зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1685570 Backed out changeset 92d71744323a r=necko-reviewers,kershaw
Differential Revision: https://phabricator.services.mozilla.com/D107670
This commit is contained in:
Sebastian Streich
Родитель
d81ec85207
Коммит
239f9451dc
|
|
@ -2,8 +2,8 @@
|
|||
* http://creativecommons.org/publicdomain/zero/1.0/ */
|
||||
|
||||
function handleRequest(req, resp) {
|
||||
resp.setHeader("Content-Type", "text/html; charset=UTF-8", false);
|
||||
if (req.hasHeader("Origin") && req.getHeader("Origin") != "null") {
|
||||
resp.setHeader("Content-Type", "text/html", false);
|
||||
if (req.hasHeader("Origin")) {
|
||||
resp.write("error");
|
||||
return;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1569,6 +1569,7 @@ void FetchDriver::SetRequestHeaders(nsIHttpChannel* aChannel,
|
|||
MOZ_ASSERT(NS_SUCCEEDED(rv));
|
||||
}
|
||||
}
|
||||
|
||||
nsAutoCString method;
|
||||
mRequest->GetMethod(method);
|
||||
if (!method.EqualsLiteral("GET") && !method.EqualsLiteral("HEAD")) {
|
||||
|
|
|
|||
|
|
@ -52,42 +52,6 @@ NS_IMPL_ISUPPORTS_CI(ReferrerInfo, nsIReferrerInfo, nsISerializable)
|
|||
#define MIN_CROSS_ORIGIN_SENDING_POLICY 0
|
||||
#define MIN_TRIMMING_POLICY 0
|
||||
|
||||
/*
|
||||
* Default referrer policy to use
|
||||
*/
|
||||
enum DefaultReferrerPolicy : uint32_t {
|
||||
eDefaultPolicyNoReferrer = 0,
|
||||
eDefaultPolicySameOrgin = 1,
|
||||
eDefaultPolicyStrictWhenXorigin = 2,
|
||||
eDefaultPolicyNoReferrerWhenDownGrade = 3,
|
||||
};
|
||||
|
||||
static uint32_t GetDefaultFirstPartyReferrerPolicyPref(bool privateBrowsing) {
|
||||
return privateBrowsing
|
||||
? StaticPrefs::network_http_referer_defaultPolicy_pbmode()
|
||||
: StaticPrefs::network_http_referer_defaultPolicy();
|
||||
}
|
||||
|
||||
static uint32_t GetDefaultThirdPartyReferrerPolicyPref(bool privateBrowsing) {
|
||||
return privateBrowsing
|
||||
? StaticPrefs::network_http_referer_defaultPolicy_trackers_pbmode()
|
||||
: StaticPrefs::network_http_referer_defaultPolicy_trackers();
|
||||
}
|
||||
|
||||
static ReferrerPolicy DefaultReferrerPolicyToReferrerPolicy(
|
||||
uint32_t defaultToUse) {
|
||||
switch (defaultToUse) {
|
||||
case DefaultReferrerPolicy::eDefaultPolicyNoReferrer:
|
||||
return ReferrerPolicy::No_referrer;
|
||||
case DefaultReferrerPolicy::eDefaultPolicySameOrgin:
|
||||
return ReferrerPolicy::Same_origin;
|
||||
case DefaultReferrerPolicy::eDefaultPolicyNoReferrerWhenDownGrade:
|
||||
return ReferrerPolicy::No_referrer_when_downgrade;
|
||||
}
|
||||
|
||||
return ReferrerPolicy::Strict_origin_when_cross_origin;
|
||||
}
|
||||
|
||||
struct LegacyReferrerPolicyTokenMap {
|
||||
const char* mToken;
|
||||
ReferrerPolicy mPolicy;
|
||||
|
|
@ -253,10 +217,32 @@ ReferrerPolicy ReferrerInfo::GetDefaultReferrerPolicy(nsIHttpChannel* aChannel,
|
|||
}
|
||||
}
|
||||
|
||||
return DefaultReferrerPolicyToReferrerPolicy(
|
||||
thirdPartyTrackerIsolated
|
||||
