[Webkit-unassigned] [Bug 82202] Make XHR POST and PUT Content-Length sending behavior explicit on XHR level
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Mar 27 04:12:10 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=82202
--- Comment #3 from Dominik Röttsches <dominik.rottsches at linux.intel.com> 2012-03-27 04:12:10 PST ---
Thanks, Alexey. The architectural problem I am facing here is that any header manipulation inside XHR code that is relevant for CORS is detected by the security checks that are invoked downstream of
http://trac.webkit.org/browser/trunk/Source/WebCore/xml/XMLHttpRequest.cpp#L728 (ThreadableLoader::create, then CrossOriginPreflightResultCacheItem::allowsCrossOriginHeaders)
So, in my current understanding, we would either need some kind of dangerous and ugly circumvention, like
ThreadableLoaderOptions options.crossOriginRequestPolicy = UseAccessControlButAllowMeToSetContentLength;
or go back to the initial approach and intercept empty and non-zero POST/PUT requests below the CORS/DocumentThreadable loader level on the ResourceRequest or the specific libsoup backend level. (The other HTTP backends seem to behave correctly already.)
Maybe I miss something - so other suggestions are very welcome. Otherwise at this point I would say, let's fix it at the libsoup level. What do you think, Dan, Alexey?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list