Improve precision of error messages from failed CORS checks.
Identify when the incoming Access-Control-Allow-Origin header value
contains multiple origin tokens and report this as not allowed. If it
doesn't and the origin is valid, provide an error message that informs
of a mismatch between the origin strings.
The previous error message could lead users into thinking that
(white)lists of origins were supported. It is not by the spec nor
current implementations.
Removed a nearby and related FIXME; not a current concern.
R=
BUG=321517
TEST=http/tests/xmlhttprequest/origin-exact-matching
Review URL: https://codereview.chromium.org/109773002
git-svn-id: svn://svn.chromium.org/blink/trunk@163406 bbb929c8-8fbe-4397-9dbb-9b2b20218538
12 files changed
