void XMLHttpRequest::makeCrossSiteAccessRequest(ExceptionCode& ec) { ASSERT(!m_sameOriginRequest); if (isSimpleCrossSiteAccessRequest()) makeSimpleCrossSiteAccessRequest(ec); else makeCrossSiteAccessRequestWithPreflight(ec); }
void XMLHttpRequest::makeCrossSiteAccessRequest(ExceptionCode& ec) { ASSERT(!m_sameOriginRequest); bool privilegedScript = m_doc->securityOrigin()->canLoadLocalResources(); HTTPHeaderMap::const_iterator end = m_requestHeaders.end(); for (HTTPHeaderMap::const_iterator it = m_requestHeaders.begin(); it != end; ++it) { // A privileged script (e.g. a Dashboard widget) can send any headers. if (!privilegedScript && isOnAccessControllRequestHeaderBlackList(it->first)) { if (m_doc && m_doc->frame()) m_doc->frame()->domWindow()->console()->addMessage(JSMessageSource, ErrorMessageLevel, "Refused to send header \"" + it->first + "\" cross-domain.", 1, String()); continue; } m_crossSiteRequestHeaders.add(it->first, it->second); } if (isSimpleCrossSiteAccessRequest()) makeSimpleCrossSiteAccessRequest(ec); else makeCrossSiteAccessRequestWithPreflight(ec); }