зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1557386 - Pass correct CORS flags for Beacon requests r=ckerschb
Differential Revision: https://phabricator.services.mozilla.com/D75757
This commit is contained in:
Родитель
e8a91d30e8
Коммит
72cac8db01
|
@ -1157,12 +1157,28 @@ bool Navigator::SendBeaconInternal(const nsAString& aUrl,
|
|||
return false;
|
||||
}
|
||||
|
||||
// No need to use CORS for sendBeacon unless it's a BLOB
|
||||
nsSecurityFlags securityFlags =
|
||||
aType == eBeaconTypeBlob
|
||||
? nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS
|
||||
: nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS;
|
||||
securityFlags |= nsILoadInfo::SEC_COOKIES_INCLUDE;
|
||||
nsCOMPtr<nsIInputStream> in;
|
||||
nsAutoCString contentTypeWithCharset;
|
||||
nsAutoCString charset;
|
||||
uint64_t length = 0;
|
||||
if (aBody) {
|
||||
aRv = aBody->GetAsStream(getter_AddRefs(in), &length,
|
||||
contentTypeWithCharset, charset);
|
||||
if (NS_WARN_IF(aRv.Failed())) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
nsSecurityFlags securityFlags = nsILoadInfo::SEC_COOKIES_INCLUDE;
|
||||
// Ensure that only streams with content types that are safelisted ignore CORS
|
||||
// rules
|
||||
if (aBody && !contentTypeWithCharset.IsVoid() &&
|
||||
!nsContentUtils::IsCORSSafelistedRequestHeader(
|
||||
NS_LITERAL_CSTRING("content-type"), contentTypeWithCharset)) {
|
||||
securityFlags |= nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS;
|
||||
} else {
|
||||
securityFlags |= nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIChannel> channel;
|
||||
rv = NS_NewChannel(getter_AddRefs(channel), uri, doc, securityFlags,
|
||||
|
@ -1184,18 +1200,7 @@ bool Navigator::SendBeaconInternal(const nsAString& aUrl,
|
|||
rv = httpChannel->SetReferrerInfoWithoutClone(referrerInfo);
|
||||
MOZ_ASSERT(NS_SUCCEEDED(rv));
|
||||
|
||||
nsCOMPtr<nsIInputStream> in;
|
||||
nsAutoCString contentTypeWithCharset;
|
||||
nsAutoCString charset;
|
||||
uint64_t length = 0;
|
||||
|
||||
if (aBody) {
|
||||
aRv = aBody->GetAsStream(getter_AddRefs(in), &length,
|
||||
contentTypeWithCharset, charset);
|
||||
if (NS_WARN_IF(aRv.Failed())) {
|
||||
return false;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIUploadChannel2> uploadChannel = do_QueryInterface(channel);
|
||||
if (!uploadChannel) {
|
||||
aRv.Throw(NS_ERROR_FAILURE);
|
||||
|
|
Загрузка…
Ссылка в новой задаче