void XMLHttpRequest::createRequest(ExceptionCode& ec) { // Upload event listeners should be disallowed for simple cross-origin requests, because POSTing to an URL that does not // permit cross origin requests should look exactly like POSTing to an URL that does not respond at all. If a listener exists // when creating the request, it will force preflight. // Also, only async requests support upload progress events. m_uploadEventsAllowed = false; if (m_async) { dispatchLoadStartEvent(); if (m_requestEntityBody && m_upload) { m_uploadEventsAllowed = m_upload->hasListeners(); m_upload->dispatchLoadStartEvent(); } } m_sameOriginRequest = scriptExecutionContext()->securityOrigin()->canRequest(m_url); if (!m_sameOriginRequest) { makeCrossOriginAccessRequest(ec); return; } m_uploadEventsAllowed = true; makeSameOriginRequest(ec); }
void XMLHttpRequest::createRequest(ExceptionCode& ec) { if (m_async) { dispatchLoadStartEvent(); if (m_requestEntityBody && m_upload) m_upload->dispatchLoadStartEvent(); } m_sameOriginRequest = scriptExecutionContext()->securityOrigin()->canRequest(m_url); if (!m_sameOriginRequest) { makeCrossSiteAccessRequest(ec); return; } makeSameOriginRequest(ec); }
void XMLHttpRequest::createRequest(ExceptionCode& ec) { if (m_async) dispatchLoadStartEvent(); //m_sameOriginRequest = m_doc->securityOrigin()->canRequest(m_url); //If we have decided to use the workaround...go ahead by treating it as the same origin request. We expect to use the domain filtering system to cover up //any security issues. EA::WebKit::Parameters& param = EA::WebKit::GetParameters(); if(param.mbEnableCrossDomainScripting) m_sameOriginRequest = true; else m_sameOriginRequest = m_doc->securityOrigin()->canRequest(m_url); if (!m_sameOriginRequest) { makeCrossSiteAccessRequest(ec); return; } makeSameOriginRequest(ec); }