[webkit-reviews] review requested: [Bug 208800] Implement wildcard behavior for Cross-Origin-Expose-Headers : [Attachment 393018] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Mar 10 14:31:15 PDT 2020
Rob Buis <rbuis at igalia.com> has asked for review:
Bug 208800: Implement wildcard behavior for Cross-Origin-Expose-Headers
https://bugs.webkit.org/show_bug.cgi?id=208800
Attachment 393018: Patch
https://bugs.webkit.org/attachment.cgi?id=393018&action=review
--- Comment #6 from Rob Buis <rbuis at igalia.com> ---
Comment on attachment 393018
--> https://bugs.webkit.org/attachment.cgi?id=393018
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=393018&action=review
>> Source/WebCore/platform/network/ResourceResponseBase.cpp:451
>> + if (type == SanitizationType::CrossOriginSafeWithoutCredentials &&
corsSafeHeaderSet.contains("*"))
>
> I do not think we need the type here.
> If the header name is '*' and credentials are true, the load will fail and we
probably do not need to do any sanitisation.
> Hopefully, we can simplify the patch.
I made a logic error in one of the patches, but now that I fixed that I was a
able to verify that indeed the sanitization part can be removed.
Sadly that is what I felt was the clean part of the code! If you have
suggestions to clean up the filter related code, let me know, I put some
thoughts about it in one of the comments.
More information about the webkit-reviews
mailing list