зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1607615 - Allow CORS preflights with a default of 5 seconds for expiry if Access-Control-Max-Age hasn't been sent; r=mayhemer
The default expiry value is chosen based on what Chromium uses: https://source.chromium.org/chromium/chromium/src/+/master:services/network/public/cpp/cors/preflight_result.cc;l=27;drc=529117e5ed802c91a5cf192a72b4097d27fcb928?originalUrl=https:%2F%2Fcs.chromium.org%2F Differential Revision: https://phabricator.services.mozilla.com/D59032 --HG-- extra : moz-landing-system : lando
This commit is contained in:
Родитель
990e94f89b
Коммит
b2cfa59626
|
@ -63,7 +63,7 @@ function* runTest() {
|
|||
headers: { "y-my-header": "hello" },
|
||||
allowHeaders: "y-my-header",
|
||||
},
|
||||
{ pass: 0,
|
||||
{ pass: 1,
|
||||
method: "GET",
|
||||
headers: { "y-my-header": "hello" },
|
||||
},
|
||||
|
@ -73,6 +73,21 @@ function* runTest() {
|
|||
allowHeaders: "y-my-header,x-my-header",
|
||||
cacheTime: 3600,
|
||||
},
|
||||
{ pass: 0,
|
||||
method: "GET",
|
||||
headers: { "x-my-header": "myValue",
|
||||
"y-my-header": "second" },
|
||||
},
|
||||
{ newTest: "*******" },
|
||||
{ pass: 1,
|
||||
method: "GET",
|
||||
headers: { "y-my-header": "hello" },
|
||||
allowHeaders: "y-my-header,x-my-header",
|
||||
},
|
||||
{ pass: 1,
|
||||
method: "GET",
|
||||
headers: { "y-my-header": "hello" },
|
||||
},
|
||||
{ pass: 1,
|
||||
method: "GET",
|
||||
headers: { "x-my-header": "myValue",
|
||||
|
@ -224,7 +239,7 @@ function* runTest() {
|
|||
method: "PATCH",
|
||||
allowMethods: "PATCH",
|
||||
},
|
||||
{ pass: 0,
|
||||
{ pass: 1,
|
||||
method: "PATCH",
|
||||
},
|
||||
{ pass: 1,
|
||||
|
@ -242,6 +257,15 @@ function* runTest() {
|
|||
method: "PUT",
|
||||
},
|
||||
{ newTest: "*******" },
|
||||
{ pass: 1,
|
||||
method: "PATCH",
|
||||
allowMethods: "PATCH",
|
||||
cacheTime: 3600,
|
||||
},
|
||||
{ pass: 1,
|
||||
method: "PATCH",
|
||||
},
|
||||
{ newTest: "*******" },
|
||||
{ pass: 0,
|
||||
method: "DELETE",
|
||||
},
|
||||
|
|
|
@ -50,6 +50,8 @@ using namespace mozilla;
|
|||
using namespace mozilla::net;
|
||||
|
||||
#define PREFLIGHT_CACHE_SIZE 100
|
||||
// 5 seconds is chosen to be compatible with Chromium.
|
||||
#define PREFLIGHT_DEFAULT_EXPIRY_SECONDS 5
|
||||
|
||||
static void LogBlockedRequest(nsIRequest* aRequest, const char* aProperty,
|
||||
const char16_t* aParam, uint32_t aBlockingReason,
|
||||
|
@ -1112,27 +1114,27 @@ void nsCORSPreflightListener::AddResultToCache(nsIRequest* aRequest) {
|
|||
|
||||
// The "Access-Control-Max-Age" header should return an age in seconds.
|
||||
nsAutoCString headerVal;
|
||||
uint32_t age = 0;
|
||||
Unused << http->GetResponseHeader(
|
||||
NS_LITERAL_CSTRING("Access-Control-Max-Age"), headerVal);
|
||||
if (headerVal.IsEmpty()) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Sanitize the string. We only allow 'delta-seconds' as specified by
|
||||
// http://dev.w3.org/2006/waf/access-control (digits 0-9 with no leading or
|
||||
// trailing non-whitespace characters).
|
||||
uint32_t age = 0;
|
||||
nsACString::const_char_iterator iter, end;
|
||||
headerVal.BeginReading(iter);
|
||||
headerVal.EndReading(end);
|
||||
while (iter != end) {
|
||||
if (*iter < '0' || *iter > '9') {
|
||||
return;
|
||||
age = PREFLIGHT_DEFAULT_EXPIRY_SECONDS;
|
||||
} else {
|
||||
// Sanitize the string. We only allow 'delta-seconds' as specified by
|
||||
// http://dev.w3.org/2006/waf/access-control (digits 0-9 with no leading or
|
||||
// trailing non-whitespace characters).
|
||||
nsACString::const_char_iterator iter, end;
|
||||
headerVal.BeginReading(iter);
|
||||
headerVal.EndReading(end);
|
||||
while (iter != end) {
|
||||
if (*iter < '0' || *iter > '9') {
|
||||
return;
|
||||
}
|
||||
age = age * 10 + (*iter - '0');
|
||||
// Cap at 24 hours. This also avoids overflow
|
||||
age = std::min(age, 86400U);
|
||||
++iter;
|
||||
}
|
||||
age = age * 10 + (*iter - '0');
|
||||
// Cap at 24 hours. This also avoids overflow
|
||||
age = std::min(age, 86400U);
|
||||
++iter;
|
||||
}
|
||||
|
||||
if (!age || !EnsurePreflightCache()) {
|
||||
|
|
|
@ -1,4 +0,0 @@
|
|||
[preflight-cache.htm]
|
||||
[preflight for x-print should be cached]
|
||||
expected: FAIL
|
||||
|
|
@ -60,6 +60,15 @@ test(function() {
|
|||
},
|
||||
'preflight for x-print should be cached')
|
||||
|
||||
test(function() {
|
||||
var time = new Date().getTime()
|
||||
var client = new XMLHttpRequest()
|
||||
|
||||
var id = did_preflight(true, client, {extra:'max_age='})
|
||||
did_preflight(false, client, {extra:'max_age=', token: id})
|
||||
},
|
||||
'age = blank, should be cached')
|
||||
|
||||
test(function() {
|
||||
var time = new Date().getTime()
|
||||
var client = new XMLHttpRequest()
|
||||
|
|
Загрузка…
Ссылка в новой задаче