diff options
author | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2015-04-17 17:16:23 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2015-04-28 19:29:19 +0000 |
commit | 9cbcd93cfe0ba6f7531574f7784e8978bd723110 (patch) | |
tree | 2f7c926e7f334669b7885ecd219a197bd181de0c /Source/WebCore/page/EventSource.cpp | |
parent | 8ce4aba7d1742f07c01f2786e75ff7a5c8386aa6 (diff) |
Enforce no remote access from local URLs for XHR
Add a specific setting to disable remote access for local URLs and also
enforce that on data-URLs loaded owned by local URLs.
Change-Id: Ied8ec141eb1c28775644fce184a4759a79e1d177
Task-number: QTBUG-45556
Reviewed-by: Dmitry Shachnev <mitya57@gmail.com>
Reviewed-by: Michael BrĂ¼ning <michael.bruning@theqtcompany.com>
Diffstat (limited to 'Source/WebCore/page/EventSource.cpp')
-rw-r--r-- | Source/WebCore/page/EventSource.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Source/WebCore/page/EventSource.cpp b/Source/WebCore/page/EventSource.cpp index 77a8e6f33..d3e6bbc6b 100644 --- a/Source/WebCore/page/EventSource.cpp +++ b/Source/WebCore/page/EventSource.cpp @@ -132,7 +132,7 @@ void EventSource::connect() options.sniffContent = DoNotSniffContent; options.allowCredentials = (origin->canRequest(m_url) || m_withCredentials) ? AllowStoredCredentials : DoNotAllowStoredCredentials; options.preflightPolicy = PreventPreflight; - options.crossOriginRequestPolicy = UseAccessControl; + options.crossOriginRequestPolicy = origin->allowsCrossOriginRequests() ? UseAccessControl : DenyCrossOriginRequests; options.dataBufferingPolicy = DoNotBufferData; options.securityOrigin = origin; |