third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp - Issue 2419063002: Mention withCredentials attribute in the error message about CORS check failure

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp

Issue 2419063002: Mention withCredentials attribute in the error message about CORS check failure (Closed)

Patch Set: Addressed #8 Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp

diff --git a/third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp b/third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp

index dcdc7344bcdf6dee0a0a0df4b2f4a72df88623f8..de8d59fc7845c27316fa47d99ba8a907eda8a074 100644

--- a/third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp

+++ b/third_party/WebKit/Source/core/fetch/CrossOriginAccessControl.cpp

@@ -191,14 +191,15 @@ bool passesAccessControlCheck(const ResourceResponse& response,

return true;

if (response.isHTTP()) {

errorDescription = buildAccessControlFailureMessage(

- "A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' "

- "header when the credentials flag is true.",

+ "The value of the 'Access-Control-Allow-Origin' header in the "

+ "response must not be the wildcard '*' when the request's "

+ "credentials mode is 'include'.",

securityOrigin);

if (context == WebURLRequest::RequestContextXMLHttpRequest) {

errorDescription.append(

- " The credentials mode of an XMLHttpRequest is controlled by the "

- "withCredentials attribute.");

+ " The credentials mode of requests initiated by the "

+ "XMLHttpRequest is controlled by the withCredentials attribute.");

}

return false;

@@ -260,11 +261,19 @@ bool passesAccessControlCheck(const ResourceResponse& response,

response.httpHeaderField(allowCredentialsHeaderName);

if (allowCredentialsHeaderValue != "true") {

errorDescription = buildAccessControlFailureMessage(

- "Credentials flag is 'true', but the "

- "'Access-Control-Allow-Credentials' header is '" +

+ "The value of the 'Access-Control-Allow-Credentials' header in "

+ "the response is '" +

allowCredentialsHeaderValue +

- "'. It must be 'true' to allow credentials.",

+ "' which must "

+ "be 'true' when the request's credentials mode is 'include'.",

securityOrigin);

+ if (context == WebURLRequest::RequestContextXMLHttpRequest) {

+ errorDescription.append(

+ " The credentials mode of requests initiated by the "

+ "XMLHttpRequest is controlled by the withCredentials attribute.");

+ }

return false;

}

« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/request-from-popup-expected.txt ('k') | no next file » | no next file with comments »