Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(358)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 109773002: Improve precision of error messages from failed CORS checks. (Closed)

Created:
7 years ago by sof
Modified:
7 years ago
CC:
blink-reviews
Base URL:
https://chromium.googlesource.com/chromium/blink.git@master
Visibility:
Public.

Description

Improve precision of error messages from failed CORS checks. Identify when the incoming Access-Control-Allow-Origin header value contains multiple origin tokens and report this as not allowed. If it doesn't and the origin is valid, provide an error message that informs of a mismatch between the origin strings. The previous error message could lead users into thinking that (white)lists of origins were supported. It is not by the spec nor current implementations. Removed a nearby and related FIXME; not a current concern. R= BUG=321517 TEST=http/tests/xmlhttprequest/origin-exact-matching Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=163406

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+163 lines, -104 lines) Patch
M LayoutTests/http/tests/eventsource/eventsource-cors-basic-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/eventsource/eventsource-cors-with-credentials-expected.txt View 1 chunk +2 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/htmlimports/import-script-block-crossorigin-dynamic-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-same-origin-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied-without-wildcard-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/xmlhttprequest/origin-exact-matching-expected.txt View 2 chunks +32 lines, -20 lines 0 comments Download
M LayoutTests/http/tests/xmlhttprequest/resources/access-control-allow-lists.php View 1 chunk +7 lines, -4 lines 0 comments Download
M LayoutTests/http/tests/xmlhttprequest/resources/origin-exact-matching-iframe.html View 3 chunks +43 lines, -28 lines 0 comments Download
M LayoutTests/platform/linux/http/tests/xmlhttprequest/origin-exact-matching-expected.txt View 2 chunks +32 lines, -20 lines 0 comments Download
M LayoutTests/platform/mac-snowleopard/http/tests/xmlhttprequest/origin-exact-matching-expected.txt View 2 chunks +32 lines, -20 lines 0 comments Download
M Source/core/fetch/CrossOriginAccessControl.cpp View 3 chunks +10 lines, -5 lines 0 comments Download

Messages

Total messages: 6 (0 generated)
sof
Please take a look when you get a chance. ("CORS enabling" services is proving to ...
7 years ago (2013-12-08 22:25:21 UTC) #1
abarth-chromium
lgtm
7 years ago (2013-12-09 07:02:37 UTC) #2
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/sigbjornf@opera.com/109773002/1
7 years ago (2013-12-09 07:02:43 UTC) #3
abarth-chromium
Thanks for bring this code into the present. :)
7 years ago (2013-12-09 07:02:56 UTC) #4
Mike West
LGTM2. Thanks for the error message improvements!
7 years ago (2013-12-09 08:11:05 UTC) #5
commit-bot: I haz the power
7 years ago (2013-12-09 08:14:18 UTC) #6
Message was sent while issue was closed. 
Change committed as 163406

Powered by Google App Engine
This is Rietveld 408576698