Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-07-23 15:23:42 +01:00
Code Issues Projects Releases Packages Wiki Activity

Handle access-control header wildcards

Browse source
This commit is contained in:
Patrick Shaughnessy 2020-02-14 13:13:22 -05:00
parent 4f36472b6f
commit 739f09e199
3 changed files with 13 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

7
components/net/fetch/methods.rs
View file

@ -340,15 +340,16 @@ pub fn main_fetch(
.map(|v| v.iter().collect()); .map(|v| v.iter().collect());
match header_names { match header_names {
// Subsubstep 2. // Subsubstep 2.
Some(ref list) if request.credentials_mode != CredentialsMode::Include => { Some(ref list)
if list.len() == 1 && list[0] == "*" { if request.credentials_mode != CredentialsMode::Include &&
list.iter().any(|header| header == "*") =>
{
response.cors_exposed_header_name_list = response response.cors_exposed_header_name_list = response
.headers .headers
.iter() .iter()
.map(|(name, _)| name.as_str().to_owned()) .map(|(name, _)| name.as_str().to_owned())
.collect(); .collect();
} }
},
// Subsubstep 3. // Subsubstep 3.
Some(list) => { Some(list) => {
response.cors_exposed_header_name_list = response.cors_exposed_header_name_list =

8
components/net_traits/response.rs
View file

@ -6,7 +6,7 @@
//! resulting from a [fetch operation](https://fetch.spec.whatwg.org/#concept-fetch) //! resulting from a [fetch operation](https://fetch.spec.whatwg.org/#concept-fetch)
use crate::{FetchMetadata, FilteredMetadata, Metadata, NetworkError, ReferrerPolicy}; use crate::{FetchMetadata, FilteredMetadata, Metadata, NetworkError, ReferrerPolicy};
use crate::{ResourceFetchTiming, ResourceTimingType}; use crate::{ResourceFetchTiming, ResourceTimingType};
use headers::{AccessControlExposeHeaders, ContentType, HeaderMapExt}; use headers::{ContentType, HeaderMapExt};
use http::{HeaderMap, StatusCode}; use http::{HeaderMap, StatusCode};
use hyper_serde::Serde; use hyper_serde::Serde;
use servo_arc::Arc; use servo_arc::Arc;
@ -241,6 +241,7 @@ impl Response {
} }
let old_headers = old_response.headers.clone(); let old_headers = old_response.headers.clone();
let exposed_headers = old_response.cors_exposed_header_name_list.clone();
let mut response = old_response.clone(); let mut response = old_response.clone();
response.internal_response = Some(Box::new(old_response)); response.internal_response = Some(Box::new(old_response));
response.response_type = filter_type; response.response_type = filter_type;
@ -266,10 +267,7 @@ impl Response {
"expires" | "last-modified" | "pragma" => true, "expires" | "last-modified" | "pragma" => true,
"set-cookie" | "set-cookie2" => false, "set-cookie" | "set-cookie2" => false,
header => { header => {
let access = old_headers.typed_get::<AccessControlExposeHeaders>(); exposed_headers.iter().any(|h| *header == h.as_str().to_ascii_lowercase())
let result = access
.and_then(|v| v.iter().find(|h| *header == h.as_str().to_ascii_lowercase()));
result.is_some()
} }
} }
}).map(|(n, v)| (n.clone(), v.clone())).collect(); }).map(|(n, v)| (n.clone(), v.clone())).collect();

15
tests/wpt/metadata/fetch/api/cors/cors-expose-star.sub.any.js.ini
View file

@ -1,15 +0,0 @@
[cors-expose-star.sub.any.html]
[Basic Access-Control-Expose-Headers: * support]
expected: FAIL
[* can be one of several values]
expected: FAIL
[cors-expose-star.sub.any.worker.html]
[Basic Access-Control-Expose-Headers: * support]
expected: FAIL
[* can be one of several values]
expected: FAIL