зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1508661 - origin header should not be set for GET and HEAD requests, r=asuth
This commit is contained in:
Родитель
354ac303c9
Коммит
89f6169d5f
|
@ -1477,7 +1477,9 @@ FetchDriver::SetRequestHeaders(nsIHttpChannel* aChannel) const
|
||||||
MOZ_ASSERT(NS_SUCCEEDED(rv));
|
MOZ_ASSERT(NS_SUCCEEDED(rv));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (mRequest->ForceOriginHeader()) {
|
nsAutoCString method;
|
||||||
|
mRequest->GetMethod(method);
|
||||||
|
if (!method.EqualsLiteral("GET") && !method.EqualsLiteral("HEAD")) {
|
||||||
nsAutoString origin;
|
nsAutoString origin;
|
||||||
if (NS_SUCCEEDED(nsContentUtils::GetUTFOrigin(mPrincipal, origin))) {
|
if (NS_SUCCEEDED(nsContentUtils::GetUTFOrigin(mPrincipal, origin))) {
|
||||||
DebugOnly<nsresult> rv =
|
DebugOnly<nsresult> rv =
|
||||||
|
|
|
@ -31,7 +31,6 @@ InternalRequest::GetRequestConstructorCopy(nsIGlobalObject* aGlobal, ErrorResult
|
||||||
copy->SetUnsafeRequest();
|
copy->SetUnsafeRequest();
|
||||||
copy->mBodyStream = mBodyStream;
|
copy->mBodyStream = mBodyStream;
|
||||||
copy->mBodyLength = mBodyLength;
|
copy->mBodyLength = mBodyLength;
|
||||||
copy->mForceOriginHeader = true;
|
|
||||||
// The "client" is not stored in our implementation. Fetch API users should
|
// The "client" is not stored in our implementation. Fetch API users should
|
||||||
// use the appropriate window/document/principal and other Gecko security
|
// use the appropriate window/document/principal and other Gecko security
|
||||||
// mechanisms as appropriate.
|
// mechanisms as appropriate.
|
||||||
|
@ -95,7 +94,6 @@ InternalRequest::InternalRequest(const nsACString& aURL,
|
||||||
, mRedirectMode(RequestRedirect::Follow)
|
, mRedirectMode(RequestRedirect::Follow)
|
||||||
, mMozErrors(false)
|
, mMozErrors(false)
|
||||||
, mAuthenticationFlag(false)
|
, mAuthenticationFlag(false)
|
||||||
, mForceOriginHeader(false)
|
|
||||||
, mPreserveContentCodings(false)
|
, mPreserveContentCodings(false)
|
||||||
// FIXME(nsm): This should be false by default, but will lead to the
|
// FIXME(nsm): This should be false by default, but will lead to the
|
||||||
// algorithm never loading data: URLs right now. See Bug 1018872 about
|
// algorithm never loading data: URLs right now. See Bug 1018872 about
|
||||||
|
@ -137,7 +135,6 @@ InternalRequest::InternalRequest(const nsACString& aURL,
|
||||||
, mIntegrity(aIntegrity)
|
, mIntegrity(aIntegrity)
|
||||||
, mMozErrors(false)
|
, mMozErrors(false)
|
||||||
, mAuthenticationFlag(false)
|
, mAuthenticationFlag(false)
|
||||||
, mForceOriginHeader(false)
|
|
||||||
, mPreserveContentCodings(false)
|
, mPreserveContentCodings(false)
|
||||||
// FIXME See the above comment in the default constructor.
|
// FIXME See the above comment in the default constructor.
