mirror of
https://bitbucket.org/chromiumembedded/cef
synced 2025-06-05 21:39:12 +02:00
Fix cookie exclusion for fetch CORS pre-flight requests (fixes #3596)
Cookies (and other credentials) will be excluded when appropriate by downgrading |credentials_mode| from kSameOrigin to kOmit. Improve logic for Origin header inclusion, including a fix for Referrer/Origin calculation in URLRequestJob::ComputeReferrerForPolicy when used with custom standard schemes. Specify correct CookiePartitionKeyCollection when loading cookies. To test: - Run tests from https://browseraudit.com/ with and without `--disable-request-handling-for-testing`. Results are the same. - Run `ceftests --gtest_filter=CorsTest.*`.
This commit is contained in:
@@ -249,11 +249,19 @@ void LoadCookies(const CefBrowserContext::Getter& browser_context_getter,
|
||||
return;
|
||||
}
|
||||
|
||||
net::CookiePartitionKeyCollection partition_key_collection;
|
||||
if (request.trusted_params.has_value() &&
|
||||
!request.trusted_params->isolation_info.IsEmpty()) {
|
||||
partition_key_collection = net::CookiePartitionKeyCollection::FromOptional(
|
||||
net::CookiePartitionKey::FromNetworkIsolationKey(
|
||||
request.trusted_params->isolation_info.network_isolation_key()));
|
||||
}
|
||||
|
||||
CEF_POST_TASK(
|
||||
CEF_UIT,
|
||||
base::BindOnce(LoadCookiesOnUIThread, browser_context_getter, request.url,
|
||||
GetCookieOptions(request, /*for_loading_cookies=*/true),
|
||||
net::CookiePartitionKeyCollection(), allow_cookie_callback,
|
||||
std::move(partition_key_collection), allow_cookie_callback,
|
||||
std::move(done_callback)));
|
||||
}
|
||||
|
||||
|
Reference in New Issue
Block a user