void DocumentThreadableLoader::makeCrossOriginAccessRequestWithPreflight(const ResourceRequest& request)
{
ResourceRequest preflightRequest(request.url());
preflightRequest.removeCredentials();
preflightRequest.setHTTPOrigin(m_document->securityOrigin()->toString());
preflightRequest.setAllowCookies(m_options.allowCredentials);
preflightRequest.setHTTPMethod("OPTIONS");
preflightRequest.setHTTPHeaderField("Access-Control-Request-Method", request.httpMethod());
const HTTPHeaderMap& requestHeaderFields = request.httpHeaderFields();
if (requestHeaderFields.size() > 0) {
Vector<UChar> headerBuffer;
HTTPHeaderMap::const_iterator it = requestHeaderFields.begin();
append(headerBuffer, it->first);
++it;
HTTPHeaderMap::const_iterator end = requestHeaderFields.end();
for (; it != end; ++it) {
headerBuffer.append(',');
headerBuffer.append(' ');
append(headerBuffer, it->first);
}
preflightRequest.setHTTPHeaderField("Access-Control-Request-Headers", String::adopt(headerBuffer));
}
loadRequest(preflightRequest, DoSecurityCheck);
}
ResourceRequest createAccessControlPreflightRequest(const ResourceRequest& request, SecurityOrigin* securityOrigin)
{
ResourceRequest preflightRequest(request.url());
updateRequestForAccessControl(preflightRequest, securityOrigin, DoNotAllowStoredCredentials);
preflightRequest.setHTTPMethod("OPTIONS");
preflightRequest.setHTTPHeaderField("Access-Control-Request-Method", request.httpMethod());
preflightRequest.setPriority(request.priority());
const HTTPHeaderMap& requestHeaderFields = request.httpHeaderFields();
if (requestHeaderFields.size() > 0) {
StringBuilder headerBuffer;
HTTPHeaderMap::const_iterator it = requestHeaderFields.begin();
headerBuffer.append(it->first);
++it;
HTTPHeaderMap::const_iterator end = requestHeaderFields.end();
for (; it != end; ++it) {
headerBuffer.append(',');
headerBuffer.append(' ');
headerBuffer.append(it->first);
}
preflightRequest.setHTTPHeaderField("Access-Control-Request-Headers", headerBuffer.toString().lower());
}
return preflightRequest;
}
void XMLHttpRequest::makeCrossSiteAccessRequestWithPreflight(ExceptionCode& ec)
{
String origin = accessControlOrigin();
KURL url = m_url;
url.setUser(String());
url.setPass(String());
m_inPreflight = true;
ResourceRequest preflightRequest(url);
preflightRequest.setHTTPMethod("OPTIONS");
preflightRequest.setHTTPHeaderField("Access-Control-Origin", origin);
if (m_async) {
loadRequestAsynchronously(preflightRequest);
return;
}
loadRequestSynchronously(preflightRequest, ec);
m_inPreflight = false;
// Send the actual request.
