зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1029620 P3 Factor non-CORS simple content type checkout out of XHR. r=ehsan
This commit is contained in:
Родитель
4dc8bf13d7
Коммит
3fa4e60611
|
@ -2182,6 +2182,12 @@ public:
|
|||
*/
|
||||
static bool IsForbiddenSystemRequestHeader(const nsACString& aHeader);
|
||||
|
||||
/**
|
||||
* Returns whether a given Content-Type header value is allowed
|
||||
* for a non-CORS XHR or fetch request.
|
||||
*/
|
||||
static bool IsAllowedNonCorsContentType(const nsACString& aHeaderValue);
|
||||
|
||||
/**
|
||||
* Returns whether a given header is forbidden for an XHR or fetch
|
||||
* response.
|
||||
|
|
|
@ -6905,6 +6905,23 @@ nsContentUtils::IsForbiddenResponseHeader(const nsACString& aHeader)
|
|||
aHeader.LowerCaseEqualsASCII("set-cookie2"));
|
||||
}
|
||||
|
||||
// static
|
||||
bool
|
||||
nsContentUtils::IsAllowedNonCorsContentType(const nsACString& aHeaderValue)
|
||||
{
|
||||
nsAutoCString contentType;
|
||||
nsAutoCString unused;
|
||||
|
||||
nsresult rv = NS_ParseContentType(aHeaderValue, contentType, unused);
|
||||
if (NS_FAILED(rv)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return contentType.LowerCaseEqualsLiteral("text/plain") ||
|
||||
contentType.LowerCaseEqualsLiteral("application/x-www-form-urlencoded") ||
|
||||
contentType.LowerCaseEqualsLiteral("multipart/form-data");
|
||||
}
|
||||
|
||||
bool
|
||||
nsContentUtils::DOMWindowDumpEnabled()
|
||||
{
|
||||
|
|
|
@ -2869,13 +2869,7 @@ nsXMLHttpRequest::Send(nsIVariant* aVariant, const Nullable<RequestBody>& aBody)
|
|||
rv = httpChannel->GetRequestHeader(NS_LITERAL_CSTRING("Content-Type"),
|
||||
contentTypeHeader);
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
nsAutoCString contentType, charset;
|
||||
rv = NS_ParseContentType(contentTypeHeader, contentType, charset);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
if (!contentType.LowerCaseEqualsLiteral("text/plain") &&
|
||||
!contentType.LowerCaseEqualsLiteral("application/x-www-form-urlencoded") &&
|
||||
!contentType.LowerCaseEqualsLiteral("multipart/form-data")) {
|
||||
if (!nsContentUtils::IsAllowedNonCorsContentType(contentTypeHeader)) {
|
||||
mCORSUnsafeHeaders.AppendElement(NS_LITERAL_CSTRING("Content-Type"));
|
||||
}
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче