void DocumentThreadableLoader::makeCrossOriginAccessRequestWithPreflight(const ResourceRequest& request) { ResourceRequest preflightRequest(request.url()); preflightRequest.removeCredentials(); preflightRequest.setHTTPOrigin(m_document->securityOrigin()->toString()); preflightRequest.setAllowCookies(m_options.allowCredentials); preflightRequest.setHTTPMethod("OPTIONS"); preflightRequest.setHTTPHeaderField("Access-Control-Request-Method", request.httpMethod()); const HTTPHeaderMap& requestHeaderFields = request.httpHeaderFields(); if (requestHeaderFields.size() > 0) { Vector<UChar> headerBuffer; HTTPHeaderMap::const_iterator it = requestHeaderFields.begin(); append(headerBuffer, it->first); ++it; HTTPHeaderMap::const_iterator end = requestHeaderFields.end(); for (; it != end; ++it) { headerBuffer.append(','); headerBuffer.append(' '); append(headerBuffer, it->first); } preflightRequest.setHTTPHeaderField("Access-Control-Request-Headers", String::adopt(headerBuffer)); } loadRequest(preflightRequest, DoSecurityCheck); }
ResourceRequest createAccessControlPreflightRequest(const ResourceRequest& request, SecurityOrigin* securityOrigin) { ResourceRequest preflightRequest(request.url()); updateRequestForAccessControl(preflightRequest, securityOrigin, DoNotAllowStoredCredentials); preflightRequest.setHTTPMethod("OPTIONS"); preflightRequest.setHTTPHeaderField("Access-Control-Request-Method", request.httpMethod()); preflightRequest.setPriority(request.priority()); const HTTPHeaderMap& requestHeaderFields = request.httpHeaderFields(); if (requestHeaderFields.size() > 0) { StringBuilder headerBuffer; HTTPHeaderMap::const_iterator it = requestHeaderFields.begin(); headerBuffer.append(it->first); ++it; HTTPHeaderMap::const_iterator end = requestHeaderFields.end(); for (; it != end; ++it) { headerBuffer.append(','); headerBuffer.append(' '); headerBuffer.append(it->first); } preflightRequest.setHTTPHeaderField("Access-Control-Request-Headers", headerBuffer.toString().lower()); } return preflightRequest; }
void XMLHttpRequest::makeCrossSiteAccessRequestWithPreflight(ExceptionCode& ec) { String origin = accessControlOrigin(); KURL url = m_url; url.setUser(String()); url.setPass(String()); m_inPreflight = true; ResourceRequest preflightRequest(url); preflightRequest.setHTTPMethod("OPTIONS"); preflightRequest.setHTTPHeaderField("Access-Control-Origin", origin); if (m_async) { loadRequestAsynchronously(preflightRequest); return; } loadRequestSynchronously(preflightRequest, ec); m_inPreflight = false; // Send the actual request. ResourceRequest request(url); request.setHTTPMethod(m_method); request.setHTTPHeaderField("Access-Control-Origin", origin); if (m_crossSiteRequestHeaders.size() > 0) request.addHTTPHeaderFields(m_crossSiteRequestHeaders); if (m_requestEntityBody) { ASSERT(m_method != "GET"); request.setHTTPBody(m_requestEntityBody.release()); } loadRequestSynchronously(request, ec); }
ResourceRequest createAccessControlPreflightRequest(const ResourceRequest& request, SecurityOrigin* securityOrigin) { ResourceRequest preflightRequest(request.url()); updateRequestForAccessControl(preflightRequest, securityOrigin, DoNotAllowStoredCredentials); preflightRequest.setHTTPMethod("OPTIONS"); preflightRequest.setHTTPHeaderField(HTTPHeaderName::AccessControlRequestMethod, request.httpMethod()); preflightRequest.setPriority(request.priority()); const HTTPHeaderMap& requestHeaderFields = request.httpHeaderFields(); if (!requestHeaderFields.isEmpty()) { StringBuilder headerBuffer; bool appendComma = false; for (const auto& headerField : requestHeaderFields) { if (appendComma) headerBuffer.appendLiteral(", "); else appendComma = true; headerBuffer.append(headerField.key); } preflightRequest.setHTTPHeaderField(HTTPHeaderName::AccessControlRequestHeaders, headerBuffer.toString().lower()); } return preflightRequest; }
