| author | Kershaw Chang <kershaw@mozilla.com> |
| Tue, 16 Jul 2019 14:33:20 +0000 | |
| changeset 483090 | 4a732dd8dc9379beb144507665bad013ee3b46fe |
| parent 483089 | 3d2f60121e463c258bc333107bc01f658009df3c |
| child 483091 | a2cd0c66786a56d6982908a7ca7084806594a53c |
| push id | 90179 |
| push user | kjang@mozilla.com |
| push date | Wed, 17 Jul 2019 08:34:40 +0000 |
| treeherder | autoland@4a732dd8dc93 [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| reviewers | ckerschb |
| bugs | 1564175, 1559795 |
| milestone | 70.0a1 |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| dom/base/nsContentUtils.cpp | file | annotate | diff | comparison | revisions | |
| testing/web-platform/meta/fetch/api/headers/headers-no-cors.window.js.ini | file | annotate | diff | comparison | revisions |
--- a/dom/base/nsContentUtils.cpp +++ b/dom/base/nsContentUtils.cpp @@ -6897,16 +6897,19 @@ bool nsContentUtils::IsAllowedNonCorsLan } return true; } // static bool nsContentUtils::IsCORSSafelistedRequestHeader(const nsACString& aName, const nsACString& aValue) { // see https://fetch.spec.whatwg.org/#cors-safelisted-request-header + if (aValue.Length() > 128) { + return false; + } return (aName.LowerCaseEqualsLiteral("accept") && nsContentUtils::IsAllowedNonCorsAccept(aValue)) || (aName.LowerCaseEqualsLiteral("accept-language") && nsContentUtils::IsAllowedNonCorsLanguage(aValue)) || (aName.LowerCaseEqualsLiteral("content-language") && nsContentUtils::IsAllowedNonCorsLanguage(aValue)) || (aName.LowerCaseEqualsLiteral("content-type") && nsContentUtils::IsAllowedNonCorsContentType(aValue));
deleted file mode 100644 --- a/testing/web-platform/meta/fetch/api/headers/headers-no-cors.window.js.ini +++ /dev/null @@ -1,25 +0,0 @@ -[headers-no-cors.window.html] - ["no-cors" Headers object cannot have accept set to sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss, , sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss] - expected: FAIL - - ["no-cors" Headers object cannot have content-language set to , sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss] - expected: FAIL - - ["no-cors" Headers object cannot have accept-language set to , sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss] - expected: FAIL - - ["no-cors" Headers object cannot have content-language set to sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss, , sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss] - expected: FAIL - - ["no-cors" Headers object cannot have content-type/text/plain; long=0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901 as header] - expected: FAIL - - ["no-cors" Headers object cannot have accept-language set to sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss, , sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss] - expected: FAIL - - ["no-cors" Headers object cannot have accept set to , sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss] - expected: FAIL - - ["no-cors" Headers object cannot have accept/012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678 as header] - expected: FAIL -