Closed Bug 1134856 Opened 10 years ago Closed 9 years ago

Check and fix CORS preflight request to a HSTS domain

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: mayhemer, Assigned: mayhemer)

References

Details

(In reply to Jonas Sicking (:sicking) from comment #48) > So the issue (bug 881830) that was fixed was that: > > Page on http://a.com/ uses CORS (through <img crossorigin> or XHR) to fetch > a resource on http://b.com/ but where b.com uses HSTS. This should not be > blocked as long as b.com serves the appropriate CORS headers. > > However the issue that's remaining is that: > > Page on http://a.com/ uses CORS with a preflight (through XHR) to fetch a > resource on http://b.com/ but where b.com uses HSTS. This is still blocked > even if b.com serves the appropriate CORS headers and preflights. We have to confirm this is still broken via an updated test (https://bugzilla.mozilla.org/show_bug.cgi?id=881830#c46) and if found broken fix it in this bug. The result of this bug has to at least be a test that fails before bug 881830.
Assignee: nobody → honzab.moz
Depends on: 1149250
I confirmed locally/manually that the functionality works, nothing is broken! But I'm not up to build an automated test right now.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.