Fix accidental origin header removal in redirects
net/ implementation removes an origin when it sees a redirect which
changes request's method. This break CORS when the CORS flag is set -
because in that case we need an origin header.
This CL fixes it.
Bug: 965018
Change-Id: I3137d3b781c0cb293fbb282901b8bb52b3c13651
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1621419
Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#661638}
diff --git a/fetch/api/redirect/redirect-origin.any.js b/fetch/api/redirect/redirect-origin.any.js
index 3edb1bd..b81b916 100644
--- a/fetch/api/redirect/redirect-origin.any.js
+++ b/fetch/api/redirect/redirect-origin.any.js
@@ -2,7 +2,7 @@
// META: script=../resources/utils.js
// META: script=/common/get-host-info.sub.js
-function testOriginAfterRedirection(desc, redirectUrl, redirectLocation, redirectStatus, expectedOrigin) {
+function testOriginAfterRedirection(desc, method, redirectUrl, redirectLocation, redirectStatus, expectedOrigin) {
var uuid_token = token();
var url = redirectUrl;
var urlParameters = "?token=" + uuid_token + "&max_age=0";
@@ -28,10 +28,15 @@
var corsLocationUrl = get_host_info().HTTP_REMOTE_ORIGIN + dirname(location.pathname) + RESOURCES_DIR + "inspect-headers.py?cors&headers=origin";
for (var code of [301, 302, 303, 307, 308]) {
- testOriginAfterRedirection("Same origin to same origin redirection " + code, redirectUrl, locationUrl, code, null);
- testOriginAfterRedirection("Same origin to other origin redirection " + code, redirectUrl, corsLocationUrl, code, get_host_info().HTTP_ORIGIN);
- testOriginAfterRedirection("Other origin to other origin redirection " + code, corsRedirectUrl, corsLocationUrl, code, get_host_info().HTTP_ORIGIN);
- testOriginAfterRedirection("Other origin to same origin redirection " + code, corsRedirectUrl, locationUrl + "&cors", code, "null");
+ testOriginAfterRedirection("Same origin to same origin redirection " + code, 'GET', redirectUrl, locationUrl, code, null);
+ testOriginAfterRedirection("Same origin to other origin redirection " + code, 'GET', redirectUrl, corsLocationUrl, code, get_host_info().HTTP_ORIGIN);
+ testOriginAfterRedirection("Other origin to other origin redirection " + code, 'GET', corsRedirectUrl, corsLocationUrl, code, get_host_info().HTTP_ORIGIN);
+ testOriginAfterRedirection("Other origin to same origin redirection " + code, 'GET', corsRedirectUrl, locationUrl + "&cors", code, "null");
+
+ testOriginAfterRedirection("Same origin to same origin redirection[POST] " + code, 'POST', redirectUrl, locationUrl, code, null);
+ testOriginAfterRedirection("Same origin to other origin redirection[POST] " + code, 'POST', redirectUrl, corsLocationUrl, code, get_host_info().HTTP_ORIGIN);
+ testOriginAfterRedirection("Other origin to other origin redirection[POST] " + code, 'POST', corsRedirectUrl, corsLocationUrl, code, get_host_info().HTTP_ORIGIN);
+ testOriginAfterRedirection("Other origin to same origin redirection[POST] " + code, 'POST', corsRedirectUrl, locationUrl + "&cors", code, "null");
}
done();