Macintosh-SW
/
tenfourfox
mirror of https://github.com/classilla/tenfourfox.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

#612 (from OlgaTPark/14) additional fixes

This commit is contained in:
Cameron Kaiser 2020-10-25 21:46:59 -07:00
parent 06bbc2e34c
commit 53381bf934
2 changed files with 20 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
dom/base/nsXMLHttpRequest.cpp
View File

@ -1318,7 +1318,10 @@ nsXMLHttpRequest::IsSafeHeader(const nsACString& header, nsIHttpChannel* httpCha
return false;
}
if (token.EqualsLiteral("*")) {
if (token.EqualsLiteral("*") &&
(mState & XML_HTTP_REQUEST_AC_WITH_CREDENTIALS) !=
XML_HTTP_REQUEST_AC_WITH_CREDENTIALS /* See this->SetWithCredentials */)
{
isSafe = true;
} else if (header.Equals(token, nsCaseInsensitiveCStringComparator())) {
isSafe = true;

23
netwerk/protocol/http/nsCORSListenerProxy.cpp
View File

@ -1289,6 +1289,7 @@ nsCORSPreflightListener::CheckPreflightRequestApproved(nsIRequest* aRequest)
headerVal);
nsTArray<nsCString> headers;
nsCCharSeparatedTokenizer headerTokens(headerVal, ',');
bool allowAllHeaders = false;
while(headerTokens.hasMoreTokens()) {
const nsDependentCSubstring& header = headerTokens.nextToken();
if (header.IsEmpty()) {
@ -1299,14 +1300,22 @@ nsCORSPreflightListener::CheckPreflightRequestApproved(nsIRequest* aRequest)
NS_ConvertUTF8toUTF16(header).get());
return NS_ERROR_DOM_BAD_URI;
}
headers.AppendElement(header);
if (header.EqualsLiteral("*") && !mWithCredentials) {
allowAllHeaders = true;
} else {
headers.AppendElement(header);
}
}
for (uint32_t i = 0; i < mPreflightHeaders.Length(); ++i) {
if (!headers.Contains(mPreflightHeaders[i],
nsCaseInsensitiveCStringArrayComparator())) {
LogBlockedRequest(aRequest, "CORSMissingAllowHeaderFromPreflight",
NS_ConvertUTF8toUTF16(mPreflightHeaders[i]).get());
return NS_ERROR_DOM_BAD_URI;
if (!allowAllHeaders) {
const auto& comparator = nsCaseInsensitiveCStringArrayComparator();
for (uint32_t i = 0; i < mPreflightHeaders.Length(); ++i) {
if (!headers.Contains(mPreflightHeaders[i], comparator)) {
LogBlockedRequest(
aRequest, "CORSMissingAllowHeaderFromPreflight",
NS_ConvertUTF8toUTF16(mPreflightHeaders[i]).get());
return NS_ERROR_DOM_BAD_URI;
}
}
}