Correctly handle CORS access checks over cache-validating responses.
If a CORS-enabled load of a resource is also done conditionally, the
response may be a 304 (Not Modified.) That 304 response is not
required (nor expected) to have any CORS headers included, so arrange
for the required CORS access control check to be performed over the
cached resource having been (successfully) validated.
R=
BUG=339058
TEST=http/tests/security/script-crossorigin-fails-cross-origin-conditional
Review URL: https://codereview.chromium.org/146853003
git-svn-id: svn://svn.chromium.org/blink/trunk@166188 bbb929c8-8fbe-4397-9dbb-9b2b20218538
5 files changed
