mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1162411 - Fix Request CORS bug. r=bz 

--HG--
extra : transplant_source : %E6b%5CaV%3C%15%8Co%85%C5%08%07%E7%E5%D7r%80%3C%AB
This commit is contained in:
Nikhil Marathe 2015-05-07 15:39:13 -07:00
Родитель a77ba18be9
Коммит 23b76b8dc6
2 изменённых файлов: 23 добавлений и 4 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

4
dom/fetch/Request.cpp
Просмотреть файл

@ -263,6 +263,10 @@ Request::Constructor(const GlobalObject& aGlobal,
} }
requestHeaders->Clear(); requestHeaders->Clear();
// From "Let r be a new Request object associated with request and a new
// Headers object whose guard is "request"."
requestHeaders->SetGuard(HeadersGuardEnum::Request, aRv);
MOZ_ASSERT(!aRv.Failed());
if (request->Mode() == RequestMode::No_cors) { if (request->Mode() == RequestMode::No_cors) {
if (!request->HasSimpleMethod()) { if (!request->HasSimpleMethod()) {

23
dom/tests/mochitest/fetch/test_request.js
Просмотреть файл

@ -23,7 +23,7 @@ function testDefaultCtor() {
function testClone() { function testClone() {
var orig = new Request("./cloned_request.txt", { var orig = new Request("./cloned_request.txt", {
method: 'POST', method: 'POST',
headers: { "Content-Length": 5 }, headers: { "Sample-Header": "5" },
body: "Sample body", body: "Sample body",
mode: "same-origin", mode: "same-origin",
credentials: "same-origin", credentials: "same-origin",
@ -33,9 +33,9 @@ function testClone() {
ok(clone.method === "POST", "Request method is POST"); ok(clone.method === "POST", "Request method is POST");
ok(clone.headers instanceof Headers, "Request should have non-null Headers object"); ok(clone.headers instanceof Headers, "Request should have non-null Headers object");
is(clone.headers.get('content-length'), "5", "Response content-length should be 5."); is(clone.headers.get('sample-header'), "5", "Request sample-header should be 5.");
orig.headers.set('content-length', 6); orig.headers.set('sample-header', 6);
is(clone.headers.get('content-length'), "5", "Request content-length should be 5."); is(clone.headers.get('sample-header'), "5", "Cloned Request sample-header should continue to be 5.");
ok(clone.url === (new URL("./cloned_request.txt", self.location.href)).href, ok(clone.url === (new URL("./cloned_request.txt", self.location.href)).href,
"URL should be resolved with entry settings object's API base URL"); "URL should be resolved with entry settings object's API base URL");
@ -124,6 +124,20 @@ function testBug1109574() {
var r3 = new Request(r1); var r3 = new Request(r1);
} }
function testHeaderGuard() {
var headers = {
"Cookie": "Custom cookie",
"Non-Simple-Header": "value",
};
var r1 = new Request("", { headers: headers });
ok(!r1.headers.has("Cookie"), "Default Request header should have guard request and prevent setting forbidden header.");
ok(r1.headers.has("Non-Simple-Header"), "Default Request header should have guard request and allow setting non-simple header.");
var r2 = new Request("", { mode: "no-cors", headers: headers });
ok(!r2.headers.has("Cookie"), "no-cors Request header should have guard request-no-cors and prevent setting non-simple header.");
ok(!r2.headers.has("Non-Simple-Header"), "no-cors Request header should have guard request-no-cors and prevent setting non-simple header.");
}
function testMethod() { function testMethod() {
// These get normalized. // These get normalized.
var allowed = ["delete", "get", "head", "options", "post", "put" ]; var allowed = ["delete", "get", "head", "options", "post", "put" ];
@ -434,6 +448,7 @@ function runTest() {
testUrlFragment(); testUrlFragment();
testMethod(); testMethod();
testBug1109574(); testBug1109574();
testHeaderGuard();
testModeCorsPreflightEnumValue(); testModeCorsPreflightEnumValue();
return Promise.resolve() return Promise.resolve()