summaryrefslogtreecommitdiff
path: root/chromium/third_party/blink/renderer/platform/loader/cors/cors_error_string.cc
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/third_party/blink/renderer/platform/loader/cors/cors_error_string.cc')
-rw-r--r--chromium/third_party/blink/renderer/platform/loader/cors/cors_error_string.cc90
1 files changed, 73 insertions, 17 deletions
diff --git a/chromium/third_party/blink/renderer/platform/loader/cors/cors_error_string.cc b/chromium/third_party/blink/renderer/platform/loader/cors/cors_error_string.cc
index e0d653ff462..03a485a9552 100644
--- a/chromium/third_party/blink/renderer/platform/loader/cors/cors_error_string.cc
+++ b/chromium/third_party/blink/renderer/platform/loader/cors/cors_error_string.cc
@@ -37,15 +37,25 @@ ErrorParameter CreateWrongParameter(network::mojom::CORSError error) {
// static
ErrorParameter ErrorParameter::Create(
- const network::mojom::CORSError error,
+ const network::CORSErrorStatus& error_status,
const KURL& first_url,
const KURL& second_url,
const int status_code,
const HTTPHeaderMap& header_map,
const SecurityOrigin& origin,
const WebURLRequest::RequestContext context) {
- return ErrorParameter(error, first_url, second_url, status_code, header_map,
- origin, context, String(), false);
+ String hint;
+ switch (error_status.cors_error) {
+ case network::mojom::CORSError::kMethodDisallowedByPreflightResponse:
+ case network::mojom::CORSError::kHeaderDisallowedByPreflightResponse:
+ DCHECK(!error_status.failed_parameter.empty());
+ hint = String(error_status.failed_parameter.c_str());
+ break;
+ default:
+ break;
+ }
+ return ErrorParameter(error_status.cors_error, first_url, second_url,
+ status_code, header_map, origin, context, hint, false);
}
// static
@@ -84,7 +94,13 @@ ErrorParameter ErrorParameter::CreateForAccessCheck(
case network::mojom::CORSError::kMultipleAllowOriginValues:
case network::mojom::CORSError::kInvalidAllowOriginValue:
case network::mojom::CORSError::kAllowOriginMismatch:
- case network::mojom::CORSError::kDisallowCredentialsNotSetToTrue:
+ case network::mojom::CORSError::kInvalidAllowCredentials:
+ case network::mojom::CORSError::kPreflightWildcardOriginNotAllowed:
+ case network::mojom::CORSError::kPreflightMissingAllowOriginHeader:
+ case network::mojom::CORSError::kPreflightMultipleAllowOriginValues:
+ case network::mojom::CORSError::kPreflightInvalidAllowOriginValue:
+ case network::mojom::CORSError::kPreflightAllowOriginMismatch:
+ case network::mojom::CORSError::kPreflightInvalidAllowCredentials:
return ErrorParameter(error, request_url, redirect_url,
response_status_code, response_header_map, origin,
context, String(), false);
@@ -105,6 +121,14 @@ ErrorParameter ErrorParameter::CreateForPreflightStatusCheck(
}
// static
+ErrorParameter ErrorParameter::CreateForDisallowedRedirect() {
+ return ErrorParameter(
+ network::mojom::CORSError::kPreflightDisallowedRedirect, GetInvalidURL(),
+ GetInvalidURL(), 0, HTTPHeaderMap(), *SecurityOrigin::CreateUnique(),
+ WebURLRequest::kRequestContextUnspecified, String(), false);
+}
+
+// static
ErrorParameter ErrorParameter::CreateForExternalPreflightCheck(
const network::mojom::CORSError error,
const HTTPHeaderMap& response_header_map) {
@@ -182,6 +206,8 @@ String GetErrorString(const ErrorParameter& param) {
" Have the server send the header with a valid value, or, if an opaque "
"response serves your needs, set the request's mode to 'no-cors' to "
"fetch the resource with CORS disabled.";
+ static const char kPreflightInformation[] =
+ "Response to preflight request doesn't pass access control check: ";
if (param.unknown)
return String::Format("CORS error, code %d", static_cast<int>(param.error));
@@ -205,21 +231,31 @@ String GetErrorString(const ErrorParameter& param) {
"%sInvalid response. Origin '%s' is therefore not allowed access.",
redirect_denied.Utf8().data(), param.origin.ToString().Utf8().data());
case network::mojom::CORSError::kWildcardOriginNotAllowed:
+ case network::mojom::CORSError::kPreflightWildcardOriginNotAllowed:
return String::Format(
- "%sThe value of the 'Access-Control-Allow-Origin' header in the "
+ "%s%sThe value of the 'Access-Control-Allow-Origin' header in the "
"response must not be the wildcard '*' when the request's "
"credentials mode is 'include'. Origin '%s' is therefore not allowed "
"access.%s",
+ param.error ==
+ network::mojom::CORSError::kPreflightWildcardOriginNotAllowed
+ ? kPreflightInformation
+ : "",
redirect_denied.Utf8().data(), param.origin.ToString().Utf8().data(),
param.context == WebURLRequest::kRequestContextXMLHttpRequest
? " The credentials mode of requests initiated by the "
"XMLHttpRequest is controlled by the withCredentials attribute."
