diff options
Diffstat (limited to 'chromium/third_party/blink/renderer/platform/loader/cors/cors_error_string.cc')
-rw-r--r-- | chromium/third_party/blink/renderer/platform/loader/cors/cors_error_string.cc | 90 |
1 files changed, 73 insertions, 17 deletions
diff --git a/chromium/third_party/blink/renderer/platform/loader/cors/cors_error_string.cc b/chromium/third_party/blink/renderer/platform/loader/cors/cors_error_string.cc index e0d653ff462..03a485a9552 100644 --- a/chromium/third_party/blink/renderer/platform/loader/cors/cors_error_string.cc +++ b/chromium/third_party/blink/renderer/platform/loader/cors/cors_error_string.cc @@ -37,15 +37,25 @@ ErrorParameter CreateWrongParameter(network::mojom::CORSError error) { // static ErrorParameter ErrorParameter::Create( - const network::mojom::CORSError error, + const network::CORSErrorStatus& error_status, const KURL& first_url, const KURL& second_url, const int status_code, const HTTPHeaderMap& header_map, const SecurityOrigin& origin, const WebURLRequest::RequestContext context) { - return ErrorParameter(error, first_url, second_url, status_code, header_map, - origin, context, String(), false); + String hint; + switch (error_status.cors_error) { + case network::mojom::CORSError::kMethodDisallowedByPreflightResponse: + case network::mojom::CORSError::kHeaderDisallowedByPreflightResponse: + DCHECK(!error_status.failed_parameter.empty()); + hint = String(error_status.failed_parameter.c_str()); + break; + default: + break; + } + return ErrorParameter(error_status.cors_error, first_url, second_url, + status_code, header_map, origin, context, hint, false); } // static @@ -84,7 +94,13 @@ ErrorParameter ErrorParameter::CreateForAccessCheck( case network::mojom::CORSError::kMultipleAllowOriginValues: case network::mojom::CORSError::kInvalidAllowOriginValue: case network::mojom::CORSError::kAllowOriginMismatch: - case network::mojom::CORSError::kDisallowCredentialsNotSetToTrue: + case network::mojom::CORSError::kInvalidAllowCredentials: + case network::mojom::CORSError::kPreflightWildcardOriginNotAllowed: + case network::mojom::CORSError::kPreflightMissingAllowOriginHeader: + case network::mojom::CORSError::kPreflightMultipleAllowOriginValues: + case network::mojom::CORSError::kPreflightInvalidAllowOriginValue: + case network::mojom::CORSError::kPreflightAllowOriginMismatch: + case network::mojom::CORSError::kPreflightInvalidAllowCredentials: return ErrorParameter(error, request_url, redirect_url, response_status_code, response_header_map, origin, context, String(), false); @@ -105,6 +121,14 @@ ErrorParameter ErrorParameter::CreateForPreflightStatusCheck( } // static +ErrorParameter ErrorParameter::CreateForDisallowedRedirect() { + return ErrorParameter( + network::mojom::CORSError::kPreflightDisallowedRedirect, GetInvalidURL(), + GetInvalidURL(), 0, HTTPHeaderMap(), *SecurityOrigin::CreateUnique(), + WebURLRequest::kRequestContextUnspecified, String(), false); +} + +// static ErrorParameter ErrorParameter::CreateForExternalPreflightCheck( const network::mojom::CORSError error, const HTTPHeaderMap& response_header_map) { @@ -182,6 +206,8 @@ String GetErrorString(const ErrorParameter& param) { " Have the server send the header with a valid value, or, if an opaque " "response serves your needs, set the request's mode to 'no-cors' to " "fetch the resource with CORS disabled."; + static const char kPreflightInformation[] = + "Response to preflight request doesn't pass access control check: "; if (param.unknown) return String::Format("CORS error, code %d", static_cast<int>(param.error)); @@ -205,21 +231,31 @@ String GetErrorString(const ErrorParameter& param) { "%sInvalid response. Origin '%s' is therefore not allowed access.", redirect_denied.Utf8().data(), param.origin.ToString().Utf8().data()); case network::mojom::CORSError::kWildcardOriginNotAllowed: + case network::mojom::CORSError::kPreflightWildcardOriginNotAllowed: return String::Format( - "%sThe value of the 'Access-Control-Allow-Origin' header in the " + "%s%sThe value of the 'Access-Control-Allow-Origin' header in the " "response must not be the wildcard '*' when the request's " "credentials mode is 'include'. Origin '%s' is therefore not allowed " "access.