? GetDefaultThirdPartyReferrerPolicyPref(privateBrowsing)
|
||||
: GetDefaultFirstPartyReferrerPolicyPref(privateBrowsing));
|
||||
uint32_t defaultToUse;
|
||||
if (thirdPartyTrackerIsolated) {
|
||||
if (privateBrowsing) {
|
||||
defaultToUse =
|
||||
StaticPrefs::network_http_referer_defaultPolicy_trackers_pbmode();
|
||||
} else {
|
||||
defaultToUse = StaticPrefs::network_http_referer_defaultPolicy_trackers();
|
||||
}
|
||||
} else {
|
||||
if (privateBrowsing) {
|
||||
defaultToUse = StaticPrefs::network_http_referer_defaultPolicy_pbmode();
|
||||
} else {
|
||||
defaultToUse = StaticPrefs::network_http_referer_defaultPolicy();
|
||||
}
|
||||
}
|
||||
|
||||
switch (defaultToUse) {
|
||||
case DefaultReferrerPolicy::eDefaultPolicyNoReferrer:
|
||||
return ReferrerPolicy::No_referrer;
|
||||
case DefaultReferrerPolicy::eDefaultPolicySameOrgin:
|
||||
return ReferrerPolicy::Same_origin;
|
||||
case DefaultReferrerPolicy::eDefaultPolicyStrictWhenXorigin:
|
||||
return ReferrerPolicy::Strict_origin_when_cross_origin;
|
||||
}
|
||||
|
||||
return ReferrerPolicy::No_referrer_when_downgrade;
|
||||
}
|
||||
|
||||
/* static */
|
||||
|
|
|
|||
|
|
@ -219,16 +219,7 @@ class ReferrerInfo : public nsIReferrerInfo {
|
|||
*/
|
||||
static ReferrerPolicyEnum GetDefaultReferrerPolicy(
|
||||
nsIHttpChannel* aChannel = nullptr, nsIURI* aURI = nullptr,
|
||||
bool aPrivateBrowsing = false);
|
||||
|
||||
/**
|
||||
* Return default referrer policy for third party which is controlled by user
|
||||
* prefs:
|
||||
* network.http.referer.defaultPolicy.trackers for regular mode
|
||||
* network.http.referer.defaultPolicy.trackers.pbmode for private mode
|
||||
*/
|
||||
static ReferrerPolicyEnum GetDefaultThirdPartyReferrerPolicy(
|
||||
bool aPrivateBrowsing = false);
|
||||
bool privateBrowsing = false);
|
||||
|
||||
/*
|
||||
* Helper function to parse ReferrerPolicy from meta tag referrer content.
|
||||
|
|
@ -284,6 +275,16 @@ class ReferrerInfo : public nsIReferrerInfo {
|
|||
|
||||
ReferrerInfo(const ReferrerInfo& rhs);
|
||||
|
||||
/*
|
||||
* Default referrer policy to use
|
||||
*/
|
||||
enum DefaultReferrerPolicy : uint32_t {
|
||||
eDefaultPolicyNoReferrer = 0,
|
||||
eDefaultPolicySameOrgin = 1,
|
||||
eDefaultPolicyStrictWhenXorigin = 2,
|
||||
eDefaultPolicyNoReferrerWhenDownGrade = 3,
|
||||
};
|
||||
|
||||
/*
|
||||
* Trimming policy when compute referrer, indicate how much information in the
|
||||
* referrer will be sent. Order matters here.
|
||||
|
|
|
|||
|
|
@ -4290,9 +4290,6 @@ nsresult HttpBaseChannel::SetupReplacementChannel(nsIURI* newURI,
|
|||
CallQueryInterface(newChannel, realChannel.StartAssignment());
|
||||
if (realChannel) {
|
||||
realChannel->SetTopWindowURI(mTopWindowURI);
|
||||
|
||||
realChannel->StoreTaintedOriginFlag(
|
||||
ShouldTaintReplacementChannelOrigin(newURI));
|
||||
}
|
||||
|
||||
// update the DocumentURI indicator since we are being redirected.
