Fix cross-origin redirect from OnBeforeResourceLoad (fixes issue #2695, see issue #2622).

Modifying the URL in OnBeforeResourceLoad causes an internal redirect response. In cases where the request is cross-origin (containing a non-null "Origin" header) the redirect response must include the "Access-Control-Allow-Origin" header, otherwise the request will be blocked. This change also fixes a problem where existing request headers would be discarded if the request was modified in OnBeforeResourceLoad.
2019-06-25 16:47:34 -04:00 · 2019-06-25 16:47:34 -04:00 · 45329d05a5
parent 02a6b3bb38
commit 45329d05a5
2 changed files with 13 additions and 9 deletions
--- a/libcef/browser/net_service/proxy_url_loader_factory.cc
+++ b/libcef/browser/net_service/proxy_url_loader_factory.cc
@ -17,6 +17,7 @@
 #include "content/public/browser/resource_context.h"
 #include "content/public/browser/web_contents.h"
 #include "net/http/http_status_code.h"
+#include "services/network/public/cpp/cors/cors.h"

 namespace net_service {

@ -608,12 +609,6 @@ void InterceptedRequest::BeforeRequestReceived(const GURL& original_url,
    // Equivalent to no interception.
    InterceptResponseReceived(original_url, nullptr);
  } else {
-    if (request_.referrer.is_valid()) {
-      // Intentionally override if referrer header already exists.
-      request_.headers.SetHeader(net::HttpRequestHeaders::kReferer,
-                                 request_.referrer.spec());
-    }
-
    // TODO(network): Verify the case when WebContents::RenderFrameDeleted is
    // called before network request is intercepted (i.e. if that's possible
    // and whether it can result in any issues).
@ -642,6 +637,14 @@ void InterceptedRequest::InterceptResponseReceived(
    head.encoded_data_length = head.headers->raw_headers().length();
    head.content_length = head.encoded_body_length = 0;

+    std::string origin;
+    if (request_.headers.GetHeader(net::HttpRequestHeaders::kOrigin, &origin) &&
+        origin != url::Origin().Serialize()) {
+      // Allow redirects of cross-origin resource loads.
+      head.headers->AddHeader(MakeHeader(
+          network::cors::header_names::kAccessControlAllowOrigin, origin));
+    }
+
    current_response_ = head;
    const net::RedirectInfo& redirect_info =
        MakeRedirectInfo(request_, head.headers.get(), request_.url, 0);
--- a/libcef/common/request_impl.cc
+++ b/libcef/common/request_impl.cc
@ -1133,9 +1133,10 @@ void CefRequestImpl::Changed(uint8_t changes) {
    }
    if ((changes & kChangedHeaderMap) &&
        !(backup_->backups_ & kChangedHeaderMap)) {
-      if (!backup_->headermap_)
-        backup_->headermap_.reset(new HeaderMap());
-      backup_->headermap_->swap(headermap_);
+      backup_->headermap_.reset(new HeaderMap());
+      if (!headermap_.empty()) {
+        backup_->headermap_->insert(headermap_.begin(), headermap_.end());
+      }
      backup_->backups_ |= kChangedHeaderMap;
    }
    if ((changes & kChangedFlags) && !(backup_->backups_ & kChangedFlags)) {