Mercurial > mozilla-central / changeset / 0b9a0430688df6b7a121d137cdd5ad9a23e01429
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1426443 - Set CORS mode for inline module scripts r=smaug
authorJon Coppeard <jcoppeard@mozilla.com>
Thu, 21 Dec 2017 11:17:12 +0000
changeset 397210 0b9a0430688df6b7a121d137cdd5ad9a23e01429
parent 397209 56a67e62f5cbd462019483e50d8972e37751bb53
child 397211 44946398493e3c3d9dceb6aed92be9afc469f110
push id33128
push useraiakab@mozilla.com
push dateThu, 21 Dec 2017 22:20:14 +0000
treeherdermozilla-central@f844e99f26b1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssmaug
bugs1426443
milestone59.0a1
first release with
nightly linux32
947b1418ebb2 / 59.0a1 / 20171222100407 / files
nightly linux64
947b1418ebb2 / 59.0a1 / 20171222100407 / files
nightly mac
cd7926a8269c / 59.0a1 / 20171223225934 / files
nightly win32
947b1418ebb2 / 59.0a1 / 20171222100407 / files
nightly win64
947b1418ebb2 / 59.0a1 / 20171222100407 / files
last release without
nightly linux32
62dd5404cf55 / 59.0a1 / 20171221100108 / files
nightly linux64
62dd5404cf55 / 59.0a1 / 20171221100108 / files
nightly mac
62dd5404cf55 / 59.0a1 / 20171221100108 / files
nightly win32
62dd5404cf55 / 59.0a1 / 20171221100108 / files
nightly win64
62dd5404cf55 / 59.0a1 / 20171221100108 / files
Bug 1426443 - Set CORS mode for inline module scripts r=smaug
dom/script/ScriptLoader.cpp file | annotate | diff | comparison | revisions
testing/web-platform/meta/html/semantics/scripting-1/the-script-element/module/credentials.sub.html.ini file | annotate | diff | comparison | revisions
testing/web-platform/meta/html/semantics/scripting-1/the-script-element/module/crossorigin.html.ini file | annotate | diff | comparison | revisions 
--- a/dom/script/ScriptLoader.cpp
+++ b/dom/script/ScriptLoader.cpp
@@ -1565,19 +1565,24 @@ ScriptLoader::ProcessScriptElement(nsISc
     return false;
   }
 
   // Does CSP allow this inline script to run?
   if (!CSPAllowsInlineScript(aElement, mDocument)) {
     return false;
   }
 
-  // Inline scripts ignore ther CORS mode and are always CORS_NONE.
+  // Inline classic scripts ignore ther CORS mode and are always CORS_NONE.
+  CORSMode corsMode = CORS_NONE;
+  if (scriptKind == ScriptKind::Module) {
+    corsMode = aElement->GetCORSMode();
+  }
+
   request = CreateLoadRequest(scriptKind, mDocument->GetDocumentURI(), aElement,
-                              validJSVersion, CORS_NONE,
+                              validJSVersion, corsMode,
                               SRIMetadata(), // SRI doesn't apply
                               ourRefPolicy);
   request->mValidJSVersion = validJSVersion;
   request->mIsInline = true;
   request->mTriggeringPrincipal = mDocument->NodePrincipal();
   request->mLineNo = aElement->GetScriptLineNumber();
   request->mProgress = ScriptLoadRequest::Progress::Loading_Source;
   request->mDataType = ScriptLoadRequest::DataType::Source;
deleted file mode 100644
--- a/testing/web-platform/meta/html/semantics/scripting-1/the-script-element/module/credentials.sub.html.ini
+++ /dev/null
@@ -1,5 +0,0 @@
-[credentials.sub.html]
-  type: testharness
-  [Modules should be loaded with or without the credentials based on the same-origin-ness and the crossOrigin attribute]
-    expected: FAIL
-
deleted file mode 100644
--- a/testing/web-platform/meta/html/semantics/scripting-1/the-script-element/module/crossorigin.html.ini
+++ /dev/null
@@ -1,5 +0,0 @@
-[crossorigin.html]
-  type: testharness
-  [Imported module, Error in CORS-same-origin script]
-    expected: FAIL
-
mozilla-central
Deployed from e404c980045c at 2021-03-01T18:43:47Z.