void XMLHttpRequest::createRequest(ExceptionCode& ec) { if (m_async) { dispatchLoadStartEvent(); if (m_requestEntityBody && m_upload) m_upload->dispatchLoadStartEvent(); } m_sameOriginRequest = scriptExecutionContext()->securityOrigin()->canRequest(m_url); if (!m_sameOriginRequest) { makeCrossSiteAccessRequest(ec); return; } makeSameOriginRequest(ec); }
void XMLHttpRequest::createRequest(ExceptionCode& ec) { if (m_async) dispatchLoadStartEvent(); //m_sameOriginRequest = m_doc->securityOrigin()->canRequest(m_url); //If we have decided to use the workaround...go ahead by treating it as the same origin request. We expect to use the domain filtering system to cover up //any security issues. EA::WebKit::Parameters& param = EA::WebKit::GetParameters(); if(param.mbEnableCrossDomainScripting) m_sameOriginRequest = true; else m_sameOriginRequest = m_doc->securityOrigin()->canRequest(m_url); if (!m_sameOriginRequest) { makeCrossSiteAccessRequest(ec); return; } makeSameOriginRequest(ec); }