From b0a12f6a8aef7bfd231a53f9a3c430c1ee50b0f7 Mon Sep 17 00:00:00 2001 From: Shinichi Morimoto Date: Mon, 28 Oct 2019 00:52:44 +0900 Subject: [PATCH 1/2] fix #24367 --- components/net/http_loader.rs | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/components/net/http_loader.rs b/components/net/http_loader.rs index b2bec9c7fb4..2eded052307 100644 --- a/components/net/http_loader.rs +++ b/components/net/http_loader.rs @@ -1462,7 +1462,15 @@ fn http_network_fetch( _ => false, }); - if !req_origin_in_timing_allow && !wildcard_present { + let is_same_origin = request.url_list.iter().any(|url| match request.origin { + SpecificOrigin(ref immutable_request_origin) => { + url.clone().into_url().origin().ascii_serialization() == + immutable_request_origin.ascii_serialization() + }, + _ => false, + }); + + if !(is_same_origin || req_origin_in_timing_allow || wildcard_present) { context.timing.lock().unwrap().mark_timing_check_failed(); } From 70c62ceee75d084448699db87237d86481cd29d8 Mon Sep 17 00:00:00 2001 From: Shinichi Morimoto Date: Tue, 5 Nov 2019 11:23:19 +0900 Subject: [PATCH 2/2] Fix check conditions --- components/net/http_loader.rs | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/components/net/http_loader.rs b/components/net/http_loader.rs index 2eded052307..3ed84241736 100644 --- a/components/net/http_loader.rs +++ b/components/net/http_loader.rs @@ -1462,11 +1462,8 @@ fn http_network_fetch( _ => false, }); - let is_same_origin = request.url_list.iter().any(|url| match request.origin { - SpecificOrigin(ref immutable_request_origin) => { - url.clone().into_url().origin().ascii_serialization() == - immutable_request_origin.ascii_serialization() - }, + let is_same_origin = request.url_list.iter().all(|url| match request.origin { + SpecificOrigin(ref immutable_request_origin) => url.origin() == *immutable_request_origin, _ => false, });