[Webkit-unassigned] [Bug 59819] Sync XHRs are rejected when the cases of the origin and destination hosts are different
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jul 27 00:39:40 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=59819
youenn fablet <youennf at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |youennf at gmail.com
Resolution|--- |INVALID
--- Comment #4 from youenn fablet <youennf at gmail.com> ---
Doing a quick test, Firefox, Chrome and Safari are consistently rejecting this.
String comparison is done in passesAccessControlCheck between the header value and the serialised security origin.
This aligns with my reading of https://fetch.spec.whatwg.org/#cors-check, which is basically comparing the header value (might have any case) with a byte serialised origin (this one being always lowercased I believe).
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200727/c7a5f7b1/attachment.htm>
More information about the webkit-unassigned
mailing list