зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1508661 - origin header should not be set for GET and HEAD requests, r=asuth
This commit is contained in:
Родитель
354ac303c9
Коммит
89f6169d5f
|
@ -1477,7 +1477,9 @@ FetchDriver::SetRequestHeaders(nsIHttpChannel* aChannel) const
|
|||
MOZ_ASSERT(NS_SUCCEEDED(rv));
|
||||
}
|
||||
|
||||
if (mRequest->ForceOriginHeader()) {
|
||||
nsAutoCString method;
|
||||
mRequest->GetMethod(method);
|
||||
if (!method.EqualsLiteral("GET") && !method.EqualsLiteral("HEAD")) {
|
||||
nsAutoString origin;
|
||||
if (NS_SUCCEEDED(nsContentUtils::GetUTFOrigin(mPrincipal, origin))) {
|
||||
DebugOnly<nsresult> rv =
|
||||
|
|
|
@ -31,7 +31,6 @@ InternalRequest::GetRequestConstructorCopy(nsIGlobalObject* aGlobal, ErrorResult
|
|||
copy->SetUnsafeRequest();
|
||||
copy->mBodyStream = mBodyStream;
|
||||
copy->mBodyLength = mBodyLength;
|
||||
copy->mForceOriginHeader = true;
|
||||
// The "client" is not stored in our implementation. Fetch API users should
|
||||
// use the appropriate window/document/principal and other Gecko security
|
||||
// mechanisms as appropriate.
|
||||
|
@ -95,7 +94,6 @@ InternalRequest::InternalRequest(const nsACString& aURL,
|
|||
, mRedirectMode(RequestRedirect::Follow)
|
||||
, mMozErrors(false)
|
||||
, mAuthenticationFlag(false)
|
||||
, mForceOriginHeader(false)
|
||||
, mPreserveContentCodings(false)
|
||||
// FIXME(nsm): This should be false by default, but will lead to the
|
||||
// algorithm never loading data: URLs right now. See Bug 1018872 about
|
||||
|
@ -137,7 +135,6 @@ InternalRequest::InternalRequest(const nsACString& aURL,
|
|||
, mIntegrity(aIntegrity)
|
||||
, mMozErrors(false)
|
||||
, mAuthenticationFlag(false)
|
||||
, mForceOriginHeader(false)
|
||||
, mPreserveContentCodings(false)
|
||||
// FIXME See the above comment in the default constructor.
|
||||
, mSameOriginDataURL(true)
|
||||
|
@ -167,7 +164,6 @@ InternalRequest::InternalRequest(const InternalRequest& aOther)
|
|||
, mMozErrors(aOther.mMozErrors)
|
||||
, mFragment(aOther.mFragment)
|
||||
, mAuthenticationFlag(aOther.mAuthenticationFlag)
|
||||
, mForceOriginHeader(aOther.mForceOriginHeader)
|
||||
, mPreserveContentCodings(aOther.mPreserveContentCodings)
|
||||
, mSameOriginDataURL(aOther.mSameOriginDataURL)
|
||||
, mSkipServiceWorker(aOther.mSkipServiceWorker)
|
||||
|
|
|
@ -450,12 +450,6 @@ public:
|
|||
return mHeaders;
|
||||
}
|
||||
|
||||
bool
|
||||
ForceOriginHeader()
|
||||
{
|
||||
return mForceOriginHeader;
|
||||
}
|
||||
|
||||
bool
|
||||
SameOriginDataURL() const
|
||||
{
|
||||
|
@ -650,7 +644,6 @@ private:
|
|||
bool mMozErrors;
|
||||
nsCString mFragment;
|
||||
MOZ_INIT_OUTSIDE_CTOR bool mAuthenticationFlag;
|
||||
MOZ_INIT_OUTSIDE_CTOR bool mForceOriginHeader;
|
||||
MOZ_INIT_OUTSIDE_CTOR bool mPreserveContentCodings;
|
||||
MOZ_INIT_OUTSIDE_CTOR bool mSameOriginDataURL;
|
||||
MOZ_INIT_OUTSIDE_CTOR bool mSkipServiceWorker;
|
||||
|
|
|
@ -2,15 +2,9 @@
|
|||
[Untitled]
|
||||
expected: FAIL
|
||||
|
||||
[Subdomain redirecting to same-host fetches are strictly same-site]
|
||||
expected: FAIL
|
||||
|
||||
[Cross-site redirecting to same-host fetches are strictly same-site]
|
||||
expected: FAIL
|
||||
|
||||
[Cross-site redirecting to subdomain fetches are strictly same-site]
|
||||
expected: FAIL
|
||||
|
||||
[Subdomain redirecting to cross-site fetches are cross-site]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
@ -1,21 +0,0 @@
|
|||
[request-headers.any.worker.html]
|
||||
[Fetch with GET]
|
||||
expected: FAIL
|
||||
|
||||
[Fetch with HEAD]
|
||||
expected: FAIL
|
||||
|
||||
[Fetch with GET and mode "cors" does not need an Origin header]
|
||||
expected: FAIL
|
||||
|
||||
|
||||
[request-headers.any.html]
|
||||
[Fetch with GET]
|
||||
expected: FAIL
|
||||
|
||||
[Fetch with HEAD]
|
||||
expected: FAIL
|
||||
|
||||
[Fetch with GET and mode "cors" does not need an Origin header]
