Bug 1212433 Fail fetch() calls that require preflight and also redirect. r=sicking a=abillings
authorBen Kelly <ben@wanderview.com>
Mon, 19 Oct 2015 13:25:44 -0700
changeset 296513 8cd5ca225e43248cd8113cc5f2a0964c5a518272
parent 296512 542dfaef09d09087168b0a07bea9075cf4e7d822
child 296514 58436ea9519016e87630a77fbf35cf0e8b9a906a
push id5245
push userraliiev@mozilla.com
push dateThu, 29 Oct 2015 11:30:51 +0000
treeherdermozilla-beta@dac831dc1bd0 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssicking, abillings
bugs1212433
milestone43.0a2
Bug 1212433 Fail fetch() calls that require preflight and also redirect. r=sicking a=abillings
dom/fetch/FetchDriver.cpp
dom/tests/mochitest/fetch/test_fetch_cors.js
--- a/dom/fetch/FetchDriver.cpp
+++ b/dom/fetch/FetchDriver.cpp
@@ -931,16 +931,34 @@ FetchDriver::AsyncOnChannelRedirect(nsIC
   // count are done by Necko.  The pref used is "network.http.redirection-limit"
   // which is set to 20 by default.
 
   // HTTP Fetch Step 9, "redirect status". We only unset this for spec
   // compatibility. Any actions we take on mRequest here do not affect what the
   //channel does.
   mRequest->UnsetSameOriginDataURL();
 
+  // Requests that require preflight are not permitted to redirect.
+  // Fetch spec section 4.2 "HTTP Fetch", step 4.9 just uses the manual
+  // redirect flag to decide whether to execute step 4.10 or not. We do not
+  // represent it in our implementation.
+  // The only thing we do is to check if the request requires a preflight (part
+  // of step 4.9), in which case we abort. This part cannot be done by
+  // nsCORSListenerProxy since it does not have access to mRequest.
+  // which case. Step 4.10.3 is handled by OnRedirectVerifyCallback(), and all
+  // the other steps are handled by nsCORSListenerProxy.
+  if (!NS_IsInternalSameURIRedirect(aOldChannel, aNewChannel, aFlags)) {
+    nsresult rv = DoesNotRequirePreflight(aNewChannel);
+    if (NS_FAILED(rv)) {
+      NS_WARNING("FetchDriver::OnChannelRedirect: "
+                 "DoesNotRequirePreflight returned failure");
+      return rv;
+    }
+  }
+
   // HTTP Fetch step 5, "redirect status", step 10 requires us to halt the
   // redirect, but successfully return an opaqueredirect Response to the
   // initiating Fetch.
   if (mRequest->GetRedirectMode() == RequestRedirect::Manual) {
     // Ideally we would simply not cancel the old channel and allow it to
     // be processed as normal.  Unfortunately this is quite fragile and
     // other redirect handlers can easily break it for certain use cases.
     //
--- a/dom/tests/mochitest/fetch/test_fetch_cors.js
+++ b/dom/tests/mochitest/fetch/test_fetch_cors.js
@@ -1244,17 +1244,17 @@ function testRedirects() {
              headers: { "Content-Type": "text/plain" },
              hops: [{ server: "http://mochi.test:8888",
                     },
                     { server: "http://example.com",
                       allowOrigin: origin,
                     },
                     ],
            },
-           { pass: 1,
+           { pass: 0,
              method: "POST",
              body: "hi there",
              headers: { "Content-Type": "text/plain",
                         "my-header": "myValue",
                       },
              hops: [{ server: "http://mochi.test:8888",
                     },
                     { server: "http://example.com",
@@ -1276,17 +1276,17 @@ function testRedirects() {
                       allowHeaders: "my-header",
                     },
                     { server: "http://test2.example.com",
                       allowOrigin: origin,
                       allowHeaders: "my-header",
                     }
                     ],
            },
-           { pass: 1,
+           { pass: 0,
              method: "DELETE",
              hops: [{ server: "http://mochi.test:8888",
                     },
                     { server: "http://example.com",
                       allowOrigin: origin,
                     },
                     ],
            },