Index: third_party/WebKit/Source/platform/loader/fetch/CrossOriginAccessControl.cpp |
diff --git a/third_party/WebKit/Source/platform/loader/fetch/CrossOriginAccessControl.cpp b/third_party/WebKit/Source/platform/loader/fetch/CrossOriginAccessControl.cpp |
index 6fc47feb4560af373b1ee0a72713c7607de3c400..ce1ae247f8d430d8d5955fb404dbd4566f1ae9a2 100644 |
--- a/third_party/WebKit/Source/platform/loader/fetch/CrossOriginAccessControl.cpp |
+++ b/third_party/WebKit/Source/platform/loader/fetch/CrossOriginAccessControl.cpp |
@@ -149,15 +149,11 @@ CrossOriginAccessControl::AccessStatus CrossOriginAccessControl::checkAccess( |
const ResourceResponse& response, |
StoredCredentials includeCredentials, |
const SecurityOrigin* securityOrigin) { |
- DEFINE_THREAD_SAFE_STATIC_LOCAL( |
- AtomicString, allowOriginHeaderName, |
- (new AtomicString("access-control-allow-origin"))); |
- DEFINE_THREAD_SAFE_STATIC_LOCAL( |
- AtomicString, allowCredentialsHeaderName, |
- (new AtomicString("access-control-allow-credentials"))); |
- DEFINE_THREAD_SAFE_STATIC_LOCAL( |
- AtomicString, allowSuboriginHeaderName, |
- (new AtomicString("access-control-allow-suborigin"))); |
+ static const char allowOriginHeaderName[] = "access-control-allow-origin"; |
+ static const char allowCredentialsHeaderName[] = |
+ "access-control-allow-credentials"; |
+ static const char allowSuboriginHeaderName[] = |
+ "access-control-allow-suborigin"; |
int statusCode = response.httpStatusCode(); |
if (!statusCode) |
@@ -177,8 +173,7 @@ CrossOriginAccessControl::AccessStatus CrossOriginAccessControl::checkAccess( |
return kSubOriginMismatch; |
} |
} |
- |
- if (allowOriginHeaderValue == starAtom) { |
+ if (allowOriginHeaderValue == "*") { |
// A wildcard Access-Control-Allow-Origin can not be used if credentials are |
// to be sent, even with Access-Control-Allow-Credentials set to true. |
if (includeCredentials == DoNotAllowStoredCredentials) |