| Index: Source/core/xml/XMLHttpRequest.cpp
|
| diff --git a/Source/core/xml/XMLHttpRequest.cpp b/Source/core/xml/XMLHttpRequest.cpp
|
| index f61ccecb5197a0b09cc824fd4449325aec40d271..c77db1eb9b40b1ab062a3238c3dde738398bbc41 100644
|
| --- a/Source/core/xml/XMLHttpRequest.cpp
|
| +++ b/Source/core/xml/XMLHttpRequest.cpp
|
| @@ -462,12 +462,13 @@ void XMLHttpRequest::open(const String& method, const KURL& url, bool async, Exc
|
| }
|
|
|
| if (!isAllowedHTTPMethod(method)) {
|
| - es.throwDOMException(SecurityError, ExceptionMessages::failedToExecute("open", "XMLHttpRequest", "'" + method + "' HTTP method is unsupported."));
|
| + es.throwSecurityError(ExceptionMessages::failedToExecute("open", "XMLHttpRequest", "'" + method + "' HTTP method is unsupported."));
|
| return;
|
| }
|
|
|
| if (!ContentSecurityPolicy::shouldBypassMainWorld(scriptExecutionContext()) && !scriptExecutionContext()->contentSecurityPolicy()->allowConnectToSource(url)) {
|
| - es.throwDOMException(SecurityError, "Refused to connect to '" + url.elidedString() + "' because it violates the document's Content Security Policy.");
|
| + // We can safely expose the URL to JavaScript, as these checks happen synchronously before redirection. JavaScript receives no new information.
|
| + es.throwSecurityError("Refused to connect to '" + url.elidedString() + "' because it violates the document's Content Security Policy.");
|
| return;
|
| }
|
|
|
|
|
Chromium Code Reviews
Issue 23283009:
Convert SecurityError exceptions to 'es.throwSecurityError()'. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk