void XMLHttpRequest::makeCrossSiteAccessRequest(ExceptionCode& ec)
{
ASSERT(!m_sameOriginRequest);
if (isSimpleCrossSiteAccessRequest())
makeSimpleCrossSiteAccessRequest(ec);
else
makeCrossSiteAccessRequestWithPreflight(ec);
}
void XMLHttpRequest::makeCrossSiteAccessRequest(ExceptionCode& ec)
{
ASSERT(!m_sameOriginRequest);
bool privilegedScript = m_doc->securityOrigin()->canLoadLocalResources();
HTTPHeaderMap::const_iterator end = m_requestHeaders.end();
for (HTTPHeaderMap::const_iterator it = m_requestHeaders.begin(); it != end; ++it) {
// A privileged script (e.g. a Dashboard widget) can send any headers.
if (!privilegedScript && isOnAccessControllRequestHeaderBlackList(it->first)) {
if (m_doc && m_doc->frame())
m_doc->frame()->domWindow()->console()->addMessage(JSMessageSource, ErrorMessageLevel, "Refused to send header \"" + it->first + "\" cross-domain.", 1, String());
continue;
}
m_crossSiteRequestHeaders.add(it->first, it->second);
}
if (isSimpleCrossSiteAccessRequest())
makeSimpleCrossSiteAccessRequest(ec);
else
makeCrossSiteAccessRequestWithPreflight(ec);
}
