OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2011, 2012 Google Inc. All rights reserved. |
3 * Copyright (C) 2013, Intel Corporation | 3 * Copyright (C) 2013, Intel Corporation |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions are | 6 * modification, are permitted provided that the following conditions are |
7 * met: | 7 * met: |
8 * | 8 * |
9 * * Redistributions of source code must retain the above copyright | 9 * * Redistributions of source code must retain the above copyright |
10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
(...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
92 if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == DenyCrossO riginRequests) { | 92 if (!m_sameOriginRequest && m_options.crossOriginRequestPolicy == DenyCrossO riginRequests) { |
93 m_client->didFail(ResourceError(errorDomainBlinkInternal, 0, request.url ().string(), "Cross origin requests are not supported.")); | 93 m_client->didFail(ResourceError(errorDomainBlinkInternal, 0, request.url ().string(), "Cross origin requests are not supported.")); |
94 return; | 94 return; |
95 } | 95 } |
96 | 96 |
97 m_requestStartedSeconds = monotonicallyIncreasingTime(); | 97 m_requestStartedSeconds = monotonicallyIncreasingTime(); |
98 | 98 |
99 // Save any CORS simple headers on the request here. If this request redirec ts cross-origin, we cancel the old request | 99 // Save any CORS simple headers on the request here. If this request redirec ts cross-origin, we cancel the old request |
100 // create a new one, and copy these headers. | 100 // create a new one, and copy these headers. |
101 const HTTPHeaderMap& headerMap = request.httpHeaderFields(); | 101 const HTTPHeaderMap& headerMap = request.httpHeaderFields(); |
102 HTTPHeaderMap::const_iterator end = headerMap.end(); | 102 for (const auto& header : headerMap) { |
103 for (HTTPHeaderMap::const_iterator it = headerMap.begin(); it != end; ++it) { | 103 if (FetchUtils::isSimpleHeader(header.key, header.value)) |
104 if (FetchUtils::isSimpleHeader(it->key, it->value)) | 104 m_simpleRequestHeaders.add(header.key, header.value); |
105 m_simpleRequestHeaders.add(it->key, it->value); | |
106 } | 105 } |
107 | 106 |
108 // If the fetch request will be handled by the ServiceWorker, the | 107 // If the fetch request will be handled by the ServiceWorker, the |
109 // FetchRequestMode of the request must be FetchRequestModeCORS or | 108 // FetchRequestMode of the request must be FetchRequestModeCORS or |
110 // FetchRequestModeCORSWithForcedPreflight. Otherwise the ServiceWorker can | 109 // FetchRequestModeCORSWithForcedPreflight. Otherwise the ServiceWorker can |
111 // return a opaque response which is from the other origin site and the | 110 // return a opaque response which is from the other origin site and the |
112 // script in the page can read the content. | 111 // script in the page can read the content. |
113 // | 112 // |
114 // We assume that ServiceWorker is skipped for sync requests and non-HTTP | 113 // We assume that ServiceWorker is skipped for sync requests and non-HTTP |
115 // familiy requests by content/ code. | 114 // familiy requests by content/ code. |
(...skipping 206 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
322 // Since the request is no longer same-origin, if the user didn't re quest credentials in | 321 // Since the request is no longer same-origin, if the user didn't re quest credentials in |
323 // the first place, update our state so we neither request them nor expect they must be allowed. | 322 // the first place, update our state so we neither request them nor expect they must be allowed. |
324 if (m_resourceLoaderOptions.credentialsRequested == ClientDidNotRequ estCredentials) | 323 if (m_resourceLoaderOptions.credentialsRequested == ClientDidNotRequ estCredentials) |
325 m_forceDoNotAllowStoredCredentials = true; | 324 m_forceDoNotAllowStoredCredentials = true; |
326 | 325 |
327 // Remove any headers that may have been added by the network layer that cause access control to fail. | 326 // Remove any headers that may have been added by the network layer that cause access control to fail. |
328 request.clearHTTPReferrer(); | 327 request.clearHTTPReferrer(); |
329 request.clearHTTPOrigin(); | 328 request.clearHTTPOrigin(); |
330 request.clearHTTPUserAgent(); | 329 request.clearHTTPUserAgent(); |
331 // Add any CORS simple request headers which we previously saved fro m the original request. | 330 // Add any CORS simple request headers which we previously saved fro m the original request. |
332 HTTPHeaderMap::const_iterator end = m_simpleRequestHeaders.end(); | 331 for (const auto& header : m_simpleRequestHeaders) { |
Nate Chapin
2015/01/05 21:41:04
Nit: no {} for single-line for() bodies.
zhaoze.zhou
2015/01/08 03:18:19
Done.
| |
333 for (HTTPHeaderMap::const_iterator it = m_simpleRequestHeaders.begin (); it != end; ++it) { | 332 request.setHTTPHeaderField(header.key, header.value); |
334 request.setHTTPHeaderField(it->key, it->value); | |
335 } | 333 } |
336 makeCrossOriginAccessRequest(request); | 334 makeCrossOriginAccessRequest(request); |
337 return; | 335 return; |
338 } | 336 } |
339 | 337 |
340 ResourceError error(errorDomainBlinkInternal, 0, redirectResponse.url(). string(), accessControlErrorDescription); | 338 ResourceError error(errorDomainBlinkInternal, 0, redirectResponse.url(). string(), accessControlErrorDescription); |
341 m_client->didFailAccessControlCheck(error); | 339 m_client->didFailAccessControlCheck(error); |
342 } else { | 340 } else { |
343 m_client->didFailRedirectCheck(); | 341 m_client->didFailRedirectCheck(); |
344 } | 342 } |
(...skipping 289 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
634 return DoNotAllowStoredCredentials; | 632 return DoNotAllowStoredCredentials; |
635 return m_resourceLoaderOptions.allowCredentials; | 633 return m_resourceLoaderOptions.allowCredentials; |
636 } | 634 } |
637 | 635 |
638 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const | 636 SecurityOrigin* DocumentThreadableLoader::securityOrigin() const |
639 { | 637 { |
640 return m_securityOrigin ? m_securityOrigin.get() : m_document.securityOrigin (); | 638 return m_securityOrigin ? m_securityOrigin.get() : m_document.securityOrigin (); |
641 } | 639 } |
642 | 640 |
643 } // namespace blink | 641 } // namespace blink |
OLD | NEW |