mirror of
https://bitbucket.org/chromiumembedded/cef
synced 2025-06-05 21:39:12 +02:00
Fix cookie exclusion for fetch CORS pre-flight requests (fixes #3596)
Cookies (and other credentials) will be excluded when appropriate by downgrading |credentials_mode| from kSameOrigin to kOmit. Improve logic for Origin header inclusion, including a fix for Referrer/Origin calculation in URLRequestJob::ComputeReferrerForPolicy when used with custom standard schemes. Specify correct CookiePartitionKeyCollection when loading cookies. To test: - Run tests from https://browseraudit.com/ with and without `--disable-request-handling-for-testing`. Results are the same. - Run `ceftests --gtest_filter=CorsTest.*`.
This commit is contained in:
Marshall Greenblatt
@@ -678,5 +678,11 @@ patches = [
|
||||
# https://chromium-review.googlesource.com/c/chromium/src/+/4829483
|
||||
# https://bugs.chromium.org/p/chromium/issues/detail?id=1470837#c22
|
||||
'name': 'rfh_navigation_4829483'
|
||||
},
|
||||
{
|
||||
# Fix Referrer & Origin calculation for secure referrer (custom standard
|
||||
# scheme) with insecure destination.
|
||||
# https://github.com/chromiumembedded/cef/issues/3596
|
||||
'name': 'net_url_request_3596'
|
||||
}
|
||||
]
|
||||
|
||||
Reference in New Issue
Block a user