mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-12-02 18:08:58 +00:00
Bug 1575068 - update console error for CORSMissingAllowHeaderFromPreflight, r=ckerschb
Differential Revision: https://phabricator.services.mozilla.com/D57040 --HG-- extra : moz-landing-system : lando
This commit is contained in:
parent
297db2081a
commit
f0a71ae12f
@ -32,11 +32,14 @@ add_task(async function() {
|
||||
await checkCorsMessage(message, "CORSDisabled");
|
||||
await pushPref("content.cors.disable", false);
|
||||
|
||||
info("Test CORSPreflightDidNotSucceed");
|
||||
onCorsMessage = waitForMessage(hud, `CORS preflight channel did not succeed`);
|
||||
makeFaultyCorsCall("CORSPreflightDidNotSucceed");
|
||||
info("Test CORSPreflightDidNotSucceed2");
|
||||
onCorsMessage = waitForMessage(
|
||||
hud,
|
||||
`CORS preflight response did not succeed`
|
||||
);
|
||||
makeFaultyCorsCall("CORSPreflightDidNotSucceed2");
|
||||
message = await onCorsMessage;
|
||||
await checkCorsMessage(message, "CORSPreflightDidNotSucceed");
|
||||
await checkCorsMessage(message, "CORSPreflightDidNotSucceed2");
|
||||
|
||||
info("Test CORS did not succeed");
|
||||
onCorsMessage = waitForMessage(hud, "Reason: CORS request did not succeed");
|
||||
@ -135,17 +138,17 @@ add_task(async function() {
|
||||
message = await onCorsMessage;
|
||||
await checkCorsMessage(message, "CORSInvalidAllowHeader");
|
||||
|
||||
info("Test CORSMissingAllowHeaderFromPreflight");
|
||||
info("Test CORSMissingAllowHeaderFromPreflight2");
|
||||
onCorsMessage = waitForMessage(
|
||||
hud,
|
||||
`Reason: missing token ${quote("xyz")} in CORS ` +
|
||||
`Reason: header ${quote("xyz")} is not allowed according to ` +
|
||||
`header ${quote(
|
||||
"Access-Control-Allow-Headers"
|
||||
)} from CORS preflight channel`
|
||||
)} from CORS preflight response`
|
||||
);
|
||||
makeFaultyCorsCall("CORSMissingAllowHeaderFromPreflight");
|
||||
makeFaultyCorsCall("CORSMissingAllowHeaderFromPreflight2");
|
||||
message = await onCorsMessage;
|
||||
await checkCorsMessage(message, "CORSMissingAllowHeaderFromPreflight");
|
||||
await checkCorsMessage(message, "CORSMissingAllowHeaderFromPreflight2");
|
||||
|
||||
// See Bug 1480671.
|
||||
// XXX: how to make Origin to not be included in the request ?
|
||||
@ -205,7 +208,7 @@ function makeFaultyCorsCall(errorCategory, corsUrl) {
|
||||
options.credentials = "include";
|
||||
}
|
||||
|
||||
if (category === "CORSMissingAllowHeaderFromPreflight") {
|
||||
if (category === "CORSMissingAllowHeaderFromPreflight2") {
|
||||
options.headers = new content.Headers({ xyz: true });
|
||||
}
|
||||
|
||||
|
@ -47,8 +47,8 @@ function handleRequest(request, response) {
|
||||
case "CORSMissingAllowCredentials":
|
||||
corsMissingAllowCredentials(request, response);
|
||||
break;
|
||||
case "CORSPreflightDidNotSucceed":
|
||||
corsPreflightDidNotSucceed(request, response);
|
||||
case "CORSPreflightDidNotSucceed2":
|
||||
corsPreflightDidNotSucceed2(request, response);
|
||||
break;
|
||||
case "CORSInvalidAllowMethod":
|
||||
corsInvalidAllowMethod(request, response);
|
||||
@ -56,8 +56,8 @@ function handleRequest(request, response) {
|
||||
case "CORSInvalidAllowHeader":
|
||||
corsInvalidAllowHeader(request, response);
|
||||
break;
|
||||
case "CORSMissingAllowHeaderFromPreflight":
|
||||
corsMissingAllowHeaderFromPreflight(request, response);
|
||||
case "CORSMissingAllowHeaderFromPreflight2":
|
||||
corsMissingAllowHeaderFromPreflight2(request, response);
|
||||
break;
|
||||
}
|
||||
}
|
||||
@ -116,7 +116,7 @@ function corsMissingAllowCredentials(request, response) {
|
||||
response.setHeader("Access-Control-Allow-Origin", "http://example.com");
|
||||
}
|
||||
|
||||
function corsPreflightDidNotSucceed(request, response) {
|
||||
function corsPreflightDidNotSucceed2(request, response) {
|
||||
const isPreflight = request.method == "OPTIONS";
|
||||
if (isPreflight) {
|
||||
response.setStatusLine(request.httpVersion, 500, "Preflight fail");
|
||||
@ -137,8 +137,8 @@ function corsInvalidAllowHeader(request, response) {
|
||||
