зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1309358 - P2: Add wildcard to Access-Control-Allow-Method and Access-Control-Allow-Headers r=baku,mayhemer
Differential Revision: https://phabricator.services.mozilla.com/D36990 --HG-- extra : moz-landing-system : lando
This commit is contained in:
Родитель
0f07bc4a3d
Коммит
da32dacc50
|
@ -1348,7 +1348,12 @@ nsresult nsCORSPreflightListener::CheckPreflightRequestApproved(
|
|||
parentHttpChannel);
|
||||
return NS_ERROR_DOM_BAD_URI;
|
||||
}
|
||||
foundMethod |= mPreflightMethod.Equals(method);
|
||||
|
||||
if (method.EqualsLiteral("*") && !mWithCredentials) {
|
||||
foundMethod = true;
|
||||
} else {
|
||||
foundMethod |= mPreflightMethod.Equals(method);
|
||||
}
|
||||
}
|
||||
if (!foundMethod) {
|
||||
LogBlockedRequest(aRequest, "CORSMethodNotFound", nullptr,
|
||||
|
@ -1363,6 +1368,7 @@ nsresult nsCORSPreflightListener::CheckPreflightRequestApproved(
|
|||
NS_LITERAL_CSTRING("Access-Control-Allow-Headers"), headerVal);
|
||||
nsTArray<nsCString> headers;
|
||||
nsCCharSeparatedTokenizer headerTokens(headerVal, ',');
|
||||
bool allowAllHeaders = false;
|
||||
while (headerTokens.hasMoreTokens()) {
|
||||
const nsDependentCSubstring& header = headerTokens.nextToken();
|
||||
if (header.IsEmpty()) {
|
||||
|
@ -1375,17 +1381,24 @@ nsresult nsCORSPreflightListener::CheckPreflightRequestApproved(
|
|||
parentHttpChannel);
|
||||
return NS_ERROR_DOM_BAD_URI;
|
||||
}
|
||||
headers.AppendElement(header);
|
||||
if (header.EqualsLiteral("*") && !mWithCredentials) {
|
||||
allowAllHeaders = true;
|
||||
} else {
|
||||
headers.AppendElement(header);
|
||||
}
|
||||
}
|
||||
for (uint32_t i = 0; i < mPreflightHeaders.Length(); ++i) {
|
||||
const auto& comparator = nsCaseInsensitiveCStringArrayComparator();
|
||||
if (!headers.Contains(mPreflightHeaders[i], comparator)) {
|
||||
LogBlockedRequest(
|
||||
aRequest, "CORSMissingAllowHeaderFromPreflight",
|
||||
NS_ConvertUTF8toUTF16(mPreflightHeaders[i]).get(),
|
||||
nsILoadInfo::BLOCKING_REASON_CORSMISSINGALLOWHEADERFROMPREFLIGHT,
|
||||
parentHttpChannel);
|
||||
return NS_ERROR_DOM_BAD_URI;
|
||||
|
||||
if (!allowAllHeaders) {
|
||||
for (uint32_t i = 0; i < mPreflightHeaders.Length(); ++i) {
|
||||
const auto& comparator = nsCaseInsensitiveCStringArrayComparator();
|
||||
if (!headers.Contains(mPreflightHeaders[i], comparator)) {
|
||||
LogBlockedRequest(
|
||||
aRequest, "CORSMissingAllowHeaderFromPreflight",
|
||||
NS_ConvertUTF8toUTF16(mPreflightHeaders[i]).get(),
|
||||
nsILoadInfo::BLOCKING_REASON_CORSMISSINGALLOWHEADERFROMPREFLIGHT,
|
||||
parentHttpChannel);
|
||||
return NS_ERROR_DOM_BAD_URI;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,21 +0,0 @@
|
|||
[cors-preflight-star.any.worker.html]
|
||||
[CORS that succeeds with credentials: false; method: SUPER (allowed: *); header: X-Test,1 (allowed: x-test)]
|
||||
expected: FAIL
|
||||
|
||||
[CORS that succeeds with credentials: false; method: OK (allowed: *); header: X-Test,1 (allowed: *)]
|
||||
expected: FAIL
|
||||
|
||||
[CORS that succeeds with credentials: true; method: PUT (allowed: put); header: (allowed: *)]
|
||||
expected: FAIL
|
||||
|
||||
|
||||
[cors-preflight-star.any.html]
|
||||
[CORS that succeeds with credentials: false; method: SUPER (allowed: *); header: X-Test,1 (allowed: x-test)]
|
||||
expected: FAIL
|
||||
|
||||
[CORS that succeeds with credentials: false; method: OK (allowed: *); header: X-Test,1 (allowed: *)]
|
||||
expected: FAIL
|
||||
|
||||
[CORS that succeeds with credentials: true; method: PUT (allowed: put); header: (allowed: *)]
|
||||
expected: FAIL
|
||||
|
|
@ -1,7 +1,4 @@
|
|||
[cache-match.https.html]
|
||||
[cors-exposed header should be stored correctly.]
|
||||
expected: FAIL
|
||||
|
||||
[Cache.match does not support cacheName option]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
@ -1,7 +1,4 @@
|
|||
[cache-match.https.html]
|
||||
[cors-exposed header should be stored correctly.]
|
||||
expected: FAIL
|
||||
|
||||
[Cache.match does not support cacheName option]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
@ -1,7 +1,4 @@
|
|||
[cache-match.https.html]
|
||||
[cors-exposed header should be stored correctly.]
|
||||
expected: FAIL
|
||||
|
||||
[Cache.match does not support cacheName option]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
@ -1,4 +0,0 @@
|
|||
[fetch-cors-exposed-header-names.https.html]
|
||||
[CORS-exposed header names for a response from sw]
|
||||
expected: FAIL
|
||||
|
Загрузка…
Ссылка в новой задаче