Merge pull request #3567 from atom/cors

Enable all origins via CORS header for custom schemes

atom/browser/net/js_asker.cc

@@ -11,6 +11,8 @@
 
 namespace atom {
 
+const std::string kCorsHeader("Access-Control-Allow-Origin: *");
+
 namespace internal {
 
 namespace {

atom/browser/net/js_asker.h

@@ -5,6 +5,8 @@
 #ifndef ATOM_BROWSER_NET_JS_ASKER_H_
 #define ATOM_BROWSER_NET_JS_ASKER_H_
 
+#include <string>
+
 #include "base/callback.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/weak_ptr.h"
@@ -17,6 +19,7 @@
 #include "v8/include/v8.h"
 
 namespace atom {
+extern const std::string kCorsHeader;
 
 using JavaScriptHandler =
     base::Callback<void(const net::URLRequest*, v8::Local<v8::Value>)>;

atom/browser/net/url_request_async_asar_job.cc

@@ -4,6 +4,8 @@
 
 #include "atom/browser/net/url_request_async_asar_job.h"
 
+#include <string>
+
 namespace atom {
 
 URLRequestAsyncAsarJob::URLRequestAsyncAsarJob(
@@ -34,4 +36,13 @@ void URLRequestAsyncAsarJob::StartAsync(scoped_ptr<base::Value> options) {
   }
 }
 
+
+void URLRequestAsyncAsarJob::GetResponseInfo(net::HttpResponseInfo* info) {
+  std::string status("HTTP/1.1 200 OK");
+  net::HttpResponseHeaders* headers = new net::HttpResponseHeaders(status);
+
+  headers->AddHeader(kCorsHeader);
+  info->headers = headers;
+}
+
 }  // namespace atom

atom/browser/net/url_request_async_asar_job.h

@@ -18,6 +18,9 @@ class URLRequestAsyncAsarJob : public JsAsker<asar::URLRequestAsarJob> {
   // JsAsker:
   void StartAsync(scoped_ptr<base::Value> options) override;
 
+  // URLRequestJob:
+  void GetResponseInfo(net::HttpResponseInfo* info) override;
+
  private:
   DISALLOW_COPY_AND_ASSIGN(URLRequestAsyncAsarJob);
 };

atom/browser/net/url_request_buffer_job.cc

@@ -50,6 +50,8 @@ void URLRequestBufferJob::GetResponseInfo(net::HttpResponseInfo* info) {
   status.append("\0\0", 2);
   net::HttpResponseHeaders* headers = new net::HttpResponseHeaders(status);
 
+  headers->AddHeader(kCorsHeader);
+
   if (!mime_type_.empty()) {
     std::string content_type_header(net::HttpRequestHeaders::kContentType);
     content_type_header.append(": ");

atom/browser/net/url_request_string_job.cc

@@ -32,6 +32,8 @@ void URLRequestStringJob::GetResponseInfo(net::HttpResponseInfo* info) {
   std::string status("HTTP/1.1 200 OK");
   net::HttpResponseHeaders* headers = new net::HttpResponseHeaders(status);
 
+  headers->AddHeader(kCorsHeader);
+
   if (!mime_type_.empty()) {
     std::string content_type_header(net::HttpRequestHeaders::kContentType);
     content_type_header.append(": ");

spec/api-protocol-spec.coffee

@@ -81,6 +81,21 @@ describe 'protocol module', ->
           error: (xhr, errorType, error) ->
             done(error)
 
+    it 'sets Access-Control-Allow-Origin', (done) ->
+      handler = (request, callback) -> callback(text)
+      protocol.registerStringProtocol protocolName, handler, (error) ->
+        return done(error) if error
+        $.ajax
+          url: "#{protocolName}://fake-host"
+          success: (data, status, request) ->
+            assert.equal data, text
+            assert.equal(
+              request.getResponseHeader('Access-Control-Allow-Origin'),
+              '*')
+            done()
+          error: (xhr, errorType, error) ->
+            done(error)
+
     it 'sends object as response', (done) ->
       handler = (request, callback) -> callback(data: text, mimeType: 'text/html')
       protocol.registerStringProtocol protocolName, handler, (error) ->
@@ -120,6 +135,21 @@ describe 'protocol module', ->
           error: (xhr, errorType, error) ->
             done(error)
 
+    it 'sets Access-Control-Allow-Origin', (done) ->
+      handler = (request, callback) -> callback(buffer)
+      protocol.registerBufferProtocol protocolName, handler, (error) ->
+        return done(error) if error
+        $.ajax
+          url: "#{protocolName}://fake-host"
+          success: (data, status, request) ->
+            assert.equal data, text
+            assert.equal(
+              request.getResponseHeader('Access-Control-Allow-Origin'),
+              '*')
+            done()
+          error: (xhr, errorType, error) ->
+            done(error)
+
     it 'sends object as response', (done) ->
       handler = (request, callback) -> callback(data: buffer, mimeType: 'text/html')
       protocol.registerBufferProtocol protocolName, handler, (error) ->
@@ -163,6 +193,21 @@ describe 'protocol module', ->
           error: (xhr, errorType, error) ->
             done(error)
 
+    it 'sets Access-Control-Allow-Origin', (done) ->
+      handler = (request, callback) -> callback(filePath)
+      protocol.registerFileProtocol protocolName, handler, (error) ->
+        return done(error) if error
+        $.ajax
+          url: "#{protocolName}://fake-host"
+          success: (data, status, request) ->
+            assert.equal data, String(fileContent)
+            assert.equal(
+              request.getResponseHeader('Access-Control-Allow-Origin'),
+              '*')
+            done()
+          error: (xhr, errorType, error) ->
+            done(error)
+
     it 'sends object as response', (done) ->
       handler = (request, callback) -> callback(path: filePath)
       protocol.registerFileProtocol protocolName, handler, (error) ->