%s", + param.error == + network::mojom::CORSError::kPreflightWildcardOriginNotAllowed + ? kPreflightInformation + : "", redirect_denied.Utf8().data(), param.origin.ToString().Utf8().data(), param.context == WebURLRequest::kRequestContextXMLHttpRequest ? " The credentials mode of requests initiated by the " "XMLHttpRequest is controlled by the withCredentials attribute." : ""); case network::mojom::CORSError::kMissingAllowOriginHeader: + case network::mojom::CORSError::kPreflightMissingAllowOriginHeader: return String::Format( - "%sNo 'Access-Control-Allow-Origin' header is present on the " + "%s%sNo 'Access-Control-Allow-Origin' header is present on the " "requested resource. Origin '%s' is therefore not allowed access." "%s%s", + param.error == + network::mojom::CORSError::kPreflightMissingAllowOriginHeader + ? kPreflightInformation + : "", redirect_denied.Utf8().data(), param.origin.ToString().Utf8().data(), IsInterestingStatusCode(param.status_code) ? String::Format(" The response had HTTP status code %d.", @@ -232,10 +268,15 @@ String GetErrorString(const ErrorParameter& param) { "mode to 'no-cors' to fetch the resource with CORS disabled." : ""); case network::mojom::CORSError::kMultipleAllowOriginValues: + case network::mojom::CORSError::kPreflightMultipleAllowOriginValues: return String::Format( - "%sThe 'Access-Control-Allow-Origin' header contains multiple values " - "'%s', but only one is allowed. Origin '%s' is therefore not allowed " - "access.%s", + "%s%sThe 'Access-Control-Allow-Origin' header contains multiple " + "values '%s', but only one is allowed. Origin '%s' is therefore not " + "allowed access.%s", + param.error == + network::mojom::CORSError::kPreflightMultipleAllowOriginValues + ? kPreflightInformation + : "", redirect_denied.Utf8().data(), param.header_map.Get(HTTPNames::Access_Control_Allow_Origin) .Utf8() @@ -245,9 +286,14 @@ String GetErrorString(const ErrorParameter& param) { ? kNoCorsInformation : ""); case network::mojom::CORSError::kInvalidAllowOriginValue: + case network::mojom::CORSError::kPreflightInvalidAllowOriginValue: return String::Format( - "%sThe 'Access-Control-Allow-Origin' header contains the invalid " + "%s%sThe 'Access-Control-Allow-Origin' header contains the invalid " "value '%s'. Origin '%s' is therefore not allowed access.%s", + param.error == + network::mojom::CORSError::kPreflightInvalidAllowOriginValue + ? kPreflightInformation + : "", redirect_denied.Utf8().data(), param.header_map.Get(HTTPNames::Access_Control_Allow_Origin) .Utf8() @@ -257,10 +303,15 @@ String GetErrorString(const ErrorParameter& param) { ? kNoCorsInformation : ""); case network::mojom::CORSError::kAllowOriginMismatch: + case network::mojom::CORSError::kPreflightAllowOriginMismatch: return String::Format( - "%sThe 'Access-Control-Allow-Origin' header has a value '%s' that is " - "not equal to the supplied origin. Origin '%s' is therefore not " + "%s%sThe 'Access-Control-Allow-Origin' header has a value '%s' that " + "is not equal to the supplied origin. Origin '%s' is therefore not " "allowed access.%s", + param.error == + network::mojom::CORSError::kPreflightAllowOriginMismatch + ? kPreflightInformation + : "", redirect_denied.Utf8().data(), param.header_map.Get(HTTPNames::Access_Control_Allow_Origin) .Utf8() @@ -269,12 +320,17 @@ String GetErrorString(const ErrorParameter& param) { param.context == WebURLRequest::kRequestContextFetch ? kNoCorsInformation : ""); - case network::mojom::CORSError::kDisallowCredentialsNotSetToTrue: + case network::mojom::CORSError::kInvalidAllowCredentials: + case network::mojom::CORSError::kPreflightInvalidAllowCredentials: return String::Format( - "%sThe value of the 'Access-Control-Allow-Credentials' header in " + "%s%sThe value of the 'Access-Control-Allow-Credentials' header in " "the response is '%s' which must be 'true' when the request's " "credentials mode is 'include'. Origin '%s' is therefore not allowed " "access.%s", + param.error == + network::mojom::CORSError::kPreflightInvalidAllowCredentials + ? kPreflightInformation + : "", redirect_denied.Utf8().data(), param.header_map.Get(HTTPNames::Access_Control_Allow_Credentials) .Utf8() @@ -286,9 +342,9 @@ String GetErrorString(const ErrorParameter& param) { "attribute." : "")); case network::mojom::CORSError::kPreflightInvalidStatus: - return String::Format( - "Response for preflight has invalid HTTP status code %d.", - param.status_code); + return String("Response for preflight does not have HTTP ok status."); + case network::mojom::CORSError::kPreflightDisallowedRedirect: + return String("Response for preflight is invalid (redirect)"); case network::mojom::CORSError::kPreflightMissingAllowExternal: return String( "No 'Access-Control-Allow-External' header was present in the " |