|
||||
|
|
@ -4375,40 +4372,6 @@ nsresult HttpBaseChannel::SetupReplacementChannel(nsIURI* newURI,
|
|||
return NS_OK;
|
||||
}
|
||||
|
||||
bool HttpBaseChannel::ShouldTaintReplacementChannelOrigin(nsIURI* aNewURI) {
|
||||
if (LoadTaintedOriginFlag()) {
|
||||
return true;
|
||||
}
|
||||
|
||||
nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
|
||||
if (!ssm) {
|
||||
return true;
|
||||
}
|
||||
bool isPrivateWin = mLoadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
|
||||
nsresult rv = ssm->CheckSameOriginURI(aNewURI, mURI, false, isPrivateWin);
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
return false;
|
||||
}
|
||||
// If aNewURI <-> mURI are not same-origin we need to taint unless
|
||||
// mURI <-> mOriginalURI/LoadingPrincipal are same origin.
|
||||
|
||||
if (mLoadInfo->GetLoadingPrincipal()) {
|
||||
bool sameOrigin = false;
|
||||
rv = mLoadInfo->GetLoadingPrincipal()->IsSameOrigin(mURI, isPrivateWin,
|
||||
&sameOrigin);
|
||||
if (NS_FAILED(rv)) {
|
||||
return true;
|
||||
}
|
||||
return !sameOrigin;
|
||||
}
|
||||
if (!mOriginalURI) {
|
||||
return true;
|
||||
}
|
||||
|
||||
rv = ssm->CheckSameOriginURI(mOriginalURI, mURI, false, isPrivateWin);
|
||||
return NS_FAILED(rv);
|
||||
}
|
||||
|
||||
// Redirect Tracking
|
||||
bool HttpBaseChannel::SameOriginWithOriginalUri(nsIURI* aURI) {
|
||||
nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
|
||||
|
|
|
|||
|
|
@ -9379,34 +9379,16 @@ void nsHttpChannel::SetOriginHeader() {
|
|||
if (mRequestHead.IsGet() || mRequestHead.IsHead()) {
|
||||
return;
|
||||
}
|
||||
if (mLoadInfo->TriggeringPrincipal()->IsSystemPrincipal()) {
|
||||
// Do not set origin header for system principal contexts:
|
||||
return;
|
||||
}
|
||||
nsresult rv;
|
||||
|
||||
nsAutoCString existingHeader;
|
||||
Unused << mRequestHead.GetHeader(nsHttp::Origin, existingHeader);
|
||||
if (!existingHeader.IsEmpty()) {
|
||||
LOG(("nsHttpChannel::SetOriginHeader Origin header already present"));
|
||||
// In case we already have an Origin header, check with referrerInfo
|
||||
// if we should "null" it.
|
||||
Unused << mRequestHead.GetHeader(nsHttp::Origin, existingHeader);
|
||||
auto const shouldNullifyOriginHeader =
|
||||
[&existingHeader](nsHttpChannel* self) {
|
||||
if (self->LoadTaintedOriginFlag()) {
|
||||
return true;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIURI> uri;
|
||||
nsresult rv = NS_NewURI(getter_AddRefs(uri), existingHeader);
|
||||
if (NS_FAILED(rv)) {
|
||||
return false;
|
||||
}
|
||||
return ReferrerInfo::ShouldSetNullOriginHeader(self, uri);
|
||||
};
|
||||
|
||||
if (shouldNullifyOriginHeader(this)) {
|
||||
nsCOMPtr<nsIURI> uri;
|
||||
rv = NS_NewURI(getter_AddRefs(uri), existingHeader);
|
||||
if (NS_SUCCEEDED(rv) &&
|
||||
ReferrerInfo::ShouldSetNullOriginHeader(this, uri)) {
|
||||
LOG(("nsHttpChannel::SetOriginHeader null Origin by Referrer-Policy"));
|
||||
rv = mRequestHead.SetHeader(nsHttp::Origin, "null"_ns, false /* merge */);
|
||||
MOZ_ASSERT(NS_SUCCEEDED(rv));
|
||||
|
|
@ -9414,32 +9396,35 @@ void nsHttpChannel::SetOriginHeader() {
|
|||
return;
|
||||
}
|
||||
|
||||
if (StaticPrefs::network_http_sendOriginHeader() == 0) {
|
