Manually concatenate ACRH headers to not include a space (#36455)

headers library will join values with `, ` (comma space) but Access-Control-Request-Headers specifies that it does not use the normal combining algorithm and values should be joined with `,` (comma). Testing: WPT tests exist Fixes: temporary fix for #36451 until hyperium/headers#207 is fixed --------- Signed-off-by: Sebastian C <sebsebmc@gmail.com>
2025-07-22 14:53:49 +01:00 · 2025-04-11 12:01:55 -05:00 · 2025-04-11 12:01:55 -05:00 · 87c40b4168
commit 87c40b4168
parent 0c8bb8287a
5 changed files with 15 additions and 26 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -4837,6 +4837,7 @@ dependencies = [
 "hyper_serde",
 "imsz",
 "ipc-channel",
+ "itertools 0.13.0",
 "log",
 "malloc_size_of_derive",
 "mime",
--- a/components/net/Cargo.toml
+++ b/components/net/Cargo.toml
@ -42,6 +42,7 @@ hyper-util = { workspace = true }
 hyper_serde = { workspace = true }
 imsz = { workspace = true }
 ipc-channel = { workspace = true }
+itertools = { workspace = true }
 log = { workspace = true }
 malloc_size_of = { workspace = true }
 malloc_size_of_derive = { workspace = true }
--- a/components/net/http_loader.rs
+++ b/components/net/http_loader.rs
@ -20,13 +20,13 @@ use futures::{TryFutureExt, TryStreamExt, future};
 use headers::authorization::Basic;
 use headers::{
    AccessControlAllowCredentials, AccessControlAllowHeaders, AccessControlAllowMethods,
-    AccessControlAllowOrigin, AccessControlMaxAge, AccessControlRequestHeaders,
-    AccessControlRequestMethod, Authorization, CacheControl, ContentLength, HeaderMapExt,
-    IfModifiedSince, LastModified, Pragma, Referer, UserAgent,
+    AccessControlAllowOrigin, AccessControlMaxAge, AccessControlRequestMethod, Authorization,
+    CacheControl, ContentLength, HeaderMapExt, IfModifiedSince, LastModified, Pragma, Referer,
+    UserAgent,
 };
 use http::header::{
-    self, ACCEPT, AUTHORIZATION, CONTENT_ENCODING, CONTENT_LANGUAGE, CONTENT_LOCATION,
-    CONTENT_TYPE, HeaderValue, RANGE,
+    self, ACCEPT, ACCESS_CONTROL_REQUEST_HEADERS, AUTHORIZATION, CONTENT_ENCODING,
+    CONTENT_LANGUAGE, CONTENT_LOCATION, CONTENT_TYPE, HeaderValue, RANGE,
 };
 use http::{HeaderMap, Method, Request as HyperRequest, StatusCode};
 use http_body_util::combinators::BoxBody;
@ -2139,11 +2139,15 @@ async fn cors_preflight_fetch(
    // Step 4
    let headers = get_cors_unsafe_header_names(&request.headers);

-    // Step 5
+    // Step 5 If headers is not empty, then:
    if !headers.is_empty() {
-        preflight
-            .headers
-            .typed_insert(AccessControlRequestHeaders::from_iter(headers));
+        // 5.1 Let value be the items in headers separated from each other by `,`
+        // TODO(36451): replace this with typed_insert when headers fixes headers#207
+        preflight.headers.insert(
+            ACCESS_CONTROL_REQUEST_HEADERS,
+            HeaderValue::from_bytes(itertools::join(headers.iter(), ",").as_bytes())
+                .unwrap_or(HeaderValue::from_static("")),
+        );
    }

    // Step 6
--- a/tests/wpt/meta/fetch/api/cors/cors-preflight.any.js.ini
+++ b/tests/wpt/meta/fetch/api/cors/cors-preflight.any.js.ini
@ -1,14 +0,0 @@
-[cors-preflight.any.html]
-  [CORS [GET\] [several headers\], server allows]
-    expected: FAIL
-
-  [CORS [PUT\] [several headers\], server allows]
-    expected: FAIL
-
-
-[cors-preflight.any.worker.html]
-  [CORS [GET\] [several headers\], server allows]
-    expected: FAIL
-
-  [CORS [PUT\] [several headers\], server allows]
-    expected: FAIL
--- a/tests/wpt/meta/xhr/access-control-preflight-request-header-sorted.htm.ini
+++ b/tests/wpt/meta/xhr/access-control-preflight-request-header-sorted.htm.ini
@ -1,3 +0,0 @@
-[access-control-preflight-request-header-sorted.htm]
-  [Tests that Access-Control-Request-Headers are sorted.]
-    expected: FAIL