[webkit-reviews] review granted: [Bug 20792] Add origin header to POST requests : [Attachment 23646] Updated patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Sep 23 17:14:40 PDT 2008
Sam Weinig <sam at webkit.org> has granted Adam Barth <abarth at webkit.org>'s
request for review:
Bug 20792: Add origin header to POST requests
https://bugs.webkit.org/show_bug.cgi?id=20792
Attachment 23646: Updated patch
https://bugs.webkit.org/attachment.cgi?id=23646&action=edit
------- Additional Comments from Sam Weinig <sam at webkit.org>
+ // Don't send an Origin header for GET or HEAD to avoid privacy
issues.
This comment could use a little more information. What privacy issues future
me may wonder?
- request.setHTTPHeaderField("Origin", accessControlOrigin());
+ request.setHTTPHeaderField("Origin",
m_doc->securityOrigin()->toHTTPOrigin());
This can use request .setHTTPOrigin().
- request.setHTTPHeaderField("Origin", accessControlOrigin());
+ request.setHTTPHeaderField("Origin",
m_doc->securityOrigin()->toHTTPOrigin());
As can this.
This doesn't break sending the origin for XHR does it?
Otherwise, awesome! I think one other person should review these changes as
well, as I am far from an authority on FrameLoader. Brady, Anders, Darin, or
Maciej?
More information about the webkit-reviews
mailing list