Return-Path: X-Original-To: apmail-couchdb-commits-archive@www.apache.org Delivered-To: apmail-couchdb-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C9C4CE1B0 for ; Tue, 4 Dec 2012 20:43:50 +0000 (UTC) Received: (qmail 66141 invoked by uid 500); 4 Dec 2012 20:43:49 -0000 Delivered-To: apmail-couchdb-commits-archive@couchdb.apache.org Received: (qmail 65974 invoked by uid 500); 4 Dec 2012 20:43:49 -0000 Mailing-List: contact commits-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list commits@couchdb.apache.org Received: (qmail 65577 invoked by uid 99); 4 Dec 2012 20:43:48 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Dec 2012 20:43:48 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 496C38185B8; Tue, 4 Dec 2012 20:43:48 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: jan@apache.org To: commits@couchdb.apache.org X-Mailer: ASF-Git Admin Mailer Subject: [6/44] git commit: add some source comments Message-Id: <20121204204348.496C38185B8@tyr.zones.apache.org> Date: Tue, 4 Dec 2012 20:43:48 +0000 (UTC) add some source comments Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/403932b0 Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/403932b0 Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/403932b0 Branch: refs/heads/1368-fix-multipart-header-parts Commit: 403932b0086fcdb4b89167391760001493fa133c Parents: 7b65cfb Author: Jan Lehnardt Authored: Mon Nov 12 18:30:34 2012 +0100 Committer: Jan Lehnardt Committed: Mon Nov 12 18:54:35 2012 +0100 ---------------------------------------------------------------------- src/couchdb/couch_httpd_cors.erl | 35 +++++++++++++++++++++++++++++++++ 1 files changed, 35 insertions(+), 0 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/couchdb/blob/403932b0/src/couchdb/couch_httpd_cors.erl ---------------------------------------------------------------------- diff --git a/src/couchdb/couch_httpd_cors.erl b/src/couchdb/couch_httpd_cors.erl index 053adf0..d524038 100644 --- a/src/couchdb/couch_httpd_cors.erl +++ b/src/couchdb/couch_httpd_cors.erl @@ -35,6 +35,8 @@ %% is_preflight_request/1 +% http://www.w3.org/TR/cors/#resource-preflight-requests + is_preflight_request(#httpd{method=Method}=Req) when Method /= 'OPTIONS' -> Req; is_preflight_request(Req) -> @@ -57,6 +59,9 @@ preflight_request(MochiReq) -> preflight_request(MochiReq, Origin). preflight_request(MochiReq, undefined) -> + % If the Origin header is not present terminate this set of + % steps. The request is outside the scope of this specification. + % http://www.w3.org/TR/cors/#resource-preflight-requests MochiReq; preflight_request(MochiReq, Origin) -> Host = couch_httpd_vhost:host(MochiReq), @@ -70,12 +75,24 @@ preflight_request(MochiReq, Origin) -> case AcceptAll of true -> + % Always matching is acceptable since the list of + % origins can be unbounded. + % http://www.w3.org/TR/cors/#resource-preflight-requests HandlerFun(); false -> case lists:member(Origin, AcceptedOrigins) of + % The Origin header can only contain a single origin as + % the user agent will not follow redirects. + % http://www.w3.org/TR/cors/#resource-preflight-requests + % TODO: Square against multi origin thinger in Security Considerations true -> HandlerFun(); false -> + % If the value of the Origin header is not a + % case-sensitive match for any of the values + % in list of origins do not set any additional + % headers and terminate this set of steps. + % http://www.w3.org/TR/cors/#resource-preflight-requests false end end. @@ -103,6 +120,11 @@ handle_preflight_request(Origin, Host, MochiReq) -> case MochiReq:get_header_value("Access-Control-Request-Method") of undefined -> + % If there is no Access-Control-Request-Method header + % or if parsing failed, do not set any additional headers + % and terminate this set of steps. The request is outside + % the scope of this specification. + % http://www.w3.org/TR/cors/#resource-preflight-requests {ok, PreflightHeaders0}; Method -> case lists:member(Method, SupportedMethods) of @@ -131,6 +153,10 @@ handle_preflight_request(Origin, Host, MochiReq) -> false end; false -> + % If method is not a case-sensitive match for any of + % the values in list of methods do not set any additional + % headers and terminate this set of steps. + % http://www.w3.org/TR/cors/#resource-preflight-requests false end end. @@ -172,6 +198,10 @@ cors_headers(#httpd{mochi_req=MochiReq}, true) -> AcceptedOrigins = get_accepted_origins(Host), case MochiReq:get_header_value("Origin") of undefined -> + % If the Origin header is not present terminate + % this set of steps. The request is outside the scope + % of this specification. + % http://www.w3.org/TR/cors/#resource-processing-model []; Origin -> handle_cors_headers(couch_util:to_list(Origin), @@ -191,6 +221,11 @@ handle_cors_headers(Origin, Host, AcceptedOrigins) -> {false, true} -> make_cors_header(Origin, Host); _ -> + % If the value of the Origin header is not a + % case-sensitive match for any of the values + % in list of origins, do not set any additional + % headers and terminate this set of steps. + % http://www.w3.org/TR/cors/#resource-requests [] end.