Support cross-origin XMLHttpRequest loads and redirects for custom standard schemes when enabled via the cross-origin whitelist (issue #950).

- Call WebSecurityPolicy::registerURLSchemeAsCORSEnabled() for custom standard schemes. - Explicitly check the cross-origin whitelist in CefResourceDispatcherHostDelegate::OnRequestRedirected() and add the appropriate CORS headers. - Improve the CefAddCrossOriginWhitelistEntry() documentation to mention the top-level domain requirement for sub-domain matching. git-svn-id: https://chromiumembedded.googlecode.com/svn/trunk@1235 5089003a-bbd8-11dd-ad1f-f1f9622dbc98
2025-06-05 21:39:12 +02:00 · 2013-04-18 17:58:23 +00:00
parent d6a9cea226
commit 6a50db3e49
11 changed files with 726 additions and 66 deletions
--- a/include/cef_origin_whitelist.h
+++ b/include/cef_origin_whitelist.h
@@ -64,10 +64,11 @@
 // |source_origin| URL (like http://www.example.com) will be allowed access to
 // all resources hosted on the specified |target_protocol| and |target_domain|.
 // If |target_domain| is non-empty and |allow_target_subdomains| if false only
-// exact domain matches will be allowed. If |target_domain| is non-empty and
-// |allow_target_subdomains| is true sub-domain matches will be allowed. If
-// |target_domain| is empty and |allow_target_subdomains| if true all domains
-// and IP addresses will be allowed.
+// exact domain matches will be allowed. If |target_domain| contains a top-
+// level domain component (like "example.com") and |allow_target_subdomains| is
+// true sub-domain matches will be allowed. If |target_domain| is empty and
+// |allow_target_subdomains| if true all domains and IP addresses will be
+// allowed.
 //
 // This method cannot be used to bypass the restrictions on local or display
 // isolated schemes. See the comments on CefRegisterCustomScheme for more