Diff
Modified: trunk/Source/WebCore/ChangeLog (93181 => 93182)
--- trunk/Source/WebCore/ChangeLog 2011-08-17 00:07:24 UTC (rev 93181)
+++ trunk/Source/WebCore/ChangeLog 2011-08-17 00:16:22 UTC (rev 93182)
@@ -1,3 +1,24 @@
+2011-08-16 Per-Erik Brodin <[email protected]>
+
+ Make it possible to explicitly prevent a preflight via ThreadableLoaderOptions
+ https://bugs.webkit.org/show_bug.cgi?id=65694
+
+ Reviewed by Alexey Proskuryakov.
+
+ No new tests since there is no change in behavior.
+
+ * fileapi/FileReaderLoader.cpp:
+ (WebCore::FileReaderLoader::start):
+ * loader/DocumentThreadableLoader.cpp:
+ (WebCore::DocumentThreadableLoader::DocumentThreadableLoader):
+ (WebCore::DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest):
+ * loader/ThreadableLoader.h:
+ (WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions):
+ * notifications/Notification.cpp:
+ (WebCore::Notification::startLoading):
+ * xml/XMLHttpRequest.cpp:
+ (WebCore::XMLHttpRequest::createRequest):
+
2011-08-16 Scott Byer <[email protected]>
Fix spelling error.
Modified: trunk/Source/WebCore/fileapi/FileReaderLoader.cpp (93181 => 93182)
--- trunk/Source/WebCore/fileapi/FileReaderLoader.cpp 2011-08-17 00:07:24 UTC (rev 93181)
+++ trunk/Source/WebCore/fileapi/FileReaderLoader.cpp 2011-08-17 00:16:22 UTC (rev 93182)
@@ -88,7 +88,7 @@
ThreadableLoaderOptions options;
options.sendLoadCallbacks = true;
options.sniffContent = false;
- options.forcePreflight = false;
+ options.preflightPolicy = ConsiderPreflight;
options.allowCredentials = true;
options.crossOriginRequestPolicy = DenyCrossOriginRequests;
Modified: trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp (93181 => 93182)
--- trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp 2011-08-17 00:07:24 UTC (rev 93181)
+++ trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp 2011-08-17 00:16:22 UTC (rev 93182)
@@ -98,7 +98,7 @@
OwnPtr<ResourceRequest> crossOriginRequest = adoptPtr(new ResourceRequest(request));
updateRequestForAccessControl(*crossOriginRequest, securityOrigin(), m_options.allowCredentials);
- if (!m_options.forcePreflight && isSimpleCrossOriginAccessRequest(crossOriginRequest->httpMethod(), crossOriginRequest->httpHeaderFields()))
+ if ((m_options.preflightPolicy == ConsiderPreflight && isSimpleCrossOriginAccessRequest(crossOriginRequest->httpMethod(), crossOriginRequest->httpHeaderFields())) || m_options.preflightPolicy == PreventPreflight)
makeSimpleCrossOriginAccessRequest(*crossOriginRequest);
else {
m_actualRequest = crossOriginRequest.release();
@@ -112,7 +112,8 @@
void DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest(const ResourceRequest& request)
{
- ASSERT(isSimpleCrossOriginAccessRequest(request.httpMethod(), request.httpHeaderFields()));
+ ASSERT(m_options.preflightPolicy != ForcePreflight);
+ ASSERT(m_options.preflightPolicy == PreventPreflight || isSimpleCrossOriginAccessRequest(request.httpMethod(), request.httpHeaderFields()));
// Cross-origin requests are only defined for HTTP. We would catch this when checking response headers later, but there is no reason to send a request that's guaranteed to be denied.
// FIXME: Consider allowing simple CORS requests to non-HTTP URLs.
Modified: trunk/Source/WebCore/loader/ThreadableLoader.h (93181 => 93182)
--- trunk/Source/WebCore/loader/ThreadableLoader.h 2011-08-17 00:07:24 UTC (rev 93181)
+++ trunk/Source/WebCore/loader/ThreadableLoader.h 2011-08-17 00:16:22 UTC (rev 93182)
@@ -55,13 +55,19 @@
UseAccessControl,
AllowCrossOriginRequests
};
-
+
+ enum PreflightPolicy {
+ ConsiderPreflight,
+ ForcePreflight,
+ PreventPreflight
+ };
+
struct ThreadableLoaderOptions {
- ThreadableLoaderOptions() : sendLoadCallbacks(false), sniffContent(false), allowCredentials(false), forcePreflight(false), crossOriginRequestPolicy(DenyCrossOriginRequests), shouldBufferData(true) { }
+ ThreadableLoaderOptions() : sendLoadCallbacks(false), sniffContent(false), allowCredentials(false), preflightPolicy(ConsiderPreflight), crossOriginRequestPolicy(DenyCrossOriginRequests), shouldBufferData(true) { }
bool sendLoadCallbacks;
bool sniffContent;
bool allowCredentials; // Whether HTTP credentials and cookies are sent with the request.
