mirror of
https://github.com/servo/servo.git
synced 2025-08-06 06:00:15 +01:00
Restrict about to about:blank and data to GET
This commit is contained in:
parent
9d6d1c66b8
commit
e546637d91
1 changed files with 4 additions and 5 deletions
|
@ -74,12 +74,11 @@ impl CORSRequest {
|
|||
match &*destination.scheme {
|
||||
// As per (https://fetch.spec.whatwg.org/#main-fetch 5.1.9), about URLs can be fetched
|
||||
// the same as a basic request.
|
||||
// TODO: (security-sensitive) restrict the available pages to about:blank and
|
||||
// about:unicorn (See https://fetch.spec.whatwg.org/#concept-basic-fetch).
|
||||
"about" => Ok(None),
|
||||
"about" if destination.path == Some("blank") => Ok(None),
|
||||
// As per (https://fetch.spec.whatwg.org/#main-fetch 5.1.9), data URLs can be fetched
|
||||
// the same as a basic request if the request's same-origin data-URL flag is set.
|
||||
"data" if same_origin_data_url_flag => Ok(None),
|
||||
// the same as a basic request if the request's method is GET and the
|
||||
// same-origin data-URL flag is set.
|
||||
"data" if same_origin_data_url_flag && method == Method::Get => Ok(None),
|
||||
"http" | "https" => {
|
||||
let mut req = CORSRequest::new(referer, destination, mode, method, headers);
|
||||
req.preflight_flag = !is_simple_method(&req.method) ||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue