Fix cookie exclusion for fetch CORS pre-flight requests (fixes #3596)

Cookies (and other credentials) will be excluded when appropriate by
downgrading |credentials_mode| from kSameOrigin to kOmit.

Improve logic for Origin header inclusion, including a fix for
Referrer/Origin calculation in URLRequestJob::ComputeReferrerForPolicy
when used with custom standard schemes.

Specify correct CookiePartitionKeyCollection when loading cookies.

To test:
- Run tests from https://browseraudit.com/ with and without
  `--disable-request-handling-for-testing`. Results are the same.
- Run `ceftests --gtest_filter=CorsTest.*`.
This commit is contained in:
Marshall Greenblatt
2023-11-16 18:19:27 -05:00
parent a9f1ce090a
commit cf934a20a7
10 changed files with 166 additions and 32 deletions

View File

@@ -39,7 +39,7 @@ CefAppManager::~CefAppManager() {
g_manager = nullptr;
}
void CefAppManager::AddCustomScheme(CefSchemeInfo* scheme_info) {
void CefAppManager::AddCustomScheme(const CefSchemeInfo* scheme_info) {
DCHECK(!scheme_info_list_locked_);
scheme_info_list_.push_back(*scheme_info);