void XMLHttpRequest::createRequest(ExceptionCode& ec)
{
// Upload event listeners should be disallowed for simple cross-origin requests, because POSTing to an URL that does not
// permit cross origin requests should look exactly like POSTing to an URL that does not respond at all. If a listener exists
// when creating the request, it will force preflight.
// Also, only async requests support upload progress events.
m_uploadEventsAllowed = false;
if (m_async) {
dispatchLoadStartEvent();
if (m_requestEntityBody && m_upload) {
m_uploadEventsAllowed = m_upload->hasListeners();
m_upload->dispatchLoadStartEvent();
}
}
m_sameOriginRequest = scriptExecutionContext()->securityOrigin()->canRequest(m_url);
if (!m_sameOriginRequest) {
makeCrossOriginAccessRequest(ec);
return;
}
m_uploadEventsAllowed = true;
makeSameOriginRequest(ec);
}
void XMLHttpRequest::createRequest(ExceptionCode& ec)
{
if (m_async) {
dispatchLoadStartEvent();
if (m_requestEntityBody && m_upload)
m_upload->dispatchLoadStartEvent();
}
m_sameOriginRequest = scriptExecutionContext()->securityOrigin()->canRequest(m_url);
if (!m_sameOriginRequest) {
makeCrossSiteAccessRequest(ec);
return;
}
makeSameOriginRequest(ec);
}
void XMLHttpRequest::createRequest(ExceptionCode& ec)
{
if (m_async)
dispatchLoadStartEvent();
//m_sameOriginRequest = m_doc->securityOrigin()->canRequest(m_url);
//If we have decided to use the workaround...go ahead by treating it as the same origin request. We expect to use the domain filtering system to cover up
//any security issues.
EA::WebKit::Parameters& param = EA::WebKit::GetParameters();
if(param.mbEnableCrossDomainScripting)
m_sameOriginRequest = true;
else
m_sameOriginRequest = m_doc->securityOrigin()->canRequest(m_url);
if (!m_sameOriginRequest) {
makeCrossSiteAccessRequest(ec);
return;
}
makeSameOriginRequest(ec);
}
