bool passesAccessControlCheck(const ResourceResponse& response, StoredCredentials includeCredentials, SecurityOrigin* securityOrigin, String& errorDescription)
{
AtomicallyInitializedStaticReference(AtomicString, accessControlAllowOrigin, (new AtomicString("access-control-allow-origin", AtomicString::ConstructFromLiteral)));
AtomicallyInitializedStaticReference(AtomicString, accessControlAllowCredentials, (new AtomicString("access-control-allow-credentials", AtomicString::ConstructFromLiteral)));
if (!response.httpStatusCode()) {
errorDescription = "Received an invalid response. Origin '" + securityOrigin->toString() + "' is therefore not allowed access.";
return false;
}
const AtomicString& accessControlOriginString = response.httpHeaderField(accessControlAllowOrigin);
if (accessControlOriginString == starAtom) {
// A wildcard Access-Control-Allow-Origin can not be used if credentials are to be sent,
// even with Access-Control-Allow-Credentials set to true.
if (includeCredentials == DoNotAllowStoredCredentials)
return true;
if (response.isHTTP()) {
errorDescription = "A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin '" + securityOrigin->toString() + "' is therefore not allowed access.";
return false;
}
} else if (accessControlOriginString != securityOrigin->toAtomicString()) {
if (accessControlOriginString.isNull()) {
errorDescription = "No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '" + securityOrigin->toString() + "' is therefore not allowed access.";
if (isInterestingStatusCode(response.httpStatusCode()))
errorDescription.append(" The response had HTTP status code " + String::number(response.httpStatusCode()) + ".");
} else if (accessControlOriginString.string().find(isOriginSeparator, 0) != kNotFound) {
errorDescription = "The 'Access-Control-Allow-Origin' header contains multiple values '" + accessControlOriginString + "', but only one is allowed. Origin '" + securityOrigin->toString() + "' is therefore not allowed access.";
} else {
KURL headerOrigin(KURL(), accessControlOriginString);
if (!headerOrigin.isValid())
errorDescription = "The 'Access-Control-Allow-Origin' header contains the invalid value '" + accessControlOriginString + "'. Origin '" + securityOrigin->toString() + "' is therefore not allowed access.";
else
errorDescription = "The 'Access-Control-Allow-Origin' header has a value '" + accessControlOriginString + "' that is not equal to the supplied origin. Origin '" + securityOrigin->toString() + "' is therefore not allowed access.";
}
return false;
}
if (includeCredentials == AllowStoredCredentials) {
const AtomicString& accessControlCredentialsString = response.httpHeaderField(accessControlAllowCredentials);
if (accessControlCredentialsString != "true") {
errorDescription = "Credentials flag is 'true', but the 'Access-Control-Allow-Credentials' header is '" + accessControlCredentialsString + "'. It must be 'true' to allow credentials.";
return false;
}
}
return true;
}
unsigned nextMessageId()
{
struct MessageId {
MessageId() : value(0) { }
unsigned value;
};
AtomicallyInitializedStaticReference(WTF::ThreadSpecific<MessageId>, messageId, new WTF::ThreadSpecific<MessageId>);
return ++messageId->value;
}
String NavigatorID::platform()
{
#if OS(MACOSX)
// Match Safari and Mozilla on Mac x86.
return "MacIntel";
#elif OS(WIN)
// Match Safari and Mozilla on Windows.
return "Win32";
#else // Unix-like systems
struct utsname osname;
AtomicallyInitializedStaticReference(ThreadSpecific<String>, platformName, new ThreadSpecific<String>());
if (platformName->isNull()) {
*platformName = String(uname(&osname) >= 0 ? String(osname.sysname) + String(" ") + String(osname.machine) : emptyString());
}
return *platformName;
#endif
}
NetworkStateNotifier& networkStateNotifier()
{
AtomicallyInitializedStaticReference(NetworkStateNotifier, networkStateNotifier, new NetworkStateNotifier);
return networkStateNotifier;
}
static CSSTextCache& cssTextCache()
{
AtomicallyInitializedStaticReference(ThreadSpecific<CSSTextCache>, cache, new ThreadSpecific<CSSTextCache>());
return *cache;
}
// FIXME: move all guid-related functions to a DatabaseVersionTracker class.
static RecursiveMutex& guidMutex()
{
AtomicallyInitializedStaticReference(RecursiveMutex, mutex, new RecursiveMutex);
return mutex;
}
static HeapSizeCache& forCurrentThread()
{
AtomicallyInitializedStaticReference(ThreadSpecific<HeapSizeCache>, heapSizeCache, new ThreadSpecific<HeapSizeCache>);
return *heapSizeCache;
}
static ExceptionState& emptyExceptionState()
{
AtomicallyInitializedStaticReference(WTF::ThreadSpecific<NonThrowableExceptionState>, exceptionState, new ThreadSpecific<NonThrowableExceptionState>);
return *exceptionState;
}
Mutex& MainThreadDebugger::creationMutex()
{
AtomicallyInitializedStaticReference(Mutex, mutex, (new Mutex));
return mutex;
}
static Mutex& cachedCollatorMutex()
{
AtomicallyInitializedStaticReference(Mutex, mutex, new Mutex);
return mutex;
}
ProfileNameIdleTimeMap* ScriptProfiler::currentProfileNameIdleTimeMap()
{
AtomicallyInitializedStaticReference(WTF::ThreadSpecific<ProfileNameIdleTimeMap>, map, new WTF::ThreadSpecific<ProfileNameIdleTimeMap>);
return map;
}
bool isOnAccessControlResponseHeaderWhitelist(const String& name)
{
AtomicallyInitializedStaticReference(HTTPHeaderSet, allowedCrossOriginResponseHeaders, (createAllowedCrossOriginResponseHeadersSet().leakPtr()));
return allowedCrossOriginResponseHeaders.contains(name);
}
