Bug 1557386 - Pass correct CORS flags for Beacon requests r=ckerschb

Differential Revision: https://phabricator.services.mozilla.com/D75757
This commit is contained in:
Jonathan Kingston 2020-05-21 10:17:21 +00:00
Родитель e8a91d30e8
Коммит 72cac8db01
1 изменённых файлов: 22 добавлений и 17 удалений

Просмотреть файл

@ -1157,12 +1157,28 @@ bool Navigator::SendBeaconInternal(const nsAString& aUrl,
return false;
}
// No need to use CORS for sendBeacon unless it's a BLOB
nsSecurityFlags securityFlags =
aType == eBeaconTypeBlob
? nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS
: nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS;
securityFlags |= nsILoadInfo::SEC_COOKIES_INCLUDE;
nsCOMPtr<nsIInputStream> in;
nsAutoCString contentTypeWithCharset;
nsAutoCString charset;
uint64_t length = 0;
if (aBody) {
aRv = aBody->GetAsStream(getter_AddRefs(in), &length,
contentTypeWithCharset, charset);
if (NS_WARN_IF(aRv.Failed())) {
return false;
}
}
nsSecurityFlags securityFlags = nsILoadInfo::SEC_COOKIES_INCLUDE;
// Ensure that only streams with content types that are safelisted ignore CORS
// rules
if (aBody && !contentTypeWithCharset.IsVoid() &&
!nsContentUtils::IsCORSSafelistedRequestHeader(
NS_LITERAL_CSTRING("content-type"), contentTypeWithCharset)) {
securityFlags |= nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS;
} else {
securityFlags |= nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS;
}
nsCOMPtr<nsIChannel> channel;
rv = NS_NewChannel(getter_AddRefs(channel), uri, doc, securityFlags,
@ -1184,18 +1200,7 @@ bool Navigator::SendBeaconInternal(const nsAString& aUrl,
rv = httpChannel->SetReferrerInfoWithoutClone(referrerInfo);
MOZ_ASSERT(NS_SUCCEEDED(rv));
nsCOMPtr<nsIInputStream> in;
nsAutoCString contentTypeWithCharset;
nsAutoCString charset;
uint64_t length = 0;
if (aBody) {
aRv = aBody->GetAsStream(getter_AddRefs(in), &length,
contentTypeWithCharset, charset);
if (NS_WARN_IF(aRv.Failed())) {
return false;
}
nsCOMPtr<nsIUploadChannel2> uploadChannel = do_QueryInterface(channel);
if (!uploadChannel) {
aRv.Throw(NS_ERROR_FAILURE);