Bug 1426443 - Set CORS mode for inline module scripts r=smaug
authorJon Coppeard <jcoppeard@mozilla.com>
Thu, 21 Dec 2017 11:17:12 +0000
changeset 397210 0b9a0430688df6b7a121d137cdd5ad9a23e01429
parent 397209 56a67e62f5cbd462019483e50d8972e37751bb53
child 397211 44946398493e3c3d9dceb6aed92be9afc469f110
push id33128
push useraiakab@mozilla.com
push dateThu, 21 Dec 2017 22:20:14 +0000
treeherdermozilla-central@f844e99f26b1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssmaug
bugs1426443
milestone59.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1426443 - Set CORS mode for inline module scripts r=smaug
dom/script/ScriptLoader.cpp
testing/web-platform/meta/html/semantics/scripting-1/the-script-element/module/credentials.sub.html.ini
testing/web-platform/meta/html/semantics/scripting-1/the-script-element/module/crossorigin.html.ini
--- a/dom/script/ScriptLoader.cpp
+++ b/dom/script/ScriptLoader.cpp
@@ -1565,19 +1565,24 @@ ScriptLoader::ProcessScriptElement(nsISc
     return false;
   }
 
   // Does CSP allow this inline script to run?
   if (!CSPAllowsInlineScript(aElement, mDocument)) {
     return false;
   }
 
-  // Inline scripts ignore ther CORS mode and are always CORS_NONE.
+  // Inline classic scripts ignore ther CORS mode and are always CORS_NONE.
+  CORSMode corsMode = CORS_NONE;
+  if (scriptKind == ScriptKind::Module) {
+    corsMode = aElement->GetCORSMode();
+  }
+
   request = CreateLoadRequest(scriptKind, mDocument->GetDocumentURI(), aElement,
-                              validJSVersion, CORS_NONE,
+                              validJSVersion, corsMode,
                               SRIMetadata(), // SRI doesn't apply
                               ourRefPolicy);
   request->mValidJSVersion = validJSVersion;
   request->mIsInline = true;
   request->mTriggeringPrincipal = mDocument->NodePrincipal();
   request->mLineNo = aElement->GetScriptLineNumber();
   request->mProgress = ScriptLoadRequest::Progress::Loading_Source;
   request->mDataType = ScriptLoadRequest::DataType::Source;
deleted file mode 100644
--- a/testing/web-platform/meta/html/semantics/scripting-1/the-script-element/module/credentials.sub.html.ini
+++ /dev/null
@@ -1,5 +0,0 @@
-[credentials.sub.html]
-  type: testharness
-  [Modules should be loaded with or without the credentials based on the same-origin-ness and the crossOrigin attribute]
-    expected: FAIL
-
deleted file mode 100644
--- a/testing/web-platform/meta/html/semantics/scripting-1/the-script-element/module/crossorigin.html.ini
+++ /dev/null
@@ -1,5 +0,0 @@
-[crossorigin.html]
-  type: testharness
-  [Imported module, Error in CORS-same-origin script]
-    expected: FAIL
-