- bool forcePreflight; // If AccessControl is used, whether to force a preflight.
+ PreflightPolicy preflightPolicy; // If AccessControl is used, how to determine if a preflight is needed.
CrossOriginRequestPolicy crossOriginRequestPolicy;
bool shouldBufferData;
RefPtr<SecurityOrigin> securityOrigin;
Modified: trunk/Source/WebCore/notifications/Notification.cpp (93181 => 93182)
--- trunk/Source/WebCore/notifications/Notification.cpp 2011-08-17 00:07:24 UTC (rev 93181)
+++ trunk/Source/WebCore/notifications/Notification.cpp 2011-08-17 00:16:22 UTC (rev 93182)
@@ -168,7 +168,7 @@
ThreadableLoaderOptions options;
options.sendLoadCallbacks = false;
options.sniffContent = false;
- options.forcePreflight = false;
+ options.preflightPolicy = ConsiderPreflight;
options.allowCredentials = AllowStoredCredentials;
options.crossOriginRequestPolicy = AllowCrossOriginRequests;
m_loader = ThreadableLoader::create(scriptExecutionContext(), this, ResourceRequest(iconURL()), options);
Modified: trunk/Source/WebCore/xml/XMLHttpRequest.cpp (93181 => 93182)
--- trunk/Source/WebCore/xml/XMLHttpRequest.cpp 2011-08-17 00:07:24 UTC (rev 93181)
+++ trunk/Source/WebCore/xml/XMLHttpRequest.cpp 2011-08-17 00:16:22 UTC (rev 93182)
@@ -652,7 +652,7 @@
ThreadableLoaderOptions options;
options.sendLoadCallbacks = true;
options.sniffContent = false;
- options.forcePreflight = uploadEvents;
+ options.preflightPolicy = uploadEvents ? ForcePreflight : ConsiderPreflight;
options.allowCredentials = m_sameOriginRequest || m_includeCredentials;
options.crossOriginRequestPolicy = UseAccessControl;
options.securityOrigin = securityOrigin();
Modified: trunk/Source/WebKit/chromium/ChangeLog (93181 => 93182)
--- trunk/Source/WebKit/chromium/ChangeLog 2011-08-17 00:07:24 UTC (rev 93181)
+++ trunk/Source/WebKit/chromium/ChangeLog 2011-08-17 00:16:22 UTC (rev 93182)
@@ -1,3 +1,13 @@
+2011-08-16 Per-Erik Brodin <[email protected]>
+
+ Make it possible to explicitly prevent a preflight via ThreadableLoaderOptions
+ https://bugs.webkit.org/show_bug.cgi?id=65694
+
+ Reviewed by Alexey Proskuryakov.
+
+ * src/AssociatedURLLoader.cpp:
+ (WebKit::AssociatedURLLoader::loadAsynchronously):
+
2011-08-12 John Abd-El-Malek <[email protected]>
[chromium] cleanup after previous webkit change rolled into chrome
Modified: trunk/Source/WebKit/chromium/src/AssociatedURLLoader.cpp (93181 => 93182)
--- trunk/Source/WebKit/chromium/src/AssociatedURLLoader.cpp 2011-08-17 00:07:24 UTC (rev 93181)
+++ trunk/Source/WebKit/chromium/src/AssociatedURLLoader.cpp 2011-08-17 00:16:22 UTC (rev 93182)
@@ -229,7 +229,7 @@
options.sendLoadCallbacks = true; // Always send callbacks.
options.sniffContent = m_options.sniffContent;
options.allowCredentials = m_options.allowCredentials;
- options.forcePreflight = m_options.forcePreflight;
+ options.preflightPolicy = m_options.forcePreflight ? ForcePreflight : ConsiderPreflight;
options.crossOriginRequestPolicy = static_cast<WebCore::CrossOriginRequestPolicy>(m_options.crossOriginRequestPolicy);
options.shouldBufferData = false;
