bool PreflightResultCacheItem::allowsCrossSiteHeaders(const HTTPHeaderMap& requestHeaders) const { HTTPHeaderMap::const_iterator end = requestHeaders.end(); for (HTTPHeaderMap::const_iterator it = requestHeaders.begin(); it != end; ++it) { if (!m_headers.contains(it->first) && !isOnAccessControlSimpleRequestHeaderWhitelist(it->first)) return false; } return true; }
bool CrossOriginPreflightResultCacheItem::allowsCrossOriginHeaders(const HTTPHeaderMap& requestHeaders, String& errorDescription) const { HTTPHeaderMap::const_iterator end = requestHeaders.end(); for (HTTPHeaderMap::const_iterator it = requestHeaders.begin(); it != end; ++it) { if (!m_headers.contains(it->first) && !isOnAccessControlSimpleRequestHeaderWhitelist(it->first, it->second)) { errorDescription = "Request header field " + it->first.string() + " is not allowed by Access-Control-Allow-Headers."; return false; } } return true; }
bool isSimpleCrossOriginAccessRequest(const String& method, const HTTPHeaderMap& headerMap) { if (!isOnAccessControlSimpleRequestMethodWhitelist(method)) return false; for (const auto& header : headerMap) { if (!header.keyAsHTTPHeaderName || !isOnAccessControlSimpleRequestHeaderWhitelist(header.keyAsHTTPHeaderName.value(), header.value)) return false; } return true; }
bool isSimpleCrossOriginAccessRequest(const String& method, const HTTPHeaderMap& headerMap) { if (!isOnAccessControlSimpleRequestMethodWhitelist(method)) return false; HTTPHeaderMap::const_iterator end = headerMap.end(); for (HTTPHeaderMap::const_iterator it = headerMap.begin(); it != end; ++it) { if (!isOnAccessControlSimpleRequestHeaderWhitelist(it->first, it->second)) return false; } return true; }
bool XMLHttpRequest::isSimpleCrossSiteAccessRequest() const { if (m_method != "GET") return false; HTTPHeaderMap::const_iterator end = m_crossSiteRequestHeaders.end(); for (HTTPHeaderMap::const_iterator it = m_crossSiteRequestHeaders.begin(); it != end; ++it) { if (!isOnAccessControlSimpleRequestHeaderWhitelist(it->first)) return false; } return true; }
static bool canSkipPrelight(PreflightResultCache::iterator cacheIt, bool includeCredentials, const String& method, const HTTPHeaderMap& requestHeaders) { PreflightResultCacheItem* item = cacheIt->second; if (item->m_absoluteExpiryTime < currentTime()) return false; if (includeCredentials && !item->m_credentials) return false; if (!item->m_methods->contains(method) && method != "GET" && method != "POST") return false; HTTPHeaderMap::const_iterator end = requestHeaders.end(); for (HTTPHeaderMap::const_iterator it = requestHeaders.begin(); it != end; ++it) { if (!item->m_headers->contains(it->first) && !isOnAccessControlSimpleRequestHeaderWhitelist(it->first)) return false; } return true; }