mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1210985 - More specific error message for "useCredentials" and wildcard allowing origin. r=ckerschb 

MozReview-Commit-ID: 9MvrhZk4sPI

--HG--
extra : rebase_source : de7999c6573e7e5670eab63699851c550ebe8af0
extra : source : 26506044f7650db6f2b27c3c496ba44ddf927723
This commit is contained in:
Henry Chang 2016-08-05 11:46:33 +08:00
Родитель 46576ed14d
Коммит 4d24f3fb3f
2 изменённых файлов: 14 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

1
dom/locales/en-US/chrome/security/security.properties
Просмотреть файл

@ -9,6 +9,7 @@ CORSDisabled=Cross-Origin Request Blocked: The Same Origin Policy disallows read
CORSRequestNotHttp=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS request not http).
CORSMissingAllowOrigin=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS header Access-Control-Allow-Origin missing).
CORSAllowOriginNotMatchingOrigin=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS header Access-Control-Allow-Origin does not match %2$S).
CORSNotSupportingCredentials=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at '%1$S'. (Reason: Credential is not supported if the CORS header 'Access-Control-Allow-Origin' is '*').
CORSMethodNotFound=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: Did not find method in CORS header Access-Control-Allow-Methods).
CORSMissingAllowCredentials=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: expected true in CORS header Access-Control-Allow-Credentials).
CORSPreflightDidNotSucceed=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS preflight channel did not succeed).

13
netwerk/protocol/http/nsCORSListenerProxy.cpp
Просмотреть файл

@ -588,6 +588,19 @@ nsCORSListenerProxy::CheckRequestApproved(nsIRequest* aRequest)
return rv;
}
// Bug 1210985 - Explicitly point out the error that the credential is
// not supported if the allowing origin is '*'. Note that this check
// has to be done before the condition
//
// >> if (mWithCredentials || !allowedOriginHeader.EqualsLiteral("*"))
//
// below since "if (A && B)" is included in "if (A || !B)".
//
if (mWithCredentials && allowedOriginHeader.EqualsLiteral("*")) {
LogBlockedRequest(aRequest, "CORSNotSupportingCredentials", nullptr);
return NS_ERROR_DOM_BAD_URI;
}
if (mWithCredentials || !allowedOriginHeader.EqualsLiteral("*")) {
nsAutoCString origin;
nsContentUtils::GetASCIIOrigin(mOriginHeaderPrincipal, origin);