Bug 1029620 P3 Factor non-CORS simple content type checkout out of XHR. r=ehsan

2014-07-24 12:38:55 -04:00 · 2014-07-24 12:38:55 -04:00 · 3fa4e60611
--- a/content/base/public/nsContentUtils.h
+++ b/content/base/public/nsContentUtils.h
@ -2182,6 +2182,12 @@ public:
   */
  static bool IsForbiddenSystemRequestHeader(const nsACString& aHeader);

+  /**
+   * Returns whether a given Content-Type header value is allowed
+   * for a non-CORS XHR or fetch request.
+   */
+  static bool IsAllowedNonCorsContentType(const nsACString& aHeaderValue);
+
  /**
   * Returns whether a given header is forbidden for an XHR or fetch
   * response.
--- a/content/base/src/nsContentUtils.cpp
+++ b/content/base/src/nsContentUtils.cpp
@ -6905,6 +6905,23 @@ nsContentUtils::IsForbiddenResponseHeader(const nsACString& aHeader)
          aHeader.LowerCaseEqualsASCII("set-cookie2"));
 }

+// static
+bool
+nsContentUtils::IsAllowedNonCorsContentType(const nsACString& aHeaderValue)
+{
+  nsAutoCString contentType;
+  nsAutoCString unused;
+
+  nsresult rv = NS_ParseContentType(aHeaderValue, contentType, unused);
+  if (NS_FAILED(rv)) {
+    return false;
+  }
+
+  return contentType.LowerCaseEqualsLiteral("text/plain") ||
+         contentType.LowerCaseEqualsLiteral("application/x-www-form-urlencoded") ||
+         contentType.LowerCaseEqualsLiteral("multipart/form-data");
+}
+
 bool
 nsContentUtils::DOMWindowDumpEnabled()
 {
--- a/content/base/src/nsXMLHttpRequest.cpp
+++ b/content/base/src/nsXMLHttpRequest.cpp
@ -2869,13 +2869,7 @@ nsXMLHttpRequest::Send(nsIVariant* aVariant, const Nullable<RequestBody>& aBody)
    rv = httpChannel->GetRequestHeader(NS_LITERAL_CSTRING("Content-Type"),
                                       contentTypeHeader);
    if (NS_SUCCEEDED(rv)) {
-      nsAutoCString contentType, charset;
-      rv = NS_ParseContentType(contentTypeHeader, contentType, charset);
-      NS_ENSURE_SUCCESS(rv, rv);
-  
-      if (!contentType.LowerCaseEqualsLiteral("text/plain") &&
-          !contentType.LowerCaseEqualsLiteral("application/x-www-form-urlencoded") &&
-          !contentType.LowerCaseEqualsLiteral("multipart/form-data")) {
+      if (!nsContentUtils::IsAllowedNonCorsContentType(contentTypeHeader)) {
        mCORSUnsafeHeaders.AppendElement(NS_LITERAL_CSTRING("Content-Type"));
      }
    }