||||
// Origin header suppressed by user setting
|
||||
return;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIURI> referrer;
|
||||
auto* basePrin = BasePrincipal::Cast(mLoadInfo->TriggeringPrincipal());
|
||||
rv = basePrin->GetURI(getter_AddRefs(referrer));
|
||||
if (NS_FAILED(rv)) {
|
||||
basePrin->GetURI(getter_AddRefs(referrer));
|
||||
if (!referrer || !dom::ReferrerInfo::IsReferrerSchemeAllowed(referrer)) {
|
||||
return;
|
||||
}
|
||||
|
||||
nsAutoCString origin("null");
|
||||
nsContentUtils::GetASCIIOrigin(referrer, origin);
|
||||
|
||||
if (StaticPrefs::network_http_sendOriginHeader() != 0 && referrer &&
|
||||
ReferrerInfo::IsReferrerSchemeAllowed(referrer) &&
|
||||
!ReferrerInfo::ShouldSetNullOriginHeader(this, referrer) &&
|
||||
!LoadTaintedOriginFlag()) {
|
||||
nsContentUtils::GetASCIIOrigin(referrer, origin);
|
||||
|
||||
// Restrict Origin to same-origin loads if requested by user
|
||||
if (StaticPrefs::network_http_sendOriginHeader() == 1) {
|
||||
nsAutoCString currentOrigin;
|
||||
nsContentUtils::GetASCIIOrigin(mURI, currentOrigin);
|
||||
if (!origin.EqualsIgnoreCase(currentOrigin.get())) {
|
||||
// Origin header suppressed by user setting
|
||||
origin.AssignLiteral("null");
|
||||
}
|
||||
// Restrict Origin to same-origin loads if requested by user
|
||||
if (StaticPrefs::network_http_sendOriginHeader() == 1) {
|
||||
nsAutoCString currentOrigin;
|
||||
nsContentUtils::GetASCIIOrigin(mURI, currentOrigin);
|
||||
if (!origin.EqualsIgnoreCase(currentOrigin.get())) {
|
||||
// Origin header suppressed by user setting
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if (ReferrerInfo::ShouldSetNullOriginHeader(this, referrer)) {
|
||||
origin.AssignLiteral("null");
|
||||
}
|
||||
|
||||
rv = mRequestHead.SetHeader(nsHttp::Origin, origin, false /* merge */);
|
||||
MOZ_ASSERT(NS_SUCCEEDED(rv));
|
||||
}
|
||||
|
|
@ -10059,8 +10044,7 @@ void nsHttpChannel::ReEvaluateReferrerAfterTrackingStatusIsKnown() {
|
|||
ReferrerInfo::GetDefaultReferrerPolicy(nullptr, nullptr,
|
||||
isPrivate)) {
|
||||
nsCOMPtr<nsIReferrerInfo> newReferrerInfo =
|
||||
referrerInfo->CloneWithNewPolicy(
|
||||
ReferrerInfo::GetDefaultReferrerPolicy(this, mURI, isPrivate));
|
||||
referrerInfo->CloneWithNewPolicy(ReferrerPolicy::_empty);
|
||||
// The arguments passed to SetReferrerInfoInternal here should mirror
|
||||
// the arguments passed in
|
||||
// HttpChannelChild::RecvOverrideReferrerInfoDuringBeginConnect().
|
||||
|
|
|
|||
|
|
@ -16,7 +16,6 @@ support-files =
|
|||
redirect_idn.html
|
||||
empty.html
|
||||
redirect.sjs
|
||||
redirect_to.sjs
|
||||
origin_header.sjs
|
||||
origin_header_form_post.html
|
||||
origin_header_form_post_xorigin.html
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
function handleRequest(request, response) {
|
||||
response.setStatusLine(request.httpVersion, 308, "Permanent Redirect");
|
||||
response.setHeader("Location", request.queryString);
|
||||
}
|
||||
|
|
@ -23,18 +23,15 @@ let testsToRun = [
|
|||
["network.http.sendOriginHeader", 0],
|
||||
],
|
||||
results: {
|
||||
framePost: "Origin: null",
|
||||
framePostXOrigin: "Origin: null",
|
||||
framePost: EMPTY_ORIGIN,
|
||||
