diff options
| author | bors-servo <lbergstrom+bors@mozilla.com> | 2020-02-14 23:16:37 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-02-14 23:16:37 -0500 |
| commit | 795dab71fffe98434308732e4cb8ee682f28e465 (patch) | |
| tree | 54f0a0a2101b2aa776a53346eb4c6fa727634158 /components | |
| parent | 4c5ec9da27b4ff1e7175d9f1e8994d7ba0922b3d (diff) | |
| parent | 739f09e19979b16b508cbb0048e519e1d4015f3a (diff) | |
| download | servo-795dab71fffe98434308732e4cb8ee682f28e465.tar.gz servo-795dab71fffe98434308732e4cb8ee682f28e465.zip | |
Auto merge of #25768 - pshaughn:corsstar, r=jdm
Handle access-control header wildcards
<!-- Please describe your changes on the following line: -->
We were checking Access-Control-Expose-Headers for wildcards inconsistently and then discarding the result; this fixes the check and its use, passing the WPT test for having a wildcard there.
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix #24913
<!-- Either: -->
- [X] There are tests for these changes OR
- [ ] These changes do not require tests because ___
<!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.-->
<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->
Diffstat (limited to 'components')
| -rw-r--r-- | components/net/fetch/methods.rs | 19 | ||||
| -rw-r--r-- | components/net_traits/response.rs | 8 |
2 files changed, 13 insertions, 14 deletions
diff --git a/components/net/fetch/methods.rs b/components/net/fetch/methods.rs index 55cef372c1b..1584597da87 100644 --- a/components/net/fetch/methods.rs +++ b/components/net/fetch/methods.rs @@ -340,15 +340,16 @@ pub fn main_fetch( .map(|v| v.iter().collect()); match header_names { // Subsubstep 2. - Some(ref list) if request.credentials_mode != CredentialsMode::Include => { - if list.len() == 1 && list[0] == "*" { - response.cors_exposed_header_name_list = response - .headers - .iter() - .map(|(name, _)| name.as_str().to_owned()) - .collect(); - } - }, + Some(ref list) + if request.credentials_mode != CredentialsMode::Include && + list.iter().any(|header| header == "*") => + { + response.cors_exposed_header_name_list = response + .headers + .iter() + .map(|(name, _)| name.as_str().to_owned()) + .collect(); + } // Subsubstep 3. Some(list) => { response.cors_exposed_header_name_list = diff --git a/components/net_traits/response.rs b/components/net_traits/response.rs index 4ee8b37eb56..34e46ebc6a3 100644 --- a/components/net_traits/response.rs +++ b/components/net_traits/response.rs @@ -6,7 +6,7 @@ //! resulting from a [fetch operation](https://fetch.spec.whatwg.org/#concept-fetch) use crate::{FetchMetadata, FilteredMetadata, Metadata, NetworkError, ReferrerPolicy}; use crate::{ResourceFetchTiming, ResourceTimingType}; -use headers::{AccessControlExposeHeaders, ContentType, HeaderMapExt}; +use headers::{ContentType, HeaderMapExt}; use http::{HeaderMap, StatusCode}; use hyper_serde::Serde; use servo_arc::Arc; @@ -241,6 +241,7 @@ impl Response { } let old_headers = old_response.headers.clone(); + let exposed_headers = old_response.cors_exposed_header_name_list.clone(); let mut response = old_response.clone(); response.internal_response = Some(Box::new(old_response)); response.response_type = filter_type; @@ -266,10 +267,7 @@ impl Response { "expires" | "last-modified" | "pragma" => true, "set-cookie" | "set-cookie2" => false, header => { - let access = old_headers.typed_get::<AccessControlExposeHeaders>(); - let result = access - .and_then(|v| v.iter().find(|h| *header == h.as_str().to_ascii_lowercase())); - result.is_some() + exposed_headers.iter().any(|h| *header == h.as_str().to_ascii_lowercase()) } } }).map(|(n, v)| (n.clone(), v.clone())).collect(); |