mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-12 21:05:36 +00:00
Bug 1196524 - Add assertions to enforce that we don't attempt to perform a CORS preflight for fetches of no-cors requests; r=nsm
This commit is contained in:
parent
4e2856a22c
commit
05cf773043
@ -160,6 +160,10 @@ FetchDriver::ContinueFetch(bool aCORSFlag)
|
||||
(mRequest->UnsafeRequest() && (!mRequest->HasSimpleMethod() || !mRequest->Headers()->HasOnlySimpleHeaders()))) {
|
||||
corsPreflight = true;
|
||||
}
|
||||
// The Request constructor should ensure that no-cors requests have simple
|
||||
// method and headers, so we should never attempt to preflight for such
|
||||
// Requests.
|
||||
MOZ_ASSERT_IF(mRequest->Mode() == RequestMode::No_cors, !corsPreflight);
|
||||
|
||||
mRequest->SetResponseTainting(InternalRequest::RESPONSETAINT_CORS);
|
||||
return HttpFetch(true /* aCORSFlag */, corsPreflight);
|
||||
@ -541,6 +545,8 @@ FetchDriver::HttpFetch(bool aCORSFlag, bool aCORSPreflightFlag, bool aAuthentica
|
||||
// unsafeHeaders so they can be verified against the response's
|
||||
// "Access-Control-Allow-Headers" header.
|
||||
if (aCORSPreflightFlag) {
|
||||
MOZ_ASSERT(mRequest->Mode() != RequestMode::No_cors,
|
||||
"FetchDriver::ContinueFetch() should ensure that the request is not no-cors");
|
||||
nsCOMPtr<nsIChannel> preflightChannel;
|
||||
nsAutoTArray<nsCString, 5> unsafeHeaders;
|
||||
mRequest->Headers()->GetUnsafeHeaders(unsafeHeaders);
|
||||
|
Loading…
Reference in New Issue
Block a user