From a6e684abf17ae066df9f8facc7c97d223ce5ab7c Mon Sep 17 00:00:00 2001
From: Marshall Greenblatt <magreenblatt@gmail.com>
Date: Mon, 6 May 2024 15:09:13 -0400
Subject: [PATCH] Fix credentials mode for fetch request redirect (fixes #3675)

Also verified that https://browseraudit.com/ gives the same results
both with and without `--disable-request-handling-for-testing`.
---
 libcef/browser/net_service/proxy_url_loader_factory.cc | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/libcef/browser/net_service/proxy_url_loader_factory.cc b/libcef/browser/net_service/proxy_url_loader_factory.cc
index 27d640eab..443389c0e 100644
--- a/libcef/browser/net_service/proxy_url_loader_factory.cc
+++ b/libcef/browser/net_service/proxy_url_loader_factory.cc
@@ -359,6 +359,7 @@ class InterceptedRequest : public network::mojom::URLLoader,
   GURL redirect_url_;
   GURL header_client_redirect_url_;
   const net::MutableNetworkTrafficAnnotationTag traffic_annotation_;
+  std::optional<network::mojom::CredentialsMode> original_crendentials_mode_;
 
   mojo::Receiver<network::mojom::URLLoader> proxied_loader_receiver_;
   mojo::Remote<network::mojom::URLLoaderClient> target_client_;
@@ -507,6 +508,7 @@ void InterceptedRequest::Restart() {
     // Match logic in CorsURLLoader::StartNetworkRequest.
     const auto response_tainting = CalculateResponseTainting(
         should_check_cors, request_.mode, tainted_origin);
+    original_crendentials_mode_ = request_.credentials_mode;
     request_.credentials_mode =
         network::cors::CalculateCredentialsFlag(request_.credentials_mode,
                                                 response_tainting)
@@ -875,6 +877,14 @@ void InterceptedRequest::ContinueAfterIntercept() {
         target_loader_.BindNewPipeAndPassReceiver(), id_, options, request_,
         proxied_client_receiver_.BindNewPipeAndPassRemote(),
         traffic_annotation_);
+    if (original_crendentials_mode_) {
+      // Restore the original |credentials_mode| value after calling
+      // CreateLoaderAndStart. This matches the logic in CorsURLLoader::
+      // StartNetworkRequest and allows InterceptedRequest::Restart to compute
+      // the correct |credentials_mode| during a fetch request redirect.
+      request_.credentials_mode = *original_crendentials_mode_;
+      original_crendentials_mode_.reset();
+    }
   }
 }