diff --git a/Cargo.lock b/Cargo.lock index e39752b36cc..990dcf8b43d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4837,6 +4837,7 @@ dependencies = [ "hyper_serde", "imsz", "ipc-channel", + "itertools 0.13.0", "log", "malloc_size_of_derive", "mime", diff --git a/components/net/Cargo.toml b/components/net/Cargo.toml index 6ecd746812a..04ef7ac190c 100644 --- a/components/net/Cargo.toml +++ b/components/net/Cargo.toml @@ -42,6 +42,7 @@ hyper-util = { workspace = true } hyper_serde = { workspace = true } imsz = { workspace = true } ipc-channel = { workspace = true } +itertools = { workspace = true } log = { workspace = true } malloc_size_of = { workspace = true } malloc_size_of_derive = { workspace = true } diff --git a/components/net/http_loader.rs b/components/net/http_loader.rs index 609507529dd..29165a56015 100644 --- a/components/net/http_loader.rs +++ b/components/net/http_loader.rs @@ -20,13 +20,13 @@ use futures::{TryFutureExt, TryStreamExt, future}; use headers::authorization::Basic; use headers::{ AccessControlAllowCredentials, AccessControlAllowHeaders, AccessControlAllowMethods, - AccessControlAllowOrigin, AccessControlMaxAge, AccessControlRequestHeaders, - AccessControlRequestMethod, Authorization, CacheControl, ContentLength, HeaderMapExt, - IfModifiedSince, LastModified, Pragma, Referer, UserAgent, + AccessControlAllowOrigin, AccessControlMaxAge, AccessControlRequestMethod, Authorization, + CacheControl, ContentLength, HeaderMapExt, IfModifiedSince, LastModified, Pragma, Referer, + UserAgent, }; use http::header::{ - self, ACCEPT, AUTHORIZATION, CONTENT_ENCODING, CONTENT_LANGUAGE, CONTENT_LOCATION, - CONTENT_TYPE, HeaderValue, RANGE, + self, ACCEPT, ACCESS_CONTROL_REQUEST_HEADERS, AUTHORIZATION, CONTENT_ENCODING, + CONTENT_LANGUAGE, CONTENT_LOCATION, CONTENT_TYPE, HeaderValue, RANGE, }; use http::{HeaderMap, Method, Request as HyperRequest, StatusCode}; use http_body_util::combinators::BoxBody; @@ -2139,11 +2139,15 @@ async fn cors_preflight_fetch( // Step 4 let headers = get_cors_unsafe_header_names(&request.headers); - // Step 5 + // Step 5 If headers is not empty, then: if !headers.is_empty() { - preflight - .headers - .typed_insert(AccessControlRequestHeaders::from_iter(headers)); + // 5.1 Let value be the items in headers separated from each other by `,` + // TODO(36451): replace this with typed_insert when headers fixes headers#207 + preflight.headers.insert( + ACCESS_CONTROL_REQUEST_HEADERS, + HeaderValue::from_bytes(itertools::join(headers.iter(), ",").as_bytes()) + .unwrap_or(HeaderValue::from_static("")), + ); } // Step 6 diff --git a/tests/wpt/meta/fetch/api/cors/cors-preflight.any.js.ini b/tests/wpt/meta/fetch/api/cors/cors-preflight.any.js.ini deleted file mode 100644 index 6cb85679e81..00000000000 --- a/tests/wpt/meta/fetch/api/cors/cors-preflight.any.js.ini +++ /dev/null @@ -1,14 +0,0 @@ -[cors-preflight.any.html] - [CORS [GET\] [several headers\], server allows] - expected: FAIL - - [CORS [PUT\] [several headers\], server allows] - expected: FAIL - - -[cors-preflight.any.worker.html] - [CORS [GET\] [several headers\], server allows] - expected: FAIL - - [CORS [PUT\] [several headers\], server allows] - expected: FAIL diff --git a/tests/wpt/meta/xhr/access-control-preflight-request-header-sorted.htm.ini b/tests/wpt/meta/xhr/access-control-preflight-request-header-sorted.htm.ini deleted file mode 100644 index e255515d6a8..00000000000 --- a/tests/wpt/meta/xhr/access-control-preflight-request-header-sorted.htm.ini +++ /dev/null @@ -1,3 +0,0 @@ -[access-control-preflight-request-header-sorted.htm] - [Tests that Access-Control-Request-Headers are sorted.] - expected: FAIL