From 0f1aa3b2265ab4881539ebfe630a7b016c8e5aac Mon Sep 17 00:00:00 2001 From: cobalt-github-releaser-bot <95661244+cobalt-github-releaser-bot@users.noreply.github.com> Date: Mon, 31 Jul 2023 11:02:04 -0700 Subject: [PATCH] Cherry pick PR #1071: Add disable_cors support to net_fetcher (#1080) Co-authored-by: Sherry Zhou <128753035+sherryzy@users.noreply.github.com> --- cobalt/loader/net_fetcher.cc | 4 +++- cobalt/loader/net_fetcher.h | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/cobalt/loader/net_fetcher.cc b/cobalt/loader/net_fetcher.cc index 872194a529a8..5ce5e2997ac6 100644 --- a/cobalt/loader/net_fetcher.cc +++ b/cobalt/loader/net_fetcher.cc @@ -102,6 +102,7 @@ NetFetcher::NetFetcher(const GURL& url, bool main_resource, security_callback_(security_callback), ALLOW_THIS_IN_INITIALIZER_LIST(start_callback_( base::Bind(&NetFetcher::Start, base::Unretained(this)))), + cors_policy_(network_module->network_delegate()->cors_policy()), request_cross_origin_(false), origin_(origin), request_script_(options.resource_type == disk_cache::kUncompiledScript), @@ -225,7 +226,8 @@ void NetFetcher::OnURLFetchResponseStarted(const net::URLFetcher* source) { if (request_cross_origin_ && (!source->GetResponseHeaders() || !CORSPreflight::CORSCheck(*source->GetResponseHeaders(), - origin_.SerializedOrigin(), false))) { + origin_.SerializedOrigin(), false, + cors_policy_))) { std::string msg(base::StringPrintf( "Cross origin request to %s was rejected by Same-Origin-Policy", source->GetURL().spec().c_str())); diff --git a/cobalt/loader/net_fetcher.h b/cobalt/loader/net_fetcher.h index 984bdcbb9546..8e4cf8ff59f5 100644 --- a/cobalt/loader/net_fetcher.h +++ b/cobalt/loader/net_fetcher.h @@ -113,6 +113,7 @@ class NetFetcher : public Fetcher, // after being constructed, but before Start() runs. base::CancelableClosure start_callback_; + network::CORSPolicy cors_policy_; // True if request mode is CORS and request URL's origin is different from // request's origin. bool request_cross_origin_;