Modifying the URL in OnBeforeResourceLoad causes an internal redirect response. In cases where the request is cross-origin (containing a non-null "Origin" header) the redirect response must include the "Access-Control-Allow-Origin" header, otherwise the request will be blocked. This change also fixes a problem where existing request headers would be discarded if the request was modified in OnBeforeResourceLoad.
This commit is contained in:
parent
02a6b3bb38
commit
45329d05a5
|
@ -17,6 +17,7 @@
|
||||||
#include "content/public/browser/resource_context.h"
|
#include "content/public/browser/resource_context.h"
|
||||||
#include "content/public/browser/web_contents.h"
|
#include "content/public/browser/web_contents.h"
|
||||||
#include "net/http/http_status_code.h"
|
#include "net/http/http_status_code.h"
|
||||||
|
#include "services/network/public/cpp/cors/cors.h"
|
||||||
|
|
||||||
namespace net_service {
|
namespace net_service {
|
||||||
|
|
||||||
|
@ -608,12 +609,6 @@ void InterceptedRequest::BeforeRequestReceived(const GURL& original_url,
|
||||||
// Equivalent to no interception.
|
// Equivalent to no interception.
|
||||||
InterceptResponseReceived(original_url, nullptr);
|
InterceptResponseReceived(original_url, nullptr);
|
||||||
} else {
|
} else {
|
||||||
if (request_.referrer.is_valid()) {
|
|
||||||
// Intentionally override if referrer header already exists.
|
|
||||||
request_.headers.SetHeader(net::HttpRequestHeaders::kReferer,
|
|
||||||
request_.referrer.spec());
|
|
||||||
}
|
|
||||||
|
|
||||||
// TODO(network): Verify the case when WebContents::RenderFrameDeleted is
|
// TODO(network): Verify the case when WebContents::RenderFrameDeleted is
|
||||||
// called before network request is intercepted (i.e. if that's possible
|
// called before network request is intercepted (i.e. if that's possible
|
||||||
// and whether it can result in any issues).
|
// and whether it can result in any issues).
|
||||||
|
@ -642,6 +637,14 @@ void InterceptedRequest::InterceptResponseReceived(
|
||||||
head.encoded_data_length = head.headers->raw_headers().length();
|
head.encoded_data_length = head.headers->raw_headers().length();
|
||||||
head.content_length = head.encoded_body_length = 0;
|
head.content_length = head.encoded_body_length = 0;
|
||||||
|
|
||||||
|
std::string origin;
|
||||||
|
if (request_.headers.GetHeader(net::HttpRequestHeaders::kOrigin, &origin) &&
|
||||||
|
origin != url::Origin().Serialize()) {
|
||||||
|
// Allow redirects of cross-origin resource loads.
|
||||||
|
head.headers->AddHeader(MakeHeader(
|
||||||
|
network::cors::header_names::kAccessControlAllowOrigin, origin));
|
||||||
|
}
|
||||||
|
|
||||||
current_response_ = head;
|
current_response_ = head;
|
||||||
const net::RedirectInfo& redirect_info =
|
const net::RedirectInfo& redirect_info =
|
||||||
MakeRedirectInfo(request_, head.headers.get(), request_.url, 0);
|
MakeRedirectInfo(request_, head.headers.get(), request_.url, 0);
|
||||||
|
|
|
@ -1133,9 +1133,10 @@ void CefRequestImpl::Changed(uint8_t changes) {
|
||||||
}
|
}
|
||||||
if ((changes & kChangedHeaderMap) &&
|
if ((changes & kChangedHeaderMap) &&
|
||||||
!(backup_->backups_ & kChangedHeaderMap)) {
|
!(backup_->backups_ & kChangedHeaderMap)) {
|
||||||
if (!backup_->headermap_)
|
backup_->headermap_.reset(new HeaderMap());
|
||||||
backup_->headermap_.reset(new HeaderMap());
|
if (!headermap_.empty()) {
|
||||||
backup_->headermap_->swap(headermap_);
|
backup_->headermap_->insert(headermap_.begin(), headermap_.end());
|
||||||
|
}
|
||||||
backup_->backups_ |= kChangedHeaderMap;
|
backup_->backups_ |= kChangedHeaderMap;
|
||||||
}
|
}
|
||||||
if ((changes & kChangedFlags) && !(backup_->backups_ & kChangedFlags)) {
|
if ((changes & kChangedFlags) && !(backup_->backups_ & kChangedFlags)) {
|
||||||
|
|
Loading…
Reference in New Issue