зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1309358 - P2: Add wildcard to Access-Control-Allow-Method and Access-Control-Allow-Headers r=baku,mayhemer
Differential Revision: https://phabricator.services.mozilla.com/D36990 --HG-- extra : moz-landing-system : lando
This commit is contained in:
Родитель
0f07bc4a3d
Коммит
da32dacc50
|
@ -1348,7 +1348,12 @@ nsresult nsCORSPreflightListener::CheckPreflightRequestApproved(
|
||||||
parentHttpChannel);
|
parentHttpChannel);
|
||||||
return NS_ERROR_DOM_BAD_URI;
|
return NS_ERROR_DOM_BAD_URI;
|
||||||
}
|
}
|
||||||
foundMethod |= mPreflightMethod.Equals(method);
|
|
||||||
|
if (method.EqualsLiteral("*") && !mWithCredentials) {
|
||||||
|
foundMethod = true;
|
||||||
|
} else {
|
||||||
|
foundMethod |= mPreflightMethod.Equals(method);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if (!foundMethod) {
|
if (!foundMethod) {
|
||||||
LogBlockedRequest(aRequest, "CORSMethodNotFound", nullptr,
|
LogBlockedRequest(aRequest, "CORSMethodNotFound", nullptr,
|
||||||
|
@ -1363,6 +1368,7 @@ nsresult nsCORSPreflightListener::CheckPreflightRequestApproved(
|
||||||
NS_LITERAL_CSTRING("Access-Control-Allow-Headers"), headerVal);
|
NS_LITERAL_CSTRING("Access-Control-Allow-Headers"), headerVal);
|
||||||
nsTArray<nsCString> headers;
|
nsTArray<nsCString> headers;
|
||||||
nsCCharSeparatedTokenizer headerTokens(headerVal, ',');
|
nsCCharSeparatedTokenizer headerTokens(headerVal, ',');
|
||||||
|
bool allowAllHeaders = false;
|
||||||
while (headerTokens.hasMoreTokens()) {
|
while (headerTokens.hasMoreTokens()) {
|
||||||
const nsDependentCSubstring& header = headerTokens.nextToken();
|
const nsDependentCSubstring& header = headerTokens.nextToken();
|
||||||
if (header.IsEmpty()) {
|
if (header.IsEmpty()) {
|
||||||
|
@ -1375,17 +1381,24 @@ nsresult nsCORSPreflightListener::CheckPreflightRequestApproved(
|
||||||
parentHttpChannel);
|
parentHttpChannel);
|
||||||
return NS_ERROR_DOM_BAD_URI;
|
return NS_ERROR_DOM_BAD_URI;
|
||||||
}
|
}
|
||||||
headers.AppendElement(header);
|
if (header.EqualsLiteral("*") && !mWithCredentials) {
|
||||||
|
allowAllHeaders = true;
|
||||||
|
} else {
|
||||||
|
headers.AppendElement(header);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
for (uint32_t i = 0; i < mPreflightHeaders.Length(); ++i) {
|
|
||||||
const auto& comparator = nsCaseInsensitiveCStringArrayComparator();
|
if (!allowAllHeaders) {
|
||||||
if (!headers.Contains(mPreflightHeaders[i], comparator)) {
|
for (uint32_t i = 0; i < mPreflightHeaders.Length(); ++i) {
|
||||||
LogBlockedRequest(
|
const auto& comparator = nsCaseInsensitiveCStringArrayComparator();
|
||||||
aRequest, "CORSMissingAllowHeaderFromPreflight",
|
if (!headers.Contains(mPreflightHeaders[i], comparator)) {
|
||||||
NS_ConvertUTF8toUTF16(mPreflightHeaders[i]).get(),
|
LogBlockedRequest(
|
||||||
nsILoadInfo::BLOCKING_REASON_CORSMISSINGALLOWHEADERFROMPREFLIGHT,
|
aRequest, "CORSMissingAllowHeaderFromPreflight",
|
||||||
parentHttpChannel);
|
NS_ConvertUTF8toUTF16(mPreflightHeaders[i]).get(),
|
||||||
return NS_ERROR_DOM_BAD_URI;
|
nsILoadInfo::BLOCKING_REASON_CORSMISSINGALLOWHEADERFROMPREFLIGHT,
|
||||||
|
parentHttpChannel);
|
||||||
|
return NS_ERROR_DOM_BAD_URI;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,21 +0,0 @@
|
||||||
[cors-preflight-star.any.worker.html]
|
|
||||||
[CORS that succeeds with credentials: false; method: SUPER (allowed: *); header: X-Test,1 (allowed: x-test)]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[CORS that succeeds with credentials: false; method: OK (allowed: *); header: X-Test,1 (allowed: *)]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[CORS that succeeds with credentials: true; method: PUT (allowed: put); header: (allowed: *)]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
|
|
||||||
[cors-preflight-star.any.html]
|
|
||||||
[CORS that succeeds with credentials: false; method: SUPER (allowed: *); header: X-Test,1 (allowed: x-test)]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[CORS that succeeds with credentials: false; method: OK (allowed: *); header: X-Test,1 (allowed: *)]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[CORS that succeeds with credentials: true; method: PUT (allowed: put); header: (allowed: *)]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
|
@ -1,7 +1,4 @@
|
||||||
[cache-match.https.html]
|
[cache-match.https.html]
|
||||||
[cors-exposed header should be stored correctly.]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Cache.match does not support cacheName option]
|
[Cache.match does not support cacheName option]
|
||||||
expected: FAIL
|
expected: FAIL
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,4 @@
|
||||||
[cache-match.https.html]
|
[cache-match.https.html]
|
||||||
[cors-exposed header should be stored correctly.]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Cache.match does not support cacheName option]
|
[Cache.match does not support cacheName option]
|
||||||
expected: FAIL
|
expected: FAIL
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,4 @@
|
||||||
[cache-match.https.html]
|
[cache-match.https.html]
|
||||||
[cors-exposed header should be stored correctly.]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
||||||
[Cache.match does not support cacheName option]
|
[Cache.match does not support cacheName option]
|
||||||
expected: FAIL
|
expected: FAIL
|
||||||
|
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
[fetch-cors-exposed-header-names.https.html]
|
|
||||||
[CORS-exposed header names for a response from sw]
|
|
||||||
expected: FAIL
|
|
||||||
|
|
Загрузка…
Ссылка в новой задаче