Reviewers: yhirano
CL:
https://codereview.chromium.org/2421093003/Description:
Allow redirects for requests that require preflight.
BUG=580796
Affected files (+2, -14 lines):
M third_party/WebKit/Source/core/loader/DocumentThreadableLoader.h
M third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp
Index: third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp
diff --git a/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp b/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp
index b98a47d5d7b4b8a63946e9f1ee0907c199c44183..848fb5d92eb790f7aacecc0d128142e97567673a 100644
--- a/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp
+++ b/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp
@@ -161,7 +161,6 @@ DocumentThreadableLoader::DocumentThreadableLoader(
m_forceDoNotAllowStoredCredentials(false),
m_securityOrigin(m_resourceLoaderOptions.securityOrigin),
m_sameOriginRequest(false),
- m_crossOriginNonSimpleRequest(false),
m_isUsingDataConsumerHandle(false),
m_async(blockingBehavior == LoadAsynchronously),
m_requestContext(WebURLRequest::RequestContextUnspecified),
@@ -374,7 +373,6 @@ void DocumentThreadableLoader::makeCrossOriginAccessRequest(
}
loadRequest(crossOriginRequest, crossOriginOptions);
} else {
- m_crossOriginNonSimpleRequest = true;
// Do not set the Origin header for preflight requests.
updateRequestForAccessControl(crossOriginRequest, 0,
effectiveAllowCredentials());
@@ -564,16 +562,8 @@ bool DocumentThreadableLoader::redirectReceived(
bool allowRedirect = false;
String accessControlErrorDescription;
- if (m_crossOriginNonSimpleRequest) {
- // Non-simple cross origin requests (both preflight and actual one) are not
- // allowed to follow redirect.
- accessControlErrorDescription =
- "Redirect from '" + redirectResponse.url().getString() + "' to '" +
- request.url().getString() +
- "' has been blocked by CORS policy: Request requires preflight, which "
- "is disallowed to follow cross-origin redirect.";
- } else if (!CrossOriginAccessControl::isLegalRedirectLocation(
- request.url(), accessControlErrorDescription)) {
+ if (!CrossOriginAccessControl::isLegalRedirectLocation(
+ request.url(), accessControlErrorDescription)) {
accessControlErrorDescription =
"Redirect from '" + redirectResponse.url().getString() +
"' has been blocked by CORS policy: " + accessControlErrorDescription;
Index: third_party/WebKit/Source/core/loader/DocumentThreadableLoader.h
diff --git a/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.h b/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.h
index 06b19a11e48677a11f5e8b4f51323479101b944c..91193f737b4e294a5b069ce91a20dd8077052dd1 100644
--- a/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.h
+++ b/third_party/WebKit/Source/core/loader/DocumentThreadableLoader.h
@@ -214,8 +214,6 @@ class CORE_EXPORT DocumentThreadableLoader final : public ThreadableLoader,
// True while the initial URL and all the URLs of the redirects this object
// has followed, if any, are same-origin to getSecurityOrigin().
bool m_sameOriginRequest;
- // Set to true if the current request is cross-origin and not simple.
- bool m_crossOriginNonSimpleRequest;
// Set to true when the response data is given to a data consumer handle.
bool m_isUsingDataConsumerHandle;