From 53381bf93471e0a457a889ede6cc256f9172b39a Mon Sep 17 00:00:00 2001
From: Cameron Kaiser <classilla@floodgap.com>
Date: Sun, 25 Oct 2020 21:46:59 -0700
Subject: [PATCH] #612 (from OlgaTPark/14) additional fixes

---
 dom/base/nsXMLHttpRequest.cpp                 |  5 +++-
 netwerk/protocol/http/nsCORSListenerProxy.cpp | 23 +++++++++++++------
 2 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/dom/base/nsXMLHttpRequest.cpp b/dom/base/nsXMLHttpRequest.cpp
index e86063448..a6b5e2ae6 100644
--- a/dom/base/nsXMLHttpRequest.cpp
+++ b/dom/base/nsXMLHttpRequest.cpp
@@ -1318,7 +1318,10 @@ nsXMLHttpRequest::IsSafeHeader(const nsACString& header, nsIHttpChannel* httpCha
       return false;
     }
 
-    if (token.EqualsLiteral("*")) {
+    if (token.EqualsLiteral("*") &&
+        (mState & XML_HTTP_REQUEST_AC_WITH_CREDENTIALS) !=
+XML_HTTP_REQUEST_AC_WITH_CREDENTIALS /* See this->SetWithCredentials */)
+    {
       isSafe = true;
     } else if (header.Equals(token, nsCaseInsensitiveCStringComparator())) {
       isSafe = true;
diff --git a/netwerk/protocol/http/nsCORSListenerProxy.cpp b/netwerk/protocol/http/nsCORSListenerProxy.cpp
index 2e2e5a24e..0d9e81fad 100644
--- a/netwerk/protocol/http/nsCORSListenerProxy.cpp
+++ b/netwerk/protocol/http/nsCORSListenerProxy.cpp
@@ -1289,6 +1289,7 @@ nsCORSPreflightListener::CheckPreflightRequestApproved(nsIRequest* aRequest)
                           headerVal);
   nsTArray<nsCString> headers;
   nsCCharSeparatedTokenizer headerTokens(headerVal, ',');
+  bool allowAllHeaders = false;
   while(headerTokens.hasMoreTokens()) {
     const nsDependentCSubstring& header = headerTokens.nextToken();
     if (header.IsEmpty()) {
@@ -1299,14 +1300,22 @@ nsCORSPreflightListener::CheckPreflightRequestApproved(nsIRequest* aRequest)
                         NS_ConvertUTF8toUTF16(header).get());
       return NS_ERROR_DOM_BAD_URI;
     }
-    headers.AppendElement(header);
+    if (header.EqualsLiteral("*") && !mWithCredentials) {
+      allowAllHeaders = true;
+    } else {
+      headers.AppendElement(header);
+    }
   }
-  for (uint32_t i = 0; i < mPreflightHeaders.Length(); ++i) {
-    if (!headers.Contains(mPreflightHeaders[i],
-                          nsCaseInsensitiveCStringArrayComparator())) {
-      LogBlockedRequest(aRequest, "CORSMissingAllowHeaderFromPreflight",
-                        NS_ConvertUTF8toUTF16(mPreflightHeaders[i]).get());
-      return NS_ERROR_DOM_BAD_URI;
+
+  if (!allowAllHeaders) {
+    const auto& comparator = nsCaseInsensitiveCStringArrayComparator();
+    for (uint32_t i = 0; i < mPreflightHeaders.Length(); ++i) {
+      if (!headers.Contains(mPreflightHeaders[i], comparator)) {
+        LogBlockedRequest(
+            aRequest, "CORSMissingAllowHeaderFromPreflight",
+            NS_ConvertUTF8toUTF16(mPreflightHeaders[i]).get());
+        return NS_ERROR_DOM_BAD_URI;
+      }
     }
   }