From d5e7137b52dcb5ad56f932f76b74d7774dfafb32 Mon Sep 17 00:00:00 2001
From: Keith Yeung <kungfukeith11@gmail.com>
Date: Sat, 14 Oct 2017 12:35:17 -0700
Subject: [PATCH 1/2] Use the correct origin in fetch

---
 components/net/http_loader.rs | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/components/net/http_loader.rs b/components/net/http_loader.rs
index d98a92e8258..541e44f610b 100644
--- a/components/net/http_loader.rs
+++ b/components/net/http_loader.rs
@@ -671,8 +671,10 @@ pub fn http_redirect_fetch(request: &mut Request,
     request.redirect_count += 1;
 
     // Step 7
-    // FIXME: Correctly use request's origin
-    let same_origin = location_url.origin() == request.current_url().origin();
+    let same_origin = match request.origin {
+        Origin::Origin(ref origin) => *origin == location_url.origin(),
+        Origin::Client => panic!("Request origin should not be client for {}", request.current_url()),
+    };
     let has_credentials = has_credentials(&location_url);
 
     if request.mode == RequestMode::CorsMode && !same_origin && has_credentials {
@@ -691,7 +693,7 @@ pub fn http_redirect_fetch(request: &mut Request,
     }
 
     // Step 10
-    if cors_flag && !same_origin {
+    if cors_flag && location_url.origin() != request.current_url().origin() {
         request.origin = Origin::Origin(ImmutableOrigin::new_opaque());
     }
 

From 1c8d04973e99c84d37c0d6447f00d6bab55411d6 Mon Sep 17 00:00:00 2001
From: Keith Yeung <kungfukeith11@gmail.com>
Date: Tue, 24 Oct 2017 19:11:20 -0700
Subject: [PATCH 2/2] Use the correct URL when checking for bad port

---
 components/net/fetch/methods.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/net/fetch/methods.rs b/components/net/fetch/methods.rs
index b60e0556595..0f4da97aa92 100644
--- a/components/net/fetch/methods.rs
+++ b/components/net/fetch/methods.rs
@@ -119,7 +119,7 @@ pub fn main_fetch(request: &mut Request,
     // TODO: handle upgrade to a potentially secure URL.
 
     // Step 5.
-    if should_be_blocked_due_to_bad_port(&request.url()) {
+    if should_be_blocked_due_to_bad_port(&request.current_url()) {
         response = Some(Response::network_error(NetworkError::Internal("Request attempted on bad port".into())));
     }
     // TODO: handle blocking as mixed content.