Skip to content
Find file Blame History Permalink
  • ap@webkit.org's avatar
    Reviewed by Sam Weinig. · 6d3b92ef
    ap@webkit.org authored 
            https://bugs.webkit.org/show_bug.cgi?id=24614
        Access control checks are different in cached and uncached cases

        Test: http/tests/xmlhttprequest/access-control-basic-non-simple-deny-cached.html

        * loader/CrossOriginAccessControl.cpp:
        (WebCore::isOnAccessControlSimpleRequestMethodWhitelist): Factored out simple method
        check for use in both cached and uncached cases. In cached case, an old definition that
        omitted HEAD was still used.
        (WebCore::isOnAccessControlSimpleRequestHeaderWhitelist): Check that content type has an
        allowed value. This is needed in all call sites. Also changed to compare MIME type, not
        content type.
        (WebCore::isSimpleCrossOriginAccessRequest): Use the above methods.

        * loader/CrossOriginAccessControl.h: Expose isOnAccessControlSimpleRequestMethodWhitelist.

        * loader/CrossOriginPreflightResultCache.cpp:
        (WebCore::CrossOriginPreflightResultCacheItem::allowsCrossOriginMethod):
        (WebCore::CrossOriginPreflightResultCacheItem::allowsCrossOriginHeaders):
        Use the new checks for simple method and header.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@41759 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    6d3b92ef