ResourceRequest request(url);
request.setHTTPMethod(m_method);
request.setHTTPHeaderField("Access-Control-Origin", origin);
if (m_crossSiteRequestHeaders.size() > 0)
request.addHTTPHeaderFields(m_crossSiteRequestHeaders);
if (m_requestEntityBody) {
ASSERT(m_method != "GET");
request.setHTTPBody(m_requestEntityBody.release());
}
loadRequestSynchronously(request, ec);
}
ResourceRequest createAccessControlPreflightRequest(const ResourceRequest& request, SecurityOrigin* securityOrigin)
{
ResourceRequest preflightRequest(request.url());
updateRequestForAccessControl(preflightRequest, securityOrigin, DoNotAllowStoredCredentials);
preflightRequest.setHTTPMethod("OPTIONS");
preflightRequest.setHTTPHeaderField(HTTPHeaderName::AccessControlRequestMethod, request.httpMethod());
preflightRequest.setPriority(request.priority());
const HTTPHeaderMap& requestHeaderFields = request.httpHeaderFields();
if (!requestHeaderFields.isEmpty()) {
StringBuilder headerBuffer;
bool appendComma = false;
for (const auto& headerField : requestHeaderFields) {
if (appendComma)
headerBuffer.appendLiteral(", ");
else
appendComma = true;
headerBuffer.append(headerField.key);
}
preflightRequest.setHTTPHeaderField(HTTPHeaderName::AccessControlRequestHeaders, headerBuffer.toString().lower());
}
return preflightRequest;
}
ResourceRequest createAccessControlPreflightRequest(const ResourceRequest& request, SecurityOrigin* securityOrigin)
{
ResourceRequest preflightRequest(request.url());
updateRequestForAccessControl(preflightRequest, securityOrigin, DoNotAllowStoredCredentials);
preflightRequest.setHTTPMethod("OPTIONS");
preflightRequest.setHTTPHeaderField("Access-Control-Request-Method", request.httpMethod());
preflightRequest.setPriority(request.priority());
preflightRequest.setRequestContext(request.requestContext());
preflightRequest.setSkipServiceWorker(true);
const HTTPHeaderMap& requestHeaderFields = request.httpHeaderFields();
if (requestHeaderFields.size() > 0) {
// Sort header names lexicographically: https://crbug.com/452391
// Fetch API Spec:
// https://fetch.spec.whatwg.org/#cors-preflight-fetch-0
Vector<String> headers;
for (const auto& header : requestHeaderFields) {
if (equalIgnoringCase(header.key, "referer")) {
// When the request is from a Worker, referrer header was added
// by WorkerThreadableLoader. But it should not be added to
// Access-Control-Request-Headers header.
continue;
}
headers.append(header.key.lower());
}
std::sort(headers.begin(), headers.end(), WTF::codePointCompareLessThan);
StringBuilder headerBuffer;
for (const String& header : headers) {
if (!headerBuffer.isEmpty())
headerBuffer.appendLiteral(", ");
headerBuffer.append(header);
}
preflightRequest.setHTTPHeaderField("Access-Control-Request-Headers", AtomicString(headerBuffer.toString()));
}
return preflightRequest;
}
void XMLHttpRequest::makeCrossSiteAccessRequestWithPreflight(ExceptionCode& ec)
{
String origin = scriptExecutionContext()->securityOrigin()->toString();
KURL url = m_url;
url.setUser(String());
url.setPass(String());
if (!PreflightResultCache::shared().canSkipPreflight(origin, url, m_includeCredentials, m_method, m_requestHeaders)) {
m_inPreflight = true;
ResourceRequest preflightRequest(url);
preflightRequest.setHTTPMethod("OPTIONS");
preflightRequest.setHTTPHeaderField("Origin", origin);
preflightRequest.setHTTPHeaderField("Access-Control-Request-Method", m_method);
if (m_requestHeaders.size() > 0) {
Vector<UChar> headerBuffer;
HTTPHeaderMap::const_iterator it = m_requestHeaders.begin();
append(headerBuffer, it->first);
++it;
HTTPHeaderMap::const_iterator end = m_requestHeaders.end();
for (; it != end; ++it) {
headerBuffer.append(',');
headerBuffer.append(' ');
append(headerBuffer, it->first);
}
preflightRequest.setHTTPHeaderField("Access-Control-Request-Headers", String::adopt(headerBuffer));
preflightRequest.addHTTPHeaderFields(m_requestHeaders);
}
if (m_async) {
loadRequestAsynchronously(preflightRequest);
return;
}
loadRequestSynchronously(preflightRequest, ec);
m_inPreflight = false;
if (ec)
return;
}
// Send the actual request.
ResourceRequest request(url);
request.setHTTPMethod(m_method);
request.setAllowHTTPCookies(m_includeCredentials);
request.setHTTPHeaderField("Origin", origin);
if (m_requestHeaders.size() > 0)
request.addHTTPHeaderFields(m_requestHeaders);
if (m_requestEntityBody) {
ASSERT(m_method != "GET");
request.setHTTPBody(m_requestEntityBody.release());
}
if (m_async) {
loadRequestAsynchronously(request);
return;
}
loadRequestSynchronously(request, ec);
}