|
||||||
, mSameOriginDataURL(true)
|
, mSameOriginDataURL(true)
|
||||||
|
@ -167,7 +164,6 @@ InternalRequest::InternalRequest(const InternalRequest& aOther)
|
||||||
, mMozErrors(aOther.mMozErrors)
|
, mMozErrors(aOther.mMozErrors)
|
||||||
, mFragment(aOther.mFragment)
|
, mFragment(aOther.mFragment)
|
||||||
, mAuthenticationFlag(aOther.mAuthenticationFlag)
|
, mAuthenticationFlag(aOther.mAuthenticationFlag)
|
||||||
, mForceOriginHeader(aOther.mForceOriginHeader)
|
|
||||||
, mPreserveContentCodings(aOther.mPreserveContentCodings)
|
, mPreserveContentCodings(aOther.mPreserveContentCodings)
|
||||||
, mSameOriginDataURL(aOther.mSameOriginDataURL)
|
, mSameOriginDataURL(aOther.mSameOriginDataURL)
|
||||||
, mSkipServiceWorker(aOther.mSkipServiceWorker)
|
, mSkipServiceWorker(aOther.mSkipServiceWorker)
|
||||||
|
|
|
@ -450,12 +450,6 @@ public:
|
||||||
return mHeaders;
|
return mHeaders;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool
|
|
||||||
ForceOriginHeader()
|
|
||||||
{
|
|
||||||
return mForceOriginHeader;
|
|
||||||
}
|
|
||||||
|
|
||||||
bool
|
bool
|
||||||
SameOriginDataURL() const
|
SameOriginDataURL() const
|
||||||
{
|
{
|
||||||
|
@ -650,7 +644,6 @@ private:
|
||||||
bool mMozErrors;
|
bool mMozErrors;
|
||||||
nsCString mFragment;
|
nsCString mFragment;
|
||||||
MOZ_INIT_OUTSIDE_CTOR bool mAuthenticationFlag;
|
MOZ_INIT_OUTSIDE_CTOR bool mAuthenticationFlag;
|
||||||
MOZ_INIT_OUTSIDE_CTOR bool mForceOriginHeader;
|
|
||||||
MOZ_INIT_OUTSIDE_CTOR bool mPreserveContentCodings;
|
MOZ_INIT_OUTSIDE_CTOR bool mPreserveContentCodings;
|
||||||
MOZ_INIT_OUTSIDE_CTOR bool mSameOriginDataURL;
|
MOZ_INIT_OUTSIDE_CTOR bool mSameOriginDataURL;
|
||||||
MOZ_INIT_OUTSIDE_CTOR bool mSkipServiceWorker;
|
MOZ_INIT_OUTSIDE_CTOR bool mSkipServiceWorker;
|
||||||
|
|
|
@ -2,15 +2,9 @@
|
||||||
[Untitled]
|
[Untitled]
|
||||||
expected: FAIL
|
expected: FAIL
|
||||||
|
|
||||||
[Subdomain redirecting to same-host fetches are strictly same-site]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Cross-site redirecting to same-host fetches are strictly same-site]
|
[Cross-site redirecting to same-host fetches are strictly same-site]
|
||||||
expected: FAIL
|
expected: FAIL
|
||||||
|
|
||||||
[Cross-site redirecting to subdomain fetches are strictly same-site]
|
[Cross-site redirecting to subdomain fetches are strictly same-site]
|
||||||
expected: FAIL
|
expected: FAIL
|
||||||
|
|
||||||
[Subdomain redirecting to cross-site fetches are cross-site]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
|
|
|
@ -1,21 +0,0 @@
|
||||||
[request-headers.any.worker.html]
|
|
||||||
[Fetch with GET]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Fetch with HEAD]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Fetch with GET and mode "cors" does not need an Origin header]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
|
|
||||||
[request-headers.any.html]
|
|
||||||
[Fetch with GET]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Fetch with HEAD]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Fetch with GET and mode "cors" does not need an Origin header]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
|
@ -1,15 +0,0 @@
|
||||||
[cors-cookies-redirect.any.worker.html]
|
|
||||||
[Testing credentials after cross-origin redirection with CORS and no preflight]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Testing credentials after cross-origin redirection with CORS and preflight]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
|
|
||||||
[cors-cookies-redirect.any.html]
|
|
||||||
[Testing credentials after cross-origin redirection with CORS and no preflight]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Testing credentials after cross-origin redirection with CORS and preflight]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
|
@ -1,63 +0,0 @@
|
||||||
[cors-redirect.any.html]
|
|
||||||
[Redirect 301: cors to another cors]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Redirect 301: cors to same origin]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Redirect 302: cors to another cors]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Redirect 302: cors to same origin]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Redirect 303: cors to another cors]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Redirect 303: cors to same origin]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Redirect 307: cors to another cors]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Redirect 307: cors to same origin]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Redirect 308: cors to another cors]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Redirect 308: cors to same origin]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
|
|
||||||
[cors-redirect.any.worker.html]
|
|
||||||
[Redirect 301: cors to another cors]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Redirect 301: cors to same origin]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Redirect 302: cors to another cors]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Redirect 302: cors to same origin]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Redirect 303: cors to another cors]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Redirect 303: cors to same origin]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Redirect 307: cors to another cors]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Redirect 307: cors to same origin]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Redirect 308: cors to another cors]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Redirect 308: cors to same origin]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
|
@ -1,63 +0,0 @@
|
||||||
[redirect-origin.any.html]
|
|
||||||
[Same origin to same origin redirection 301]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Other origin to same origin redirection 301]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Same origin to same origin redirection 302]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Other origin to same origin redirection 302]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Same origin to same origin redirection 303]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Other origin to same origin redirection 303]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Same origin to same origin redirection 307]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Other origin to same origin redirection 307]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Same origin to same origin redirection 308]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Other origin to same origin redirection 308]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
|
|
||||||
[redirect-origin.any.worker.html]
|
|
||||||
[Same origin to same origin redirection 301]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Other origin to same origin redirection 301]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Same origin to same origin redirection 302]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Other origin to same origin redirection 302]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Same origin to same origin redirection 303]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Other origin to same origin redirection 303]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Same origin to same origin redirection 307]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Other origin to same origin redirection 307]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Same origin to same origin redirection 308]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Other origin to same origin redirection 308]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
Загрузка…
Ссылка в новой задаче