void XMLHttpRequest::makeCrossSiteAccessRequestWithPreflight(ExceptionCode& ec)
{
String origin = accessControlOrigin();
KURL url = m_url;
url.setUser(String());
url.setPass(String());
m_inPreflight = true;
ResourceRequest preflightRequest(url);
preflightRequest.setHTTPMethod("OPTIONS");
preflightRequest.setHTTPHeaderField("Access-Control-Origin", origin);
if (m_async) {
loadRequestAsynchronously(preflightRequest);
return;
}
loadRequestSynchronously(preflightRequest, ec);
m_inPreflight = false;
// Send the actual request.
ResourceRequest request(url);
request.setHTTPMethod(m_method);
request.setHTTPHeaderField("Access-Control-Origin", origin);
if (m_crossSiteRequestHeaders.size() > 0)
request.addHTTPHeaderFields(m_crossSiteRequestHeaders);
if (m_requestEntityBody) {
ASSERT(m_method != "GET");
request.setHTTPBody(m_requestEntityBody.release());
}
loadRequestSynchronously(request, ec);
}
void XMLHttpRequest::makeSimpleCrossOriginAccessRequest(ExceptionCode& ec)
{
ASSERT(isSimpleCrossOriginAccessRequest(m_method, m_requestHeaders));
// Cross-origin requests are only defined for HTTP. We would catch this when checking response headers later, but there is no reason to send a request that's guaranteed to be denied.
if (!m_url.protocolInHTTPFamily()) {
ec = XMLHttpRequestException::NETWORK_ERR;
networkError();
return;
}
KURL url = m_url;
url.setUser(String());
url.setPass(String());
ResourceRequest request(url);
request.setHTTPMethod(m_method);
request.setAllowHTTPCookies(m_includeCredentials);
request.setHTTPOrigin(scriptExecutionContext()->securityOrigin()->toString());
if (m_requestHeaders.size() > 0)
request.addHTTPHeaderFields(m_requestHeaders);
if (m_requestEntityBody) {
ASSERT(m_method != "GET");
ASSERT(m_method != "HEAD");
request.setHTTPBody(m_requestEntityBody.release());
}
if (m_async)
loadRequestAsynchronously(request);
else
loadRequestSynchronously(request, ec);
}
void XMLHttpRequest::makeSimpleCrossSiteAccessRequest(ExceptionCode& ec)
{
ASSERT(isSimpleCrossSiteAccessRequest());
KURL url = m_url;
url.setUser(String());
url.setPass(String());
ResourceRequest request(url);
request.setHTTPMethod(m_method);
request.setHTTPHeaderField("Access-Control-Origin", accessControlOrigin());
if (m_crossSiteRequestHeaders.size() > 0)
request.addHTTPHeaderFields(m_crossSiteRequestHeaders);
if (m_async)
loadRequestAsynchronously(request);
else
loadRequestSynchronously(request, ec);
}
void XMLHttpRequest::makeSameOriginRequest(ExceptionCode& ec)
{
ASSERT(m_sameOriginRequest);
ResourceRequest request(m_url);
request.setHTTPMethod(m_method);
if (m_requestEntityBody) {
ASSERT(m_method != "GET");
request.setHTTPBody(m_requestEntityBody.release());
}
if (m_requestHeaders.size() > 0)
request.addHTTPHeaderFields(m_requestHeaders);
if (m_async)
loadRequestAsynchronously(request);
else
loadRequestSynchronously(request, ec);
}
void XMLHttpRequest::makeSimpleCrossSiteAccessRequest(ExceptionCode& ec)
{
ASSERT(isSimpleCrossSiteAccessRequest());
KURL url = m_url;
url.setUser(String());
url.setPass(String());
ResourceRequest request(url);
request.setHTTPMethod(m_method);
request.setAllowHTTPCookies(m_includeCredentials);
request.setHTTPOrigin(scriptExecutionContext()->securityOrigin()->toString());
if (m_requestHeaders.size() > 0)
request.addHTTPHeaderFields(m_requestHeaders);
if (m_async)
loadRequestAsynchronously(request);
else
loadRequestSynchronously(request, ec);
}
void XMLHttpRequest::makeCrossSiteAccessRequestWithPreflight(ExceptionCode& ec)
{
String origin = scriptExecutionContext()->securityOrigin()->toString();
KURL url = m_url;
url.setUser(String());
url.setPass(String());
if (!PreflightResultCache::shared().canSkipPreflight(origin, url, m_includeCredentials, m_method, m_requestHeaders)) {
m_inPreflight = true;
ResourceRequest preflightRequest(url);
preflightRequest.setHTTPMethod("OPTIONS");
preflightRequest.setHTTPHeaderField("Origin", origin);
preflightRequest.setHTTPHeaderField("Access-Control-Request-Method", m_method);
if (m_requestHeaders.size() > 0) {
Vector<UChar> headerBuffer;
HTTPHeaderMap::const_iterator it = m_requestHeaders.begin();
append(headerBuffer, it->first);
++it;
HTTPHeaderMap::const_iterator end = m_requestHeaders.end();
for (; it != end; ++it) {
headerBuffer.append(',');
headerBuffer.append(' ');
append(headerBuffer, it->first);
}
preflightRequest.setHTTPHeaderField("Access-Control-Request-Headers", String::adopt(headerBuffer));
preflightRequest.addHTTPHeaderFields(m_requestHeaders);
}
if (m_async) {
loadRequestAsynchronously(preflightRequest);
return;
}
loadRequestSynchronously(preflightRequest, ec);
m_inPreflight = false;
if (ec)
return;
}
// Send the actual request.
ResourceRequest request(url);
request.setHTTPMethod(m_method);
request.setAllowHTTPCookies(m_includeCredentials);
request.setHTTPHeaderField("Origin", origin);
if (m_requestHeaders.size() > 0)
request.addHTTPHeaderFields(m_requestHeaders);
if (m_requestEntityBody) {
ASSERT(m_method != "GET");
request.setHTTPBody(m_requestEntityBody.release());
}
if (m_async) {
loadRequestAsynchronously(request);
return;
}
loadRequestSynchronously(request, ec);
}