couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject [1/3] git commit: add some source comments
Date Mon, 12 Nov 2012 17:54:35 GMT 
Updated Branches:
  refs/heads/431-feature_cors 7b65cfb3d -> 164214567


add some source comments


Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/403932b0
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/403932b0
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/403932b0

Branch: refs/heads/431-feature_cors
Commit: 403932b0086fcdb4b89167391760001493fa133c
Parents: 7b65cfb
Author: Jan Lehnardt <jan@apache.org>
Authored: Mon Nov 12 18:30:34 2012 +0100
Committer: Jan Lehnardt <jan@apache.org>
Committed: Mon Nov 12 18:54:35 2012 +0100

----------------------------------------------------------------------
 src/couchdb/couch_httpd_cors.erl |   35 +++++++++++++++++++++++++++++++++
 1 files changed, 35 insertions(+), 0 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb/blob/403932b0/src/couchdb/couch_httpd_cors.erl
----------------------------------------------------------------------
diff --git a/src/couchdb/couch_httpd_cors.erl b/src/couchdb/couch_httpd_cors.erl
index 053adf0..d524038 100644
--- a/src/couchdb/couch_httpd_cors.erl
+++ b/src/couchdb/couch_httpd_cors.erl
@@ -35,6 +35,8 @@
 
 %% is_preflight_request/1
 
+% http://www.w3.org/TR/cors/#resource-preflight-requests
+
 is_preflight_request(#httpd{method=Method}=Req) when Method /= 'OPTIONS' ->
     Req;
 is_preflight_request(Req) ->
@@ -57,6 +59,9 @@ preflight_request(MochiReq) ->
     preflight_request(MochiReq, Origin).
 
 preflight_request(MochiReq, undefined) ->
+    % If the Origin header is not present terminate this set of
+    % steps. The request is outside the scope of this specification.
+    % http://www.w3.org/TR/cors/#resource-preflight-requests
     MochiReq;
 preflight_request(MochiReq, Origin) ->
     Host = couch_httpd_vhost:host(MochiReq),
@@ -70,12 +75,24 @@ preflight_request(MochiReq, Origin) ->
 
     case AcceptAll of
     true ->
+        % Always matching is acceptable since the list of
+        % origins can be unbounded.
+        % http://www.w3.org/TR/cors/#resource-preflight-requests
         HandlerFun();
     false ->
         case lists:member(Origin, AcceptedOrigins) of
+        % The Origin header can only contain a single origin as
+        % the user agent will not follow redirects.
+        % http://www.w3.org/TR/cors/#resource-preflight-requests
+        % TODO: Square against multi origin thinger in Security Considerations
         true ->
             HandlerFun();
         false ->
+            % If the value of the Origin header is not a
+            % case-sensitive match for any of the values
+            % in list of origins do not set any additional
+            % headers and terminate this set of steps.
+            % http://www.w3.org/TR/cors/#resource-preflight-requests
             false
         end
     end.
@@ -103,6 +120,11 @@ handle_preflight_request(Origin, Host, MochiReq) ->
 
     case MochiReq:get_header_value("Access-Control-Request-Method") of
     undefined ->
+        % If there is no Access-Control-Request-Method header
+        % or if parsing failed, do not set any additional headers
+        % and terminate this set of steps. The request is outside
+        % the scope of this specification.
+        % http://www.w3.org/TR/cors/#resource-preflight-requests
         {ok, PreflightHeaders0};
     Method ->
         case lists:member(Method, SupportedMethods) of
@@ -131,6 +153,10 @@ handle_preflight_request(Origin, Host, MochiReq) ->
                 false
             end;
         false ->
+        % If method is not a case-sensitive match for any of
+        % the values in list of methods do not set any additional
+        % headers and terminate this set of steps.
+        % http://www.w3.org/TR/cors/#resource-preflight-requests
             false
         end
     end.
@@ -172,6 +198,10 @@ cors_headers(#httpd{mochi_req=MochiReq}, true) ->
     AcceptedOrigins = get_accepted_origins(Host),
     case MochiReq:get_header_value("Origin") of
     undefined ->
+        % If the Origin header is not present terminate
+        % this set of steps. The request is outside the scope
+        % of this specification.
+        % http://www.w3.org/TR/cors/#resource-processing-model
         [];
     Origin ->
         handle_cors_headers(couch_util:to_list(Origin),
@@ -191,6 +221,11 @@ handle_cors_headers(Origin, Host, AcceptedOrigins) ->
     {false, true}  ->
         make_cors_header(Origin, Host);
     _ ->
+        % If the value of the Origin header is not a
+        % case-sensitive match for any of the values
+        % in list of origins, do not set any additional
+        % headers and terminate this set of steps.
+        % http://www.w3.org/TR/cors/#resource-requests
         []
     end.
Mime
View raw message