servo: Merge #4793 - Added error checking on XMLHttpRequest::setWithCredentials (from KiChjang:xhr-cred-check); r=Manishearth

Fixes #4665 Source-Repo: https://github.com/servo/servo Source-Revision: 755adf0ddefb060007c0319655f994445aea4709
2015-02-02 08:57:53 -07:00 · 2015-02-02 08:57:53 -07:00 · 0bdad32b66
--- a/servo/components/script/dom/webidls/XMLHttpRequest.webidl
+++ b/servo/components/script/dom/webidls/XMLHttpRequest.webidl
@ -50,6 +50,7 @@ interface XMLHttpRequest : XMLHttpRequestEventTarget {
  void setRequestHeader(ByteString name, ByteString value);
  [SetterThrows]
           attribute unsigned long timeout;
+  [SetterThrows]
           attribute boolean withCredentials;
  readonly attribute XMLHttpRequestUpload upload;
  [Throws]
--- a/servo/components/script/dom/xmlhttprequest.rs
+++ b/servo/components/script/dom/xmlhttprequest.rs
@ -489,8 +489,21 @@ impl<'a> XMLHttpRequestMethods for JSRef<'a, XMLHttpRequest> {
    fn WithCredentials(self) -> bool {
        self.with_credentials.get()
    }
-    fn SetWithCredentials(self, with_credentials: bool) {
-        self.with_credentials.set(with_credentials);
+    // Spec for SetWithCredentials: https://xhr.spec.whatwg.org/#dom-xmlhttprequest-withcredentials
+    fn SetWithCredentials(self, with_credentials: bool) -> ErrorResult {
+        match self.ready_state.get() {
+            XMLHttpRequestState::HeadersReceived |
+            XMLHttpRequestState::Loading |
+            XMLHttpRequestState::XHRDone => Err(InvalidState),
+            _ if self.send_flag.get() => Err(InvalidState),
+            _ => match self.global.root() {
+                GlobalRoot::Window(_) if self.sync.get() => Err(InvalidAccess),
+                _ => {
+                    self.with_credentials.set(with_credentials);
+                    Ok(())
+                },
+            },
+        }
    }
    fn Upload(self) -> Temporary<XMLHttpRequestUpload> {
        Temporary::new(self.upload)