OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2008, 2009 Apple Inc. All Rights Reserved. | 2 * Copyright (C) 2008, 2009 Apple Inc. All Rights Reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
115 { | 115 { |
116 if (m_methods.contains(method) || FetchUtils::isSimpleMethod(method)) | 116 if (m_methods.contains(method) || FetchUtils::isSimpleMethod(method)) |
117 return true; | 117 return true; |
118 | 118 |
119 errorDescription = "Method " + method + " is not allowed by Access-Control-A
llow-Methods."; | 119 errorDescription = "Method " + method + " is not allowed by Access-Control-A
llow-Methods."; |
120 return false; | 120 return false; |
121 } | 121 } |
122 | 122 |
123 bool CrossOriginPreflightResultCacheItem::allowsCrossOriginHeaders(const HTTPHea
derMap& requestHeaders, String& errorDescription) const | 123 bool CrossOriginPreflightResultCacheItem::allowsCrossOriginHeaders(const HTTPHea
derMap& requestHeaders, String& errorDescription) const |
124 { | 124 { |
125 HTTPHeaderMap::const_iterator end = requestHeaders.end(); | 125 for (const auto& header : requestHeaders) { |
126 for (HTTPHeaderMap::const_iterator it = requestHeaders.begin(); it != end; +
+it) { | 126 if (!m_headers.contains(header.key) && !FetchUtils::isSimpleHeader(heade
r.key, header.value) && !FetchUtils::isForbiddenHeaderName(header.key)) { |
127 if (!m_headers.contains(it->key) && !FetchUtils::isSimpleHeader(it->key,
it->value) && !FetchUtils::isForbiddenHeaderName(it->key)) { | 127 errorDescription = "Request header field " + header.key.string() + "
is not allowed by Access-Control-Allow-Headers."; |
128 errorDescription = "Request header field " + it->key.string() + " is
not allowed by Access-Control-Allow-Headers."; | |
129 return false; | 128 return false; |
130 } | 129 } |
131 } | 130 } |
132 return true; | 131 return true; |
133 } | 132 } |
134 | 133 |
135 bool CrossOriginPreflightResultCacheItem::allowsRequest(StoredCredentials includ
eCredentials, const String& method, const HTTPHeaderMap& requestHeaders) const | 134 bool CrossOriginPreflightResultCacheItem::allowsRequest(StoredCredentials includ
eCredentials, const String& method, const HTTPHeaderMap& requestHeaders) const |
136 { | 135 { |
137 String ignoredExplanation; | 136 String ignoredExplanation; |
138 if (m_absoluteExpiryTime < currentTime()) | 137 if (m_absoluteExpiryTime < currentTime()) |
(...skipping 28 matching lines...) Expand all Loading... |
167 return false; | 166 return false; |
168 | 167 |
169 if (cacheIt->value->allowsRequest(includeCredentials, method, requestHeaders
)) | 168 if (cacheIt->value->allowsRequest(includeCredentials, method, requestHeaders
)) |
170 return true; | 169 return true; |
171 | 170 |
172 m_preflightHashMap.remove(cacheIt); | 171 m_preflightHashMap.remove(cacheIt); |
173 return false; | 172 return false; |
174 } | 173 } |
175 | 174 |
176 } // namespace blink | 175 } // namespace blink |
OLD | NEW |