|
||||
expected: FAIL
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
[cors-cookies-redirect.any.worker.html]
|
||||
[Testing credentials after cross-origin redirection with CORS and no preflight]
|
||||
expected: FAIL
|
||||
|
||||
[Testing credentials after cross-origin redirection with CORS and preflight]
|
||||
expected: FAIL
|
||||
|
||||
|
||||
[cors-cookies-redirect.any.html]
|
||||
[Testing credentials after cross-origin redirection with CORS and no preflight]
|
||||
expected: FAIL
|
||||
|
||||
[Testing credentials after cross-origin redirection with CORS and preflight]
|
||||
expected: FAIL
|
||||
|
|
@ -1,63 +0,0 @@
|
|||
[cors-redirect.any.html]
|
||||
[Redirect 301: cors to another cors]
|
||||
expected: FAIL
|
||||
|
||||
[Redirect 301: cors to same origin]
|
||||
expected: FAIL
|
||||
|
||||
[Redirect 302: cors to another cors]
|
||||
expected: FAIL
|
||||
|
||||
[Redirect 302: cors to same origin]
|
||||
expected: FAIL
|
||||
|
||||
[Redirect 303: cors to another cors]
|
||||
expected: FAIL
|
||||
|
||||
[Redirect 303: cors to same origin]
|
||||
expected: FAIL
|
||||
|
||||
[Redirect 307: cors to another cors]
|
||||
expected: FAIL
|
||||
|
||||
[Redirect 307: cors to same origin]
|
||||
expected: FAIL
|
||||
|
||||
[Redirect 308: cors to another cors]
|
||||
expected: FAIL
|
||||
|
||||
[Redirect 308: cors to same origin]
|
||||
expected: FAIL
|
||||
|
||||
|
||||
[cors-redirect.any.worker.html]
|
||||
[Redirect 301: cors to another cors]
|
||||
expected: FAIL
|
||||
|
||||
[Redirect 301: cors to same origin]
|
||||
expected: FAIL
|
||||
|
||||
[Redirect 302: cors to another cors]
|
||||
expected: FAIL
|
||||
|
||||
[Redirect 302: cors to same origin]
|
||||
expected: FAIL
|
||||
|
||||
[Redirect 303: cors to another cors]
|
||||
expected: FAIL
|
||||
|
||||
[Redirect 303: cors to same origin]
|
||||
expected: FAIL
|
||||
|
||||
[Redirect 307: cors to another cors]
|
||||
expected: FAIL
|
||||
|
||||
[Redirect 307: cors to same origin]
|
||||
expected: FAIL
|
||||
|
||||
[Redirect 308: cors to another cors]
|
||||
expected: FAIL
|
||||
|
||||
[Redirect 308: cors to same origin]
|
||||
expected: FAIL
|
||||
|
|
@ -1,63 +0,0 @@
|
|||
[redirect-origin.any.html]
|
||||
[Same origin to same origin redirection 301]
|
||||
expected: FAIL
|
||||
|
||||
[Other origin to same origin redirection 301]
|
||||
expected: FAIL
|
||||
|
||||
[Same origin to same origin redirection 302]
|
||||
expected: FAIL
|
||||
|
||||
[Other origin to same origin redirection 302]
|
||||
expected: FAIL
|
||||
|
||||
[Same origin to same origin redirection 303]
|
||||
expected: FAIL
|
||||
|
||||
[Other origin to same origin redirection 303]
|
||||
expected: FAIL
|
||||
|
||||
[Same origin to same origin redirection 307]
|
||||
expected: FAIL
|
||||
|
||||
[Other origin to same origin redirection 307]
|
||||
expected: FAIL
|
||||
|
||||
[Same origin to same origin redirection 308]
|
||||
expected: FAIL
|
||||
|
||||
[Other origin to same origin redirection 308]
|
||||
expected: FAIL
|
||||
|
||||
|
||||
[redirect-origin.any.worker.html]
|
||||
[Same origin to same origin redirection 301]
|
||||
expected: FAIL
|
||||
|
||||
[Other origin to same origin redirection 301]
|
||||
expected: FAIL
|
||||
|
||||
[Same origin to same origin redirection 302]
|
||||
expected: FAIL
|
||||
|
||||
[Other origin to same origin redirection 302]
|
||||
expected: FAIL
|
||||
|
||||
[Same origin to same origin redirection 303]
|
||||
expected: FAIL
|
||||
|
||||
[Other origin to same origin redirection 303]
|
||||
expected: FAIL
|
||||
|
||||
[Same origin to same origin redirection 307]
|
||||
expected: FAIL
|
||||
|
||||
[Other origin to same origin redirection 307]
|
||||
expected: FAIL
|
||||
|
||||
[Same origin to same origin redirection 308]
|
||||
expected: FAIL
|
||||
|
||||
[Other origin to same origin redirection 308]
|
||||
expected: FAIL
|
||||
|
Загрузка…
Ссылка в новой задаче