Bug 1306646 - Match updated Timing-Allow-Origin definition for resource timing r=nwgh

MozReview-Commit-ID: GQDhISc9WRD
2017-08-22 22:33:03 +02:00 · 2017-08-22 22:33:03 +02:00 · 396c957233
--- a/netwerk/protocol/http/HttpBaseChannel.cpp
+++ b/netwerk/protocol/http/HttpBaseChannel.cpp
@ -3739,17 +3739,28 @@ HttpBaseChannel::TimingAllowCheck(nsIPrincipal *aOrigin, bool *_retval)
    return NS_OK;
  }

-  if (headerValue == "*") {
-    *_retval = true;
-    return NS_OK;
-  }
-
  nsAutoCString origin;
  nsContentUtils::GetASCIIOrigin(aOrigin, origin);

-  if (headerValue == origin) {
-    *_retval = true;
-    return NS_OK;
+  Tokenizer p(headerValue);
+  Tokenizer::Token t;
+
+  p.Record();
+  nsAutoCString headerItem;
+  while (p.Next(t)) {
+    if (t.Type() == Tokenizer::TOKEN_EOF ||
+        t.Equals(Tokenizer::Token::Char(','))) {
+      p.Claim(headerItem);
+      headerItem.StripWhitespace();
+      // If the list item contains a case-sensitive match for the value of the
+      // origin, or a wildcard, return pass
+      if (headerItem == origin || headerItem == "*") {
+        *_retval = true;
+        return NS_OK;
+      }
+      // We start recording again for the following items in the list
+      p.Record();
+    }
  }

  *_retval = false;
--- a/testing/web-platform/meta/resource-timing/resource_TAO_match_origin.htm.ini
+++ b/testing/web-platform/meta/resource-timing/resource_TAO_match_origin.htm.ini
@ -1,5 +0,0 @@
-[resource_TAO_match_origin.htm]
-  type: testharness
-  [redirectStart, redirectEnd, domainLookupStart, domainLookupEnd, connectStart, connectEnd, secureConnectionStart, requestStart, and responseStart -- should NOT be all returned as 0 when the Timing-Allow-Origin header value list contains a case-sensitive match for the value of the origin of the current document and TAO algorithm passes]
-    expected: FAIL
-
--- a/testing/web-platform/meta/resource-timing/resource_TAO_match_wildcard.htm.ini
+++ b/testing/web-platform/meta/resource-timing/resource_TAO_match_wildcard.htm.ini
@ -1,5 +0,0 @@
-[resource_TAO_match_wildcard.htm]
-  type: testharness
-  [redirectStart, redirectEnd, domainLookupStart, domainLookupEnd, connectStart, connectEnd, secureConnectionStart, requestStart, and responseStart -- should NOT be all returned as 0 when the Timing-Allow-Origin header value list contains a wildcard ("*") and TAO algorithm passes]
-    expected: FAIL
-
--- a/testing/web-platform/meta/resource-timing/resource_TAO_multi.htm.ini
+++ b/testing/web-platform/meta/resource-timing/resource_TAO_multi.htm.ini
@ -1,5 +0,0 @@
-[resource_TAO_multi.htm]
-  type: testharness
-  [redirectStart, redirectEnd, domainLookupStart, domainLookupEnd, connectStart, connectEnd, secureConnectionStart, requestStart, and responseStart -- should not be all returned as 0 when the HTTP response has multiple Timing-Allow-Origin header fields and the subsequent field value is separated by a comma, i.e. TAO algorithm passes]
-    expected: FAIL
-