bcarrella/cef
1
0
Fork 0
mirror of https://bitbucket.org/chromiumembedded/cef synced 2025-01-11 09:35:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
de41be81b8
cef/libcef/browser/resource_dispatcher_host_delegate.cc
Marshall Greenblatt 6a50db3e49 Support cross-origin XMLHttpRequest loads and redirects for custom standard schemes when enabled via the cross-origin whitelist (issue #950). 
- Call WebSecurityPolicy::registerURLSchemeAsCORSEnabled() for custom standard schemes.
- Explicitly check the cross-origin whitelist in CefResourceDispatcherHostDelegate::OnRequestRedirected() and add the appropriate CORS headers.
- Improve the CefAddCrossOriginWhitelistEntry() documentation to mention the top-level domain requirement for sub-domain matching.

git-svn-id: https://chromiumembedded.googlecode.com/svn/trunk@1235 5089003a-bbd8-11dd-ad1f-f1f9622dbc98
2013-04-18 17:58:23 +00:00

46 lines
1.8 KiB
C++
Raw Blame History

// Copyright (c) 2012 The Chromium Embedded Framework Authors. All rights
// reserved. Use of this source code is governed by a BSD-style license that can
// be found in the LICENSE file.
#include "libcef/browser/resource_dispatcher_host_delegate.h"
#include "libcef/browser/browser_host_impl.h"
#include "libcef/browser/origin_whitelist_impl.h"
#include "content/public/common/resource_response.h"
#include "net/http/http_response_headers.h"
#include "net/url_request/url_request.h"
CefResourceDispatcherHostDelegate::CefResourceDispatcherHostDelegate() {
}
CefResourceDispatcherHostDelegate::~CefResourceDispatcherHostDelegate() {
}
bool CefResourceDispatcherHostDelegate::HandleExternalProtocol(const GURL& url,
int child_id,
int route_id) {
CefRefPtr<CefBrowserHostImpl> browser =
CefBrowserHostImpl::GetBrowserByRoutingID(child_id, route_id);
if (browser.get())
browser->HandleExternalProtocol(url);
return false;
}
void CefResourceDispatcherHostDelegate::OnRequestRedirected(
const GURL& redirect_url,
net::URLRequest* request,
content::ResourceContext* resource_context,
content::ResourceResponse* response) {
const GURL& active_url = request->url();
if (active_url.is_valid() && redirect_url.is_valid() &&
active_url.GetOrigin() != redirect_url.GetOrigin() &&
HasCrossOriginWhitelistEntry(active_url, redirect_url)) {
if (!response->head.headers)
response->head.headers = new net::HttpResponseHeaders(std::string());
// Add CORS headers to support XMLHttpRequest redirects.
response->head.headers->AddHeader("Access-Control-Allow-Origin: " +
active_url.scheme() + "://" + active_url.host());
response->head.headers->AddHeader("Access-Control-Allow-Credentials: true");
}
}
Reference in New Issue View Git Blame Copy Permalink