bool PreflightResultCacheItem::allowsCrossSiteHeaders(const HTTPHeaderMap& requestHeaders) const
{
HTTPHeaderMap::const_iterator end = requestHeaders.end();
for (HTTPHeaderMap::const_iterator it = requestHeaders.begin(); it != end; ++it) {
if (!m_headers.contains(it->first) && !isOnAccessControlSimpleRequestHeaderWhitelist(it->first))
return false;
}
return true;
}
bool CrossOriginPreflightResultCacheItem::allowsCrossOriginHeaders(const HTTPHeaderMap& requestHeaders, String& errorDescription) const
{
HTTPHeaderMap::const_iterator end = requestHeaders.end();
for (HTTPHeaderMap::const_iterator it = requestHeaders.begin(); it != end; ++it) {
if (!m_headers.contains(it->first) && !isOnAccessControlSimpleRequestHeaderWhitelist(it->first, it->second)) {
errorDescription = "Request header field " + it->first.string() + " is not allowed by Access-Control-Allow-Headers.";
return false;
}
}
return true;
}
bool isSimpleCrossOriginAccessRequest(const String& method, const HTTPHeaderMap& headerMap)
{
if (!isOnAccessControlSimpleRequestMethodWhitelist(method))
return false;
for (const auto& header : headerMap) {
if (!header.keyAsHTTPHeaderName || !isOnAccessControlSimpleRequestHeaderWhitelist(header.keyAsHTTPHeaderName.value(), header.value))
return false;
}
return true;
}
bool isSimpleCrossOriginAccessRequest(const String& method, const HTTPHeaderMap& headerMap)
{
if (!isOnAccessControlSimpleRequestMethodWhitelist(method))
return false;
HTTPHeaderMap::const_iterator end = headerMap.end();
for (HTTPHeaderMap::const_iterator it = headerMap.begin(); it != end; ++it) {
if (!isOnAccessControlSimpleRequestHeaderWhitelist(it->first, it->second))
return false;
}
return true;
}
bool XMLHttpRequest::isSimpleCrossSiteAccessRequest() const
{
if (m_method != "GET")
return false;
HTTPHeaderMap::const_iterator end = m_crossSiteRequestHeaders.end();
for (HTTPHeaderMap::const_iterator it = m_crossSiteRequestHeaders.begin(); it != end; ++it) {
if (!isOnAccessControlSimpleRequestHeaderWhitelist(it->first))
return false;
}
return true;
}
static bool canSkipPrelight(PreflightResultCache::iterator cacheIt, bool includeCredentials, const String& method, const HTTPHeaderMap& requestHeaders)
{
PreflightResultCacheItem* item = cacheIt->second;
if (item->m_absoluteExpiryTime < currentTime())
return false;
if (includeCredentials && !item->m_credentials)
return false;
if (!item->m_methods->contains(method) && method != "GET" && method != "POST")
return false;
HTTPHeaderMap::const_iterator end = requestHeaders.end();
for (HTTPHeaderMap::const_iterator it = requestHeaders.begin(); it != end; ++it) {
if (!item->m_headers->contains(it->first) && !isOnAccessControlSimpleRequestHeaderWhitelist(it->first))
return false;
}
return true;
}
