1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
// Copyright 2018 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef THIRD_PARTY_BLINK_RENDERER_PLATFORM_LOADER_CORS_CORS_H_
#define THIRD_PARTY_BLINK_RENDERER_PLATFORM_LOADER_CORS_CORS_H_
#include "base/optional.h"
#include "services/network/public/mojom/cors.mojom-shared.h"
#include "services/network/public/mojom/fetch_api.mojom-shared.h"
#include "third_party/blink/renderer/platform/platform_export.h"
#include "third_party/blink/renderer/platform/wtf/text/wtf_string.h"
namespace blink {
class HTTPHeaderMap;
class KURL;
class SecurityOrigin;
// CORS related utility functions.
namespace CORS {
// Thin wrapper functions below are for calling ::network::cors functions from
// Blink core. Once Out-of-renderer CORS is enabled, following functions will
// be removed.
PLATFORM_EXPORT base::Optional<network::mojom::CORSError> CheckAccess(
const KURL&,
const int response_status_code,
const HTTPHeaderMap&,
network::mojom::FetchCredentialsMode,
const SecurityOrigin&);
PLATFORM_EXPORT base::Optional<network::mojom::CORSError> CheckPreflightAccess(
const KURL&,
const int response_status_code,
const HTTPHeaderMap&,
network::mojom::FetchCredentialsMode,
const SecurityOrigin&);
PLATFORM_EXPORT base::Optional<network::mojom::CORSError> CheckRedirectLocation(
const KURL&);
PLATFORM_EXPORT base::Optional<network::mojom::CORSError> CheckPreflight(
const int preflight_response_status_code);
PLATFORM_EXPORT base::Optional<network::mojom::CORSError>
CheckExternalPreflight(const HTTPHeaderMap&);
PLATFORM_EXPORT bool IsCORSEnabledRequestMode(network::mojom::FetchRequestMode);
PLATFORM_EXPORT bool EnsurePreflightResultAndCacheOnSuccess(
const HTTPHeaderMap& response_header_map,
const String& origin,
const KURL& request_url,
const String& request_method,
const HTTPHeaderMap& request_header_map,
network::mojom::FetchCredentialsMode request_credentials_mode,
String* error_description);
PLATFORM_EXPORT bool CheckIfRequestCanSkipPreflight(
const String& origin,
const KURL&,
network::mojom::FetchCredentialsMode,
const String& method,
const HTTPHeaderMap& request_header_map);
// Thin wrapper functions that will not be removed even after out-of-renderer
// CORS is enabled.
PLATFORM_EXPORT bool IsCORSSafelistedMethod(const String& method);
PLATFORM_EXPORT bool IsCORSSafelistedContentType(const String&);
PLATFORM_EXPORT bool IsCORSSafelistedHeader(const String& name,
const String& value);
PLATFORM_EXPORT bool IsForbiddenHeaderName(const String& name);
PLATFORM_EXPORT bool ContainsOnlyCORSSafelistedHeaders(const HTTPHeaderMap&);
PLATFORM_EXPORT bool ContainsOnlyCORSSafelistedOrForbiddenHeaders(
const HTTPHeaderMap&);
PLATFORM_EXPORT bool IsOkStatus(int status);
} // namespace CORS
} // namespace blink
#endif // THIRD_PARTY_BLINK_RENDERER_PLATFORM_LOADER_CORS_CORS_H_
|