Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-12 21:05:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1196524 - Add assertions to enforce that we don't attempt to perform a CORS preflight for fetches of no-cors requests; r=nsm

Browse Source
This commit is contained in:
Ehsan Akhgari 2015-08-19 18:01:57 -04:00
parent 4e2856a22c
commit 05cf773043
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
dom/fetch/FetchDriver.cpp
View File

@ -160,6 +160,10 @@ FetchDriver::ContinueFetch(bool aCORSFlag)
(mRequest->UnsafeRequest() && (!mRequest->HasSimpleMethod() || !mRequest->Headers()->HasOnlySimpleHeaders()))) {
corsPreflight = true;
}
// The Request constructor should ensure that no-cors requests have simple
// method and headers, so we should never attempt to preflight for such
// Requests.
MOZ_ASSERT_IF(mRequest->Mode() == RequestMode::No_cors, !corsPreflight);
mRequest->SetResponseTainting(InternalRequest::RESPONSETAINT_CORS);
return HttpFetch(true /* aCORSFlag */, corsPreflight);
@ -541,6 +545,8 @@ FetchDriver::HttpFetch(bool aCORSFlag, bool aCORSPreflightFlag, bool aAuthentica
// unsafeHeaders so they can be verified against the response's
// "Access-Control-Allow-Headers" header.
if (aCORSPreflightFlag) {
MOZ_ASSERT(mRequest->Mode() != RequestMode::No_cors,
"FetchDriver::ContinueFetch() should ensure that the request is not no-cors");
nsCOMPtr<nsIChannel> preflightChannel;
nsAutoTArray<nsCString, 5> unsafeHeaders;
mRequest->Headers()->GetUnsafeHeaders(unsafeHeaders);