framePostXOrigin: EMPTY_ORIGIN,
|
||||
frameGet: EMPTY_ORIGIN,
|
||||
framePostNonSandboxed: "Origin: null",
|
||||
framePostNonSandboxedXOrigin: "Origin: null",
|
||||
framePostSandboxed: "Origin: null",
|
||||
framePostSrcDoc: "Origin: null",
|
||||
framePostSrcDocXOrigin: "Origin: null",
|
||||
framePostDataURI: "Origin: null",
|
||||
framePostSameOriginToXOrigin: "Origin: null",
|
||||
framePostXOriginToSameOrigin: "Origin: null",
|
||||
framePostXOriginToXOrigin: "Origin: null",
|
||||
framePostNonSandboxed: EMPTY_ORIGIN,
|
||||
framePostNonSandboxedXOrigin: EMPTY_ORIGIN,
|
||||
framePostSandboxed: EMPTY_ORIGIN,
|
||||
framePostSrcDoc: EMPTY_ORIGIN,
|
||||
framePostSrcDocXOrigin: EMPTY_ORIGIN,
|
||||
framePostDataURI: EMPTY_ORIGIN,
|
||||
},
|
||||
},
|
||||
{
|
||||
|
|
@ -44,17 +41,14 @@ let testsToRun = [
|
|||
],
|
||||
results: {
|
||||
framePost: "Origin: http://mochi.test:8888",
|
||||
framePostXOrigin: "Origin: null",
|
||||
framePostXOrigin: EMPTY_ORIGIN,
|
||||
frameGet: EMPTY_ORIGIN,
|
||||
framePostNonSandboxed: "Origin: http://mochi.test:8888",
|
||||
framePostNonSandboxedXOrigin: "Origin: null",
|
||||
framePostSandboxed: "Origin: null",
|
||||
framePostNonSandboxedXOrigin: EMPTY_ORIGIN,
|
||||
framePostSandboxed: EMPTY_ORIGIN,
|
||||
framePostSrcDoc: "Origin: http://mochi.test:8888",
|
||||
framePostSrcDocXOrigin: "Origin: null",
|
||||
framePostDataURI: "Origin: null",
|
||||
framePostSameOriginToXOrigin: "Origin: null",
|
||||
framePostXOriginToSameOrigin: "Origin: null",
|
||||
framePostXOriginToXOrigin: "Origin: null",
|
||||
framePostSrcDocXOrigin: EMPTY_ORIGIN,
|
||||
framePostDataURI: EMPTY_ORIGIN,
|
||||
},
|
||||
},
|
||||
{
|
||||
|
|
@ -68,13 +62,10 @@ let testsToRun = [
|
|||
frameGet: EMPTY_ORIGIN,
|
||||
framePostNonSandboxed: "Origin: http://mochi.test:8888",
|
||||
framePostNonSandboxedXOrigin: "Origin: http://mochi.test:8888",
|
||||
framePostSandboxed: "Origin: null",
|
||||
framePostSandboxed: EMPTY_ORIGIN,
|
||||
framePostSrcDoc: "Origin: http://mochi.test:8888",
|
||||
framePostSrcDocXOrigin: "Origin: http://mochi.test:8888",
|
||||
framePostDataURI: "Origin: null",
|
||||
framePostSameOriginToXOrigin: "Origin: http://mochi.test:8888",
|
||||
framePostXOriginToSameOrigin: "Origin: null",
|
||||
framePostXOriginToXOrigin: "Origin: http://mochi.test:8888",
|
||||
framePostDataURI: EMPTY_ORIGIN,
|
||||
},
|
||||
},
|
||||
{
|
||||
|
|
@ -88,13 +79,10 @@ let testsToRun = [
|
|||
frameGet: EMPTY_ORIGIN,
|
||||
framePostNonSandboxed: "Origin: http://mochi.test:8888",
|
||||
framePostNonSandboxedXOrigin: "Origin: http://mochi.test:8888",
|
||||
framePostSandboxed: "Origin: null",
|
||||
framePostSandboxed: EMPTY_ORIGIN,
|
||||
framePostSrcDoc: "Origin: http://mochi.test:8888",
|
||||
framePostSrcDocXOrigin: "Origin: http://mochi.test:8888",
|
||||
framePostDataURI: "Origin: null",
|
||||
framePostSameOriginToXOrigin: "Origin: http://mochi.test:8888",
|
||||
framePostXOriginToSameOrigin: "Origin: null",
|
||||
framePostXOriginToXOrigin: "Origin: http://mochi.test:8888",
|
||||
framePostDataURI: EMPTY_ORIGIN,
|
||||
},
|
||||
},
|
||||
{
|
||||
|
|
@ -109,13 +97,10 @@ let testsToRun = [
|
|||
frameGet: EMPTY_ORIGIN,
|