ResourceRequest createAccessControlPreflightRequest(const ResourceRequest& request, SecurityOrigin* securityOrigin) { ResourceRequest preflightRequest(request.url()); updateRequestForAccessControl(preflightRequest, securityOrigin, DoNotAllowStoredCredentials); preflightRequest.setHTTPMethod("OPTIONS"); preflightRequest.setHTTPHeaderField("Access-Control-Request-Method", request.httpMethod()); preflightRequest.setPriority(request.priority()); preflightRequest.setRequestContext(request.requestContext()); preflightRequest.setSkipServiceWorker(true); const HTTPHeaderMap& requestHeaderFields = request.httpHeaderFields(); if (requestHeaderFields.size() > 0) { // Sort header names lexicographically: https://crbug.com/452391 // Fetch API Spec: // https://fetch.spec.whatwg.org/#cors-preflight-fetch-0 Vector<String> headers; for (const auto& header : requestHeaderFields) { if (equalIgnoringCase(header.key, "referer")) { // When the request is from a Worker, referrer header was added // by WorkerThreadableLoader. But it should not be added to // Access-Control-Request-Headers header. continue; } headers.append(header.key.lower()); } std::sort(headers.begin(), headers.end(), WTF::codePointCompareLessThan); StringBuilder headerBuffer; for (const String& header : headers) { if (!headerBuffer.isEmpty()) headerBuffer.appendLiteral(", "); headerBuffer.append(header); } preflightRequest.setHTTPHeaderField("Access-Control-Request-Headers", AtomicString(headerBuffer.toString())); } return preflightRequest; }
void XMLHttpRequest::makeCrossSiteAccessRequestWithPreflight(ExceptionCode& ec) { String origin = scriptExecutionContext()->securityOrigin()->toString(); KURL url = m_url; url.setUser(String()); url.setPass(String()); if (!PreflightResultCache::shared().canSkipPreflight(origin, url, m_includeCredentials, m_method, m_requestHeaders)) { m_inPreflight = true; ResourceRequest preflightRequest(url); preflightRequest.setHTTPMethod("OPTIONS"); preflightRequest.setHTTPHeaderField("Origin", origin); preflightRequest.setHTTPHeaderField("Access-Control-Request-Method", m_method); if (m_requestHeaders.size() > 0) { Vector<UChar> headerBuffer; HTTPHeaderMap::const_iterator it = m_requestHeaders.begin(); append(headerBuffer, it->first); ++it; HTTPHeaderMap::const_iterator end = m_requestHeaders.end(); for (; it != end; ++it) { headerBuffer.append(','); headerBuffer.append(' '); append(headerBuffer, it->first); } preflightRequest.setHTTPHeaderField("Access-Control-Request-Headers", String::adopt(headerBuffer)); preflightRequest.addHTTPHeaderFields(m_requestHeaders); } if (m_async) { loadRequestAsynchronously(preflightRequest); return; } loadRequestSynchronously(preflightRequest, ec); m_inPreflight = false; if (ec) return; } // Send the actual request. ResourceRequest request(url); request.setHTTPMethod(m_method); request.setAllowHTTPCookies(m_includeCredentials); request.setHTTPHeaderField("Origin", origin); if (m_requestHeaders.size() > 0) request.addHTTPHeaderFields(m_requestHeaders); if (m_requestEntityBody) { ASSERT(m_method != "GET"); request.setHTTPBody(m_requestEntityBody.release()); } if (m_async) { loadRequestAsynchronously(request); return; } loadRequestSynchronously(request, ec); }