| Index: third_party/WebKit/Source/platform/loader/fetch/CrossOriginAccessControl.cpp
|
| diff --git a/third_party/WebKit/Source/platform/loader/fetch/CrossOriginAccessControl.cpp b/third_party/WebKit/Source/platform/loader/fetch/CrossOriginAccessControl.cpp
|
| index 6fc47feb4560af373b1ee0a72713c7607de3c400..ce1ae247f8d430d8d5955fb404dbd4566f1ae9a2 100644
|
| --- a/third_party/WebKit/Source/platform/loader/fetch/CrossOriginAccessControl.cpp
|
| +++ b/third_party/WebKit/Source/platform/loader/fetch/CrossOriginAccessControl.cpp
|
| @@ -149,15 +149,11 @@ CrossOriginAccessControl::AccessStatus CrossOriginAccessControl::checkAccess(
|
| const ResourceResponse& response,
|
| StoredCredentials includeCredentials,
|
| const SecurityOrigin* securityOrigin) {
|
| - DEFINE_THREAD_SAFE_STATIC_LOCAL(
|
| - AtomicString, allowOriginHeaderName,
|
| - (new AtomicString("access-control-allow-origin")));
|
| - DEFINE_THREAD_SAFE_STATIC_LOCAL(
|
| - AtomicString, allowCredentialsHeaderName,
|
| - (new AtomicString("access-control-allow-credentials")));
|
| - DEFINE_THREAD_SAFE_STATIC_LOCAL(
|
| - AtomicString, allowSuboriginHeaderName,
|
| - (new AtomicString("access-control-allow-suborigin")));
|
| + static const char allowOriginHeaderName[] = "access-control-allow-origin";
|
| + static const char allowCredentialsHeaderName[] =
|
| + "access-control-allow-credentials";
|
| + static const char allowSuboriginHeaderName[] =
|
| + "access-control-allow-suborigin";
|
|
|
| int statusCode = response.httpStatusCode();
|
| if (!statusCode)
|
| @@ -177,8 +173,7 @@ CrossOriginAccessControl::AccessStatus CrossOriginAccessControl::checkAccess(
|
| return kSubOriginMismatch;
|
| }
|
| }
|
| -
|
| - if (allowOriginHeaderValue == starAtom) {
|
| + if (allowOriginHeaderValue == "*") {
|
| // A wildcard Access-Control-Allow-Origin can not be used if credentials are
|
| // to be sent, even with Access-Control-Allow-Credentials set to true.
|
| if (includeCredentials == DoNotAllowStoredCredentials)
|
|
|
Chromium Code Reviews
Issue 2701753003:
[WIP] off-main-thread loading
