Bug 1564175 - Revert the quick fix from bug 1559795 r=ckerschb
authorKershaw Chang <kershaw@mozilla.com>
Tue, 16 Jul 2019 14:33:20 +0000
changeset 483090 4a732dd8dc9379beb144507665bad013ee3b46fe
parent 483089 3d2f60121e463c258bc333107bc01f658009df3c
child 483091 a2cd0c66786a56d6982908a7ca7084806594a53c
push id90179
push userkjang@mozilla.com
push dateWed, 17 Jul 2019 08:34:40 +0000
treeherderautoland@4a732dd8dc93 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersckerschb
bugs1564175, 1559795
milestone70.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1564175 - Revert the quick fix from bug 1559795 r=ckerschb Add the length check back. Differential Revision: https://phabricator.services.mozilla.com/D38186
dom/base/nsContentUtils.cpp
testing/web-platform/meta/fetch/api/headers/headers-no-cors.window.js.ini
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@@ -6897,16 +6897,19 @@ bool nsContentUtils::IsAllowedNonCorsLan
   }
   return true;
 }
 
 // static
 bool nsContentUtils::IsCORSSafelistedRequestHeader(const nsACString& aName,
                                                    const nsACString& aValue) {
   // see https://fetch.spec.whatwg.org/#cors-safelisted-request-header
+  if (aValue.Length() > 128) {
+    return false;
+  }
   return (aName.LowerCaseEqualsLiteral("accept") &&
           nsContentUtils::IsAllowedNonCorsAccept(aValue)) ||
          (aName.LowerCaseEqualsLiteral("accept-language") &&
           nsContentUtils::IsAllowedNonCorsLanguage(aValue)) ||
          (aName.LowerCaseEqualsLiteral("content-language") &&
           nsContentUtils::IsAllowedNonCorsLanguage(aValue)) ||
          (aName.LowerCaseEqualsLiteral("content-type") &&
           nsContentUtils::IsAllowedNonCorsContentType(aValue));
deleted file mode 100644
--- a/testing/web-platform/meta/fetch/api/headers/headers-no-cors.window.js.ini
+++ /dev/null
@@ -1,25 +0,0 @@
-[headers-no-cors.window.html]
-  ["no-cors" Headers object cannot have accept set to sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss, , sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss]
-    expected: FAIL
-
-  ["no-cors" Headers object cannot have content-language set to , sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss]
-    expected: FAIL
-
-  ["no-cors" Headers object cannot have accept-language set to , sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss]
-    expected: FAIL
-
-  ["no-cors" Headers object cannot have content-language set to sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss, , sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss]
-    expected: FAIL
-
-  ["no-cors" Headers object cannot have content-type/text/plain; long=0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901 as header]
-    expected: FAIL
-
-  ["no-cors" Headers object cannot have accept-language set to sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss, , sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss]
-    expected: FAIL
-
-  ["no-cors" Headers object cannot have accept set to , sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss]
-    expected: FAIL
-
-  ["no-cors" Headers object cannot have accept/012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678 as header]
-    expected: FAIL
-