diff options
| author | dzhioev <dzhioev@chromium.org> | 2014-10-10 11:55:45 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2014-10-10 18:56:49 +0000 |
| commit | fd3b257aacfddcd11c925bbea203417dbab9f6be (patch) | |
| tree | 2c1d218b2df1b3b1ab7e4aedb94fc17ffaa734c7 /content/browser/webui/url_data_manager_backend.cc | |
| parent | 736a62993161df9af63f2f183b9a9ea3d5dd14a6 (diff) | |
| download | chromium_src-fd3b257aacfddcd11c925bbea203417dbab9f6be.zip chromium_src-fd3b257aacfddcd11c925bbea203417dbab9f6be.tar.gz chromium_src-fd3b257aacfddcd11c925bbea203417dbab9f6be.tar.bz2 | |
URLDataSource can specify the value for 'Access-Control-Allow-Origin' response header based on 'Origin' request header.
SharedResourcesDataSource allows access for all 'chrome://*' origins.
BUG=418199
Review URL: https://codereview.chromium.org/613733002
Cr-Commit-Position: refs/heads/master@{#299153}
Diffstat (limited to 'content/browser/webui/url_data_manager_backend.cc')
| -rw-r--r-- | content/browser/webui/url_data_manager_backend.cc | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/content/browser/webui/url_data_manager_backend.cc b/content/browser/webui/url_data_manager_backend.cc index 182e9e7..8c21673c 100644 --- a/content/browser/webui/url_data_manager_backend.cc +++ b/content/browser/webui/url_data_manager_backend.cc @@ -90,6 +90,19 @@ void URLToRequestPath(const GURL& url, std::string* path) { path->assign(spec.substr(offset)); } +// Returns a value of 'Origin:' header for the |request| if the header is set. +// Otherwise returns an empty string. +std::string GetOriginHeaderValue(const net::URLRequest* request) { + std::string result; + if (request->extra_request_headers().GetHeader( + net::HttpRequestHeaders::kOrigin, &result)) + return result; + net::HttpRequestHeaders headers; + if (request->GetFullRequestHeaders(&headers)) + headers.GetHeader(net::HttpRequestHeaders::kOrigin, &result); + return result; +} + } // namespace // URLRequestChromeJob is a net::URLRequestJob that manages running @@ -152,6 +165,10 @@ class URLRequestChromeJob : public net::URLRequestJob, send_content_type_header_ = send_content_type_header; } + void set_access_control_allow_origin(const std::string& value) { + access_control_allow_origin_ = value; + } + // Returns true when job was generated from an incognito profile. bool is_incognito() const { return is_incognito_; @@ -202,6 +219,10 @@ class URLRequestChromeJob : public net::URLRequestJob, // If true, sets the "Content-Type: <mime-type>" header. bool send_content_type_header_; + // If not empty, "Access-Control-Allow-Origin:" is set to the value of this + // string. + std::string access_control_allow_origin_; + // True when job is generated from an incognito profile. const bool is_incognito_; @@ -293,6 +314,12 @@ void URLRequestChromeJob::GetResponseInfo(net::HttpResponseInfo* info) { mime_type_.c_str()); info->headers->AddHeader(content_type); } + + if (!access_control_allow_origin_.empty()) { + info->headers->AddHeader("Access-Control-Allow-Origin: " + + access_control_allow_origin_); + info->headers->AddHeader("Vary: Origin"); + } } void URLRequestChromeJob::MimeTypeAvailable(const std::string& mime_type) { @@ -578,6 +605,15 @@ bool URLDataManagerBackend::StartRequest(const net::URLRequest* request, job->set_send_content_type_header( source->source()->ShouldServeMimeTypeAsContentTypeHeader()); + std::string origin = GetOriginHeaderValue(request); + if (!origin.empty()) { + std::string header = + source->source()->GetAccessControlAllowOriginForOrigin(origin); + DCHECK(header.empty() || header == origin || header == "*" || + header == "null"); + job->set_access_control_allow_origin(header); + } + // Look up additional request info to pass down. int render_process_id = -1; int render_frame_id = -1; |