Closed Bug 1134856 Opened 10 years ago Closed 8 years ago

Check and fix CORS preflight request to a HSTS domain

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: mayhemer, Assigned: mayhemer)

References

Details

(In reply to Jonas Sicking (:sicking) from comment #48)
> So the issue (bug 881830) that was fixed was that:
> 
> Page on http://a.com/ uses CORS (through <img crossorigin> or XHR) to fetch
> a resource on http://b.com/ but where b.com uses HSTS. This should not be
> blocked as long as b.com serves the appropriate CORS headers.
> 
> However the issue that's remaining is that:
> 
> Page on http://a.com/ uses CORS with a preflight (through XHR) to fetch a
> resource on http://b.com/ but where b.com uses HSTS. This is still blocked
> even if b.com serves the appropriate CORS headers and preflights.

We have to confirm this is still broken via an updated test (https://bugzilla.mozilla.org/show_bug.cgi?id=881830#c46) and if found broken fix it in this bug.

The result of this bug has to at least be a test that fails before bug 881830.
Assignee: nobody → honzab.moz
Depends on: 1149250
I confirmed locally/manually that the functionality works, nothing is broken!  But I'm not up to build an automated test right now.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.