summaryrefslogtreecommitdiffstats
path: root/Source/WebCore/loader/CrossOriginAccessControl.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'Source/WebCore/loader/CrossOriginAccessControl.cpp')
-rw-r--r--Source/WebCore/loader/CrossOriginAccessControl.cpp5
1 files changed, 5 insertions, 0 deletions
diff --git a/Source/WebCore/loader/CrossOriginAccessControl.cpp b/Source/WebCore/loader/CrossOriginAccessControl.cpp
index 7b50dab0c..7d011906e 100644
--- a/Source/WebCore/loader/CrossOriginAccessControl.cpp
+++ b/Source/WebCore/loader/CrossOriginAccessControl.cpp
@@ -138,6 +138,11 @@ bool passesAccessControlCheck(const ResourceResponse& response, StoredCredential
AtomicallyInitializedStatic(AtomicString&, accessControlAllowOrigin = *new AtomicString("access-control-allow-origin", AtomicString::ConstructFromLiteral));
AtomicallyInitializedStatic(AtomicString&, accessControlAllowCredentials = *new AtomicString("access-control-allow-credentials", AtomicString::ConstructFromLiteral));
+ if (!securityOrigin->allowsCrossOriginRequests()) {
+ errorDescription = "Cannot make any cross origin requests from " + securityOrigin->toString() + ".";
+ return false;
+ }
+
// A wildcard Access-Control-Allow-Origin can not be used if credentials are to be sent,
// even with Access-Control-Allow-Credentials set to true.
const String& accessControlOriginString = response.httpHeaderField(accessControlAllowOrigin);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-14 23:53:03 +0000