Fix redirect of requests with credentials mode 'include' (fixes issue #2699, see issue #2622).

Modifying the URL in OnBeforeResourceLoad causes an internal redirect response.
In cases where the request is cross-origin and credentials mode is 'include'
the redirect response must include the "Access-Control-Allow-Credentials"
header, otherwise the request will be blocked.
This commit is contained in:
Masako Toda 2019-07-16 21:42:04 +00:00 committed by Marshall Greenblatt
parent 367c6eb704
commit 99c27f57b1
1 changed files with 6 additions and 0 deletions

View File

@ -644,6 +644,12 @@ void InterceptedRequest::InterceptResponseReceived(
network::cors::header_names::kAccessControlAllowOrigin, origin)); network::cors::header_names::kAccessControlAllowOrigin, origin));
} }
if (request_.fetch_credentials_mode ==
network::mojom::FetchCredentialsMode::kInclude) {
head.headers->AddHeader(MakeHeader(
network::cors::header_names::kAccessControlAllowCredentials, "true"));
}
current_response_ = head; current_response_ = head;
const net::RedirectInfo& redirect_info = const net::RedirectInfo& redirect_info =
MakeRedirectInfo(request_, head.headers.get(), request_.url, 0); MakeRedirectInfo(request_, head.headers.get(), request_.url, 0);