Allow navigations that include cross-origin redirects to succeed. (#32996)

Signed-off-by: Josh Matthews <josh@joshmatthews.net>

2 files changed, 22 insertions, 8 deletions

diff --git a/components/net/fetch/methods.rs b/components/net/fetch/methods.rs
index 1f8b70f4e61..7faf3529804 100644
--- a/components/net/fetch/methods.rs
+++ b/components/net/fetch/methods.rs
@@ -26,8 +26,8 @@ use net_traits::blob_url_store::{parse_blob_url, BlobURLStoreError};
 use net_traits::filemanager_thread::{FileTokenCheck, RelativePos};
 use net_traits::request::{
     is_cors_safelisted_method, is_cors_safelisted_request_header, BodyChunkRequest,
-    BodyChunkResponse, CredentialsMode, Destination, Origin, Referrer, Request, RequestMode,
-    ResponseTainting, Window,
+    BodyChunkResponse, CredentialsMode, Destination, Origin, RedirectMode, Referrer, Request,
+    RequestMode, ResponseTainting, Window,
 };
 use net_traits::response::{Response, ResponseBody, ResponseType};
 use net_traits::{
@@ -298,7 +298,11 @@ pub async fn main_fetch(
 
             if (same_origin && !cors_flag) ||
                 current_url.scheme() == "data" ||
-                current_url.scheme() == "chrome"
+                current_url.scheme() == "chrome" ||
+                matches!(
+                    request.mode,
+                    RequestMode::Navigate | RequestMode::WebSocket { .. }
+                )
             {
                 // Substep 1.
                 request.response_tainting = ResponseTainting::Basic;
@@ -308,11 +312,18 @@ pub async fn main_fetch(
             } else if request.mode == RequestMode::SameOrigin {
                 Response::network_error(NetworkError::Internal("Cross-origin response".into()))
             } else if request.mode == RequestMode::NoCors {
-                // Substep 1.
-                request.response_tainting = ResponseTainting::Opaque;
+                // Substep 1. If request’s redirect mode is not "follow", then return a network error.
+                if request.redirect_mode != RedirectMode::Follow {
+                    Response::network_error(NetworkError::Internal(
+                        "NoCors requests must follow redirects".into(),
+                    ))
+                } else {
+                    // Substep 2. Set request’s response tainting to "opaque".
+                    request.response_tainting = ResponseTainting::Opaque;
 
-                // Substep 2.
-                scheme_fetch(request, cache, target, done_chan, context).await
+                    // Substep 3. Return the result of running scheme fetch given fetchParams.
+                    scheme_fetch(request, cache, target, done_chan, context).await
+                }
             } else if !matches!(current_url.scheme(), "http" | "https") {
                 Response::network_error(NetworkError::Internal("Non-http scheme".into()))
             } else if request.use_cors_preflight ||
diff --git a/components/script/script_thread.rs b/components/script/script_thread.rs
index 568c8ba4bdd..5940ccf7abb 100644
--- a/components/script/script_thread.rs
+++ b/components/script/script_thread.rs
@@ -63,7 +63,9 @@ use media::WindowGLContext;
 use metrics::{PaintTimeMetrics, MAX_TASK_NS};
 use mime::{self, Mime};
 use net_traits::image_cache::{ImageCache, PendingImageResponse};
-use net_traits::request::{CredentialsMode, Destination, RedirectMode, RequestBuilder};
+use net_traits::request::{
+    CredentialsMode, Destination, RedirectMode, RequestBuilder, RequestMode,
+};
 use net_traits::storage_thread::StorageType;
 use net_traits::{
     FetchMetadata, FetchResponseListener, FetchResponseMsg, Metadata, NetworkError, ReferrerPolicy,
@@ -3970,6 +3972,7 @@ impl ScriptThread {
         let req_init = RequestBuilder::new(load_data.url.clone(), load_data.referrer)
             .method(load_data.method)
             .destination(Destination::Document)
+            .mode(RequestMode::Navigate)
             .credentials_mode(CredentialsMode::Include)
             .use_url_credentials(true)
             .pipeline_id(Some(id))