Fix cross-origin redirect from OnBeforeResourceLoad (fixes issue #2695, see issue #2622).

Modifying the URL in OnBeforeResourceLoad causes an internal redirect response.
In cases where the request is cross-origin (containing a non-null "Origin"
header) the redirect response must include the "Access-Control-Allow-Origin"
header, otherwise the request will be blocked.

This change also fixes a problem where existing request headers would be
discarded if the request was modified in OnBeforeResourceLoad.
This commit is contained in:
Marshall Greenblatt
2019-06-25 16:47:34 -04:00
parent 02a6b3bb38
commit 45329d05a5
2 changed files with 13 additions and 9 deletions

View File

@@ -1133,9 +1133,10 @@ void CefRequestImpl::Changed(uint8_t changes) {
}
if ((changes & kChangedHeaderMap) &&
!(backup_->backups_ & kChangedHeaderMap)) {
if (!backup_->headermap_)
backup_->headermap_.reset(new HeaderMap());
backup_->headermap_->swap(headermap_);
backup_->headermap_.reset(new HeaderMap());
if (!headermap_.empty()) {
backup_->headermap_->insert(headermap_.begin(), headermap_.end());
}
backup_->backups_ |= kChangedHeaderMap;
}
if ((changes & kChangedFlags) && !(backup_->backups_ & kChangedFlags)) {