void XMLHttpRequest::makeCrossSiteAccessRequest(ExceptionCode& ec) { ASSERT(!m_sameOriginRequest); if (isSimpleCrossSiteAccessRequest()) makeSimpleCrossSiteAccessRequest(ec); else makeCrossSiteAccessRequestWithPreflight(ec); }
void XMLHttpRequest::makeSimpleCrossSiteAccessRequest(ExceptionCode& ec) { ASSERT(isSimpleCrossSiteAccessRequest()); KURL url = m_url; url.setUser(String()); url.setPass(String()); ResourceRequest request(url); request.setHTTPMethod(m_method); request.setHTTPHeaderField("Access-Control-Origin", accessControlOrigin()); if (m_crossSiteRequestHeaders.size() > 0) request.addHTTPHeaderFields(m_crossSiteRequestHeaders); if (m_async) loadRequestAsynchronously(request); else loadRequestSynchronously(request, ec); }
void XMLHttpRequest::makeSimpleCrossSiteAccessRequest(ExceptionCode& ec) { ASSERT(isSimpleCrossSiteAccessRequest()); KURL url = m_url; url.setUser(String()); url.setPass(String()); ResourceRequest request(url); request.setHTTPMethod(m_method); request.setAllowHTTPCookies(m_includeCredentials); request.setHTTPOrigin(scriptExecutionContext()->securityOrigin()->toString()); if (m_requestHeaders.size() > 0) request.addHTTPHeaderFields(m_requestHeaders); if (m_async) loadRequestAsynchronously(request); else loadRequestSynchronously(request, ec); }
void XMLHttpRequest::makeCrossSiteAccessRequest(ExceptionCode& ec) { ASSERT(!m_sameOriginRequest); bool privilegedScript = m_doc->securityOrigin()->canLoadLocalResources(); HTTPHeaderMap::const_iterator end = m_requestHeaders.end(); for (HTTPHeaderMap::const_iterator it = m_requestHeaders.begin(); it != end; ++it) { // A privileged script (e.g. a Dashboard widget) can send any headers. if (!privilegedScript && isOnAccessControllRequestHeaderBlackList(it->first)) { if (m_doc && m_doc->frame()) m_doc->frame()->domWindow()->console()->addMessage(JSMessageSource, ErrorMessageLevel, "Refused to send header \"" + it->first + "\" cross-domain.", 1, String()); continue; } m_crossSiteRequestHeaders.add(it->first, it->second); } if (isSimpleCrossSiteAccessRequest()) makeSimpleCrossSiteAccessRequest(ec); else makeCrossSiteAccessRequestWithPreflight(ec); }