: "");
case network::mojom::CORSError::kMissingAllowOriginHeader:
+ case network::mojom::CORSError::kPreflightMissingAllowOriginHeader:
return String::Format(
- "%sNo 'Access-Control-Allow-Origin' header is present on the "
+ "%s%sNo 'Access-Control-Allow-Origin' header is present on the "
"requested resource. Origin '%s' is therefore not allowed access."
"%s%s",
+ param.error ==
+ network::mojom::CORSError::kPreflightMissingAllowOriginHeader
+ ? kPreflightInformation
+ : "",
redirect_denied.Utf8().data(), param.origin.ToString().Utf8().data(),
IsInterestingStatusCode(param.status_code)
? String::Format(" The response had HTTP status code %d.",
@@ -232,10 +268,15 @@ String GetErrorString(const ErrorParameter& param) {
"mode to 'no-cors' to fetch the resource with CORS disabled."
: "");
case network::mojom::CORSError::kMultipleAllowOriginValues:
+ case network::mojom::CORSError::kPreflightMultipleAllowOriginValues:
return String::Format(
- "%sThe 'Access-Control-Allow-Origin' header contains multiple values "
- "'%s', but only one is allowed. Origin '%s' is therefore not allowed "
- "access.%s",
+ "%s%sThe 'Access-Control-Allow-Origin' header contains multiple "
+ "values '%s', but only one is allowed. Origin '%s' is therefore not "
+ "allowed access.%s",
+ param.error ==
+ network::mojom::CORSError::kPreflightMultipleAllowOriginValues
+ ? kPreflightInformation
+ : "",
redirect_denied.Utf8().data(),
param.header_map.Get(HTTPNames::Access_Control_Allow_Origin)
.Utf8()
@@ -245,9 +286,14 @@ String GetErrorString(const ErrorParameter& param) {
? kNoCorsInformation
: "");
case network::mojom::CORSError::kInvalidAllowOriginValue:
+ case network::mojom::CORSError::kPreflightInvalidAllowOriginValue:
return String::Format(
- "%sThe 'Access-Control-Allow-Origin' header contains the invalid "
+ "%s%sThe 'Access-Control-Allow-Origin' header contains the invalid "
"value '%s'. Origin '%s' is therefore not allowed access.%s",
+ param.error ==
+ network::mojom::CORSError::kPreflightInvalidAllowOriginValue
+ ? kPreflightInformation
+ : "",
redirect_denied.Utf8().data(),
param.header_map.Get(HTTPNames::Access_Control_Allow_Origin)
.Utf8()
@@ -257,10 +303,15 @@ String GetErrorString(const ErrorParameter& param) {
? kNoCorsInformation
: "");
case network::mojom::CORSError::kAllowOriginMismatch:
+ case network::mojom::CORSError::kPreflightAllowOriginMismatch:
return String::Format(
- "%sThe 'Access-Control-Allow-Origin' header has a value '%s' that is "
- "not equal to the supplied origin. Origin '%s' is therefore not "
+ "%s%sThe 'Access-Control-Allow-Origin' header has a value '%s' that "
+ "is not equal to the supplied origin. Origin '%s' is therefore not "
"allowed access.%s",
+ param.error ==
+ network::mojom::CORSError::kPreflightAllowOriginMismatch
+ ? kPreflightInformation
+ : "",
redirect_denied.Utf8().data(),
param.header_map.Get(HTTPNames::Access_Control_Allow_Origin)
.Utf8()
@@ -269,12 +320,17 @@ String GetErrorString(const ErrorParameter& param) {
param.context == WebURLRequest::kRequestContextFetch
? kNoCorsInformation
: "");
- case network::mojom::CORSError::kDisallowCredentialsNotSetToTrue:
+ case network::mojom::CORSError::kInvalidAllowCredentials:
+ case network::mojom::CORSError::kPreflightInvalidAllowCredentials:
return String::Format(
- "%sThe value of the 'Access-Control-Allow-Credentials' header in "
+ "%s%sThe value of the 'Access-Control-Allow-Credentials' header in "
"the response is '%s' which must be 'true' when the request's "
"credentials mode is 'include'. Origin '%s' is therefore not allowed "
"access.%s",
+ param.error ==
+ network::mojom::CORSError::kPreflightInvalidAllowCredentials
+ ? kPreflightInformation
+ : "",
redirect_denied.Utf8().data(),
param.header_map.Get(HTTPNames::Access_Control_Allow_Credentials)
.Utf8()
@@ -286,9 +342,9 @@ String GetErrorString(const ErrorParameter& param) {
"attribute."
: ""));
case network::mojom::CORSError::kPreflightInvalidStatus:
- return String::Format(
- "Response for preflight has invalid HTTP status code %d.",
- param.status_code);
+ return String("Response for preflight does not have HTTP ok status.");
+ case network::mojom::CORSError::kPreflightDisallowedRedirect:
+ return String("Response for preflight is invalid (redirect)");
case network::mojom::CORSError::kPreflightMissingAllowExternal:
return String(
"No 'Access-Control-Allow-External' header was present in the "
View Lorry Controller Status