Closed
Bug 1134856
Opened 10 years ago
Closed 8 years ago
Check and fix CORS preflight request to a HSTS domain
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: mayhemer, Assigned: mayhemer)
References
Details
(In reply to Jonas Sicking (:sicking) from comment #48) > So the issue (bug 881830) that was fixed was that: > > Page on http://a.com/ uses CORS (through <img crossorigin> or XHR) to fetch > a resource on http://b.com/ but where b.com uses HSTS. This should not be > blocked as long as b.com serves the appropriate CORS headers. > > However the issue that's remaining is that: > > Page on http://a.com/ uses CORS with a preflight (through XHR) to fetch a > resource on http://b.com/ but where b.com uses HSTS. This is still blocked > even if b.com serves the appropriate CORS headers and preflights. We have to confirm this is still broken via an updated test (https://bugzilla.mozilla.org/show_bug.cgi?id=881830#c46) and if found broken fix it in this bug. The result of this bug has to at least be a test that fails before bug 881830.
Assignee | ||
Updated•10 years ago
|
Assignee: nobody → honzab.moz
Assignee | ||
Comment 1•8 years ago
|
||
I confirmed locally/manually that the functionality works, nothing is broken! But I'm not up to build an automated test right now.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•