||||
framePostNonSandboxed: "Origin: null",
|
||||
framePostNonSandboxedXOrigin: "Origin: null",
|
||||
framePostSandboxed: "Origin: null",
|
||||
framePostSandboxed: EMPTY_ORIGIN,
|
||||
framePostSrcDoc: "Origin: null",
|
||||
framePostSrcDocXOrigin: "Origin: null",
|
||||
framePostDataURI: "Origin: null",
|
||||
framePostSameOriginToXOrigin: "Origin: null",
|
||||
framePostXOriginToSameOrigin: "Origin: null",
|
||||
framePostXOriginToXOrigin: "Origin: null",
|
||||
framePostDataURI: EMPTY_ORIGIN,
|
||||
},
|
||||
},
|
||||
];
|
||||
|
|
@ -166,21 +151,6 @@ let checksToRun = [
|
|||
frameID: "framePostDataURI",
|
||||
dataURI: "origin_header_form_post.html",
|
||||
},
|
||||
{
|
||||
name: "same-origin POST redirected to cross-origin",
|
||||
frameID: "framePostSameOriginToXOrigin",
|
||||
formID: "formPostSameOriginToXOrigin",
|
||||
},
|
||||
{
|
||||
name: "cross-origin POST redirected to same-origin",
|
||||
frameID: "framePostXOriginToSameOrigin",
|
||||
formID: "formPostXOriginToSameOrigin",
|
||||
},
|
||||
{
|
||||
name: "cross-origin POST redirected to cross-origin",
|
||||
frameID: "framePostXOriginToXOrigin",
|
||||
formID: "formPostXOriginToXOrigin",
|
||||
},
|
||||
];
|
||||
|
||||
function frameLoaded(test, check)
|
||||
|
|
@ -336,33 +306,6 @@ addLoadEvent(runTests);
|
|||
<input type="submit" value="Submit GET">
|
||||
</form>
|
||||
</td>
|
||||
<td>
|
||||
<iframe src="about:blank" name="framePostSameOriginToXOrigin" id="framePostSameOriginToXOrigin"></iframe>
|
||||
<form action="redirect_to.sjs?http://test1.mochi.test:8888/tests/netwerk/test/mochitests/origin_header.sjs"
|
||||
method="POST"
|
||||
id="formPostSameOriginToXOrigin"
|
||||
target="framePostSameOriginToXOrigin">
|
||||
<input type="Submit" value="Submit SameOrigin POST redirected to XOrigin">
|
||||
</form>
|
||||
</td>
|
||||
<td>
|
||||
<iframe src="about:blank" name="framePostXOriginToSameOrigin" id="framePostXOriginToSameOrigin"></iframe>
|
||||
<form action="http://test1.mochi.test:8888/tests/netwerk/test/mochitests/redirect_to.sjs?http://mochi.test:8888/tests/netwerk/test/mochitests/origin_header.sjs"
|
||||
method="POST"
|
||||
id="formPostXOriginToSameOrigin"
|
||||
target="framePostXOriginToSameOrigin">
|
||||
<input type="Submit" value="Submit XOrigin POST redirected to SameOrigin">
|
||||
</form>
|
||||
</td>
|
||||
<td>
|
||||
<iframe src="about:blank" name="framePostXOriginToXOrigin" id="framePostXOriginToXOrigin"></iframe>
|
||||
<form action="http://test1.mochi.test:8888/tests/netwerk/test/mochitests/redirect_to.sjs?/tests/netwerk/test/mochitests/origin_header.sjs"
|
||||
method="POST"
|
||||
id="formPostXOriginToXOrigin"
|
||||
target="framePostXOriginToXOrigin">
|
||||
<input type="Submit" value="Submit XOrigin POST redirected to XOrigin">
|
||||
</form>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
|
|
|
|||
|
|
@ -1,4 +1,10 @@
|
|||
[assorted.window.html]
|
||||
[Origin header and 308 redirect]
|
||||
expected: FAIL
|
||||
|
||||
[Origin header and POST navigation]
|
||||
expected: FAIL
|
||||
|
||||
[Origin header and POST same-origin fetch cors mode with Referrer-Policy no-referrer]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче