[webkit-reviews] review granted: [Bug 199261] Align with Origin header changes : [Attachment 393073] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Mar 10 03:23:43 PDT 2020
youenn fablet <youennf at gmail.com> has granted review:
Bug 199261: Align with Origin header changes
https://bugs.webkit.org/show_bug.cgi?id=199261
Attachment 393073: Patch
https://bugs.webkit.org/attachment.cgi?id=393073&action=review
--- Comment #14 from youenn fablet <youennf at gmail.com> ---
Comment on attachment 393073
--> https://bugs.webkit.org/attachment.cgi?id=393073
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=393073&action=review
> Source/WebCore/loader/cache/CachedResourceRequest.cpp:236
> + outgoingOrigin =
SecurityOrigin::createFromString(outgoingReferrer)->toString();
The append Origin algorithm is making use of response tainting == cors, which
is different from the mode.
Probably we have some slight behavioural differences, or maybe we already set
the origin header in the cases that matter.
Would be worth investigating.
It would also be nice to add a routine that implements the whole
https://fetch.spec.whatwg.org/#append-a-request-origin-header algorithm.
We have some bits here and there which makes it hard to know whether we are
doing the right thing.
For instance HEAD/GET check is done in FrameLoader::addHTTPOriginIfNeeded, not
here.
All of this might best be done as follow-ups though, let's go with this patch.
More information about the webkit-reviews
mailing list