aboutsummaryrefslogtreecommitdiffstats
path: root/components/shared/net/request.rs
diff options
context:
space:
mode:
Diffstat (limited to 'components/shared/net/request.rs')
-rw-r--r--components/shared/net/request.rs33
1 files changed, 33 insertions, 0 deletions
diff --git a/components/shared/net/request.rs b/components/shared/net/request.rs
index fff5dbc0836..a6c31c57104 100644
--- a/components/shared/net/request.rs
+++ b/components/shared/net/request.rs
@@ -728,10 +728,43 @@ pub fn is_cors_safelisted_request_header<N: AsRef<str>, V: AsRef<[u8]>>(
"accept" => is_cors_safelisted_request_accept(value),
"accept-language" | "content-language" => is_cors_safelisted_language(value),
"content-type" => is_cors_safelisted_request_content_type(value),
+ "range" => is_cors_safelisted_request_range(value),
_ => false,
}
}
+pub fn is_cors_safelisted_request_range(value: &[u8]) -> bool {
+ if let Ok(value_str) = std::str::from_utf8(value) {
+ return validate_range_header(value_str);
+ }
+ false
+}
+
+fn validate_range_header(value: &str) -> bool {
+ let trimmed = value.trim();
+ if !trimmed.starts_with("bytes=") {
+ return false;
+ }
+
+ if let Some(range) = trimmed.strip_prefix("bytes=") {
+ let mut parts = range.split('-');
+ let start = parts.next();
+ let end = parts.next();
+
+ if let Some(start) = start {
+ if let Ok(start_num) = start.parse::<u64>() {
+ return match end {
+ Some(e) if !e.is_empty() => e
+ .parse::<u64>()
+ .map_or(false, |end_num| start_num <= end_num),
+ _ => true,
+ };
+ }
+ }
+ }
+ false
+}
+
/// <https://fetch.spec.whatwg.org/#cors-safelisted-method>
pub fn is_cors_safelisted_method(m: &Method) -> bool {
matches!(*m, Method::GET | Method::HEAD | Method::POST)
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-28 13:58:59 +0000