Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(107)

Issue 1526903002: Make FetchResponseData::createCORSFilteredResponse() consult isForbiddenResponseHeaderName() (Closed)

Created:
5 years ago by tyoshino (SeeGerritForStatus)
Modified:
5 years ago
Reviewers:
yhirano
CC:
chromium-reviews, blink-reviews
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Make FetchResponseData::createCORSFilteredResponse() consult isForbiddenResponseHeaderName() According to the Fetch Standard, CORS filtered response must exclude headers whose name is forbidden response-header name even if it's listed in the Access-Control-Expose-Headers header. Since the only user visible interface, Response, is correctly applying the response guard rule, the issue is not exposed to the web, but we should make sure that FetchResponseData itself also conforms to the spec. This CL also replaces set-cookie exclusion code in createBasicFilteredResponse() with isForbiddenResponseHeaderName(). BUG=none R=yhirano Committed: https://crrev.com/58200f57b7e9c31ff270dfcb88d9ba7a08e4a3b3 Cr-Commit-Position: refs/heads/master@{#365224}

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+95 lines, -4 lines) Patch
M third_party/WebKit/Source/modules/fetch/FetchResponseData.cpp View 3 chunks +5 lines, -4 lines 0 comments Download
M third_party/WebKit/Source/modules/fetch/FetchResponseDataTest.cpp View 4 chunks +90 lines, -0 lines 0 comments Download

Messages

Total messages: 11 (6 generated)
tyoshino (SeeGerritForStatus)
5 years ago (2015-12-15 08:57:16 UTC) #3
yhirano
LGTM, thanks.
5 years ago (2015-12-15 09:29:36 UTC) #4
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1526903002/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1526903002/1
5 years ago (2015-12-15 09:34:08 UTC) #7
commit-bot: I haz the power
Committed patchset #1 (id:1)
5 years ago (2015-12-15 11:03:47 UTC) #9
commit-bot: I haz the power
5 years ago (2015-12-15 11:04:34 UTC) #11
Message was sent while issue was closed.
Patchset 1 (id:??) landed as
https://crrev.com/58200f57b7e9c31ff270dfcb88d9ba7a08e4a3b3
Cr-Commit-Position: refs/heads/master@{#365224}

Powered by Google App Engine
This is Rietveld 408576698