commit | 27f088978ef6cb2b39dc72bd3ef3e558b4502045 | [log] [tgz] |
---|---|---|
author | Yutaka Hirano <yhirano@chromium.org> | Thu Jul 19 10:01:41 2018 |
committer | Commit Bot <commit-bot@chromium.org> | Thu Jul 19 10:01:41 2018 |
tree | 21b70326b2aeb8049d7e3adaaf7a9100f8a7922a | |
parent | b9076b80f47d94028017f36d26d0f3c4a126026b [diff] |
Reject insane requests in CORSURLLoaderFactory With this CL, CORSURLLoaderFactory rejects ill-configuared requests. - CORS needs a proper origin (including an opaque unique origin) attached to a request. Hence CORSURLLoaderFactory rejects a request which has a CORS-enabled mode and null request_initiator. Also, a request with null request_initiator won't set the CORS flag with this CL. - The relationship between fetch credentials mode and load_flags is a bit unclear. If a request's credentials mode is "omit" but one of LOAD_DO_NOT_SAVE_COOKIES, LOAD_DO_NOT_SEND_COOKIES and LOAD_DO_NOT_SEND_AUTH_DATA is not set on load_flags, that is likely a mis-configuration, so fail the request. Bug: 736308, 862184 Cq-Include-Trybots: luci.chromium.try:linux_mojo Change-Id: I51fb491b865de330b22b028a0eddbc30043e6b69 Reviewed-on: https://chromium-review.googlesource.com/1136342 Commit-Queue: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Matt Menke <mmenke@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/master@{#576430}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .