ce3617ee05321f13bbf9a8341cb9118c68 100644 |
--- a/Source/core/loader/DocumentThreadableLoader.cpp |
+++ b/Source/core/loader/DocumentThreadableLoader.cpp |
@@ -299,7 +299,7 @@ void DocumentThreadableLoader::redirectReceived(Resource* resource, ResourceRequ |
if (m_simpleRequest) { |
allowRedirect = CrossOriginAccessControl::isLegalRedirectLocation(request.url(), accessControlErrorDescription) |
- && (m_sameOriginRequest || passesAccessControlCheck(redirectResponse, effectiveAllowCredentials(), securityOrigin(), accessControlErrorDescription)); |
+ && (m_sameOriginRequest || passesAccessControlCheck(&m_document, redirectResponse, effectiveAllowCredentials(), securityOrigin(), accessControlErrorDescription)); |
} else { |
accessControlErrorDescription = "The request was redirected to '"+ request.url().string() + "', which is disallowed for cross-origin requests that require preflight."; |
} |
@@ -380,7 +380,7 @@ void DocumentThreadableLoader::handlePreflightResponse(const ResourceResponse& r |
{ |
String accessControlErrorDescription; |
- if (!passesAccessControlCheck(response, effectiveAllowCredentials(), securityOrigin(), accessControlErrorDescription)) { |
+ if (!passesAccessControlCheck(&m_document, response, effectiveAllowCredentials(), securityOrigin(), accessControlErrorDescription)) { |
handlePreflightFailure(response.url().string(), accessControlErrorDescription); |
return; |
} |
@@ -436,7 +436,7 @@ void DocumentThreadableLoader::handleResponse(unsigned long identifier, const Re |
if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == UseAccessControl) { |
String accessControlErrorDescription; |
- if (!passesAccessControlCheck(response, effectiveAllowCredentials(), securityOrigin(), accessControlErrorDescription)) { |
+ if (!passesAccessControlCheck(&m_document, response, effectiveAllowCredentials(), securityOrigin(), accessControlErrorDescription)) { |
reportResponseReceived(identifier, response); |
m_client->didFailAccessControlCheck(ResourceError(errorDomainBlinkInternal, 0, response.url().string(), accessControlErrorDescription)); |
return; |