response.setHeader("Access-Control-Allow-Headers", "xyz;");
|
||||
}
|
||||
|
||||
function corsMissingAllowHeaderFromPreflight(request, response) {
|
||||
response.setStatusLine(request.httpVersion, 200, "corsMissingAllowHeaderFromPreflight");
|
||||
function corsMissingAllowHeaderFromPreflight2(request, response) {
|
||||
response.setStatusLine(request.httpVersion, 200, "corsMissingAllowHeaderFromPreflight2");
|
||||
response.setHeader("Access-Control-Allow-Origin", "*");
|
||||
response.setHeader("Access-Control-Allow-Methods", "PUT");
|
||||
}
|
||||
|
@ -144,10 +144,10 @@ const CorsErrorDocs = {
|
||||
CORSNotSupportingCredentials: "CORSNotSupportingCredentials",
|
||||
CORSMethodNotFound: "CORSMethodNotFound",
|
||||
CORSMissingAllowCredentials: "CORSMissingAllowCredentials",
|
||||
CORSPreflightDidNotSucceed: "CORSPreflightDidNotSucceed",
|
||||
CORSPreflightDidNotSucceed2: "CORSPreflightDidNotSucceed2",
|
||||
CORSInvalidAllowMethod: "CORSInvalidAllowMethod",
|
||||
CORSInvalidAllowHeader: "CORSInvalidAllowHeader",
|
||||
CORSMissingAllowHeaderFromPreflight: "CORSMissingAllowHeaderFromPreflight",
|
||||
CORSMissingAllowHeaderFromPreflight2: "CORSMissingAllowHeaderFromPreflight2",
|
||||
};
|
||||
|
||||
const baseStorageAccessPolicyErrorUrl =
|
||||
|
@ -20,10 +20,10 @@ CORSAllowOriginNotMatchingOrigin=Cross-Origin Request Blocked: The Same Origin P
|
||||
CORSNotSupportingCredentials=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at ‘%1$S’. (Reason: Credential is not supported if the CORS header ‘Access-Control-Allow-Origin’ is ‘*’).
|
||||
CORSMethodNotFound=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: Did not find method in CORS header ‘Access-Control-Allow-Methods’).
|
||||
CORSMissingAllowCredentials=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: expected ‘true’ in CORS header ‘Access-Control-Allow-Credentials’).
|
||||
CORSPreflightDidNotSucceed=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS preflight channel did not succeed).
|
||||
CORSPreflightDidNotSucceed2=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS preflight response did not succeed).
|
||||
CORSInvalidAllowMethod=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: invalid token ‘%2$S’ in CORS header ‘Access-Control-Allow-Methods’).
|
||||
CORSInvalidAllowHeader=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: invalid token ‘%2$S’ in CORS header ‘Access-Control-Allow-Headers’).
|
||||
CORSMissingAllowHeaderFromPreflight=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: missing token ‘%2$S’ in CORS header ‘Access-Control-Allow-Headers’ from CORS preflight channel).
|
||||
CORSMissingAllowHeaderFromPreflight2=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: header ‘%2$S’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response).
|
||||
|
||||
# LOCALIZATION NOTE: Do not translate "Strict-Transport-Security", "HSTS", "max-age" or "includeSubDomains"
|
||||
STSUnknownError=Strict-Transport-Security: An unknown error occurred processing the header specified by the site.
|
||||
|
@ -1290,7 +1290,7 @@ nsresult nsCORSPreflightListener::CheckPreflightRequestApproved(
|
||||
bool succeedded;
|
||||
rv = http->GetRequestSucceeded(&succeedded);
|
||||
if (NS_FAILED(rv) || !succeedded) {
|
||||
LogBlockedRequest(aRequest, "CORSPreflightDidNotSucceed", nullptr,
|
||||
LogBlockedRequest(aRequest, "CORSPreflightDidNotSucceed2", nullptr,
|
||||
nsILoadInfo::BLOCKING_REASON_CORSPREFLIGHTDIDNOTSUCCEED,
|
||||
parentHttpChannel);
|
||||
return NS_ERROR_DOM_BAD_URI;
|
||||
@ -1362,7 +1362,7 @@ nsresult nsCORSPreflightListener::CheckPreflightRequestApproved(
|
||||
const auto& comparator = nsCaseInsensitiveCStringArrayComparator();
|
||||
if (!headers.Contains(mPreflightHeaders[i], comparator)) {
|
||||
LogBlockedRequest(
|
||||
aRequest, "CORSMissingAllowHeaderFromPreflight",
|
||||
aRequest, "CORSMissingAllowHeaderFromPreflight2",
|
||||
NS_ConvertUTF8toUTF16(mPreflightHeaders[i]).get(),
|
||||
nsILoadInfo::BLOCKING_REASON_CORSMISSINGALLOWHEADERFROMPREFLIGHT,
|
||||
parentHttpChannel);
|
||||
|
Loading…
Reference in New Issue
Block a user