Closed Bug 1199693 Opened 9 years ago Closed 9 years ago

Test CORS preflight interception with and without an internal redirect

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla43

Tracking Flags:

Tracking

Status

firefox43

---

fixed

People

(Reporter: ehsan.akhgari, Assigned: ehsan.akhgari)

References

Details

Attachments

(1 file)

Test CORS preflight interception with and without an internal redirect 9 years ago (no longer active) 3.21 KB, patch	jdm : review+	Details \| Diff \| Splinter Review

(no longer active)

Assignee

Description

•

9 years ago

      No description provided.

(no longer active)

Assignee

Comment 1

•

9 years ago

Attached patch Test CORS preflight interception with and without an internal redirect — Details — Splinter Review

Attachment #8654171 - Flags: review?(josh)

(no longer active)

Assignee

Updated

•

9 years ago

Blocks: 1199049

Josh Matthews [:jdm]

Comment 2

•

9 years ago

Comment on attachment 8654171 [details] [diff] [review]
Test CORS preflight interception with and without an internal redirect

Review of attachment 8654171 [details] [diff] [review]:
-----------------------------------------------------------------

::: dom/workers/test/serviceworkers/fetch/fetch_tests.js
@@ +148,5 @@
>    my_ok(xhr.getResponseHeader("access-control-allow-origin") == null, "cors headers should be filtered out");
>    finish();
>  });
>  
> +// Test that CORS preflight requests cannot be intercepteda.

intercepted

@@ +149,5 @@
>    finish();
>  });
>  
> +// Test that CORS preflight requests cannot be intercepteda.
> +// This test happens with an internal redirect because the SW doesn't call respondWith.

I don't understand what this means, so let's be more explicit:
Performs a cross-origin XHR that the SW chooses not to intercept. This requires a preflight request, which the SW must not be allowed to intercept.

@@ +155,5 @@
>    my_ok(xhr.status == 0, "cross origin load with incorrect headers should be a failure");
>    finish();
>  }, [["X-Unsafe", "unsafe"]]);
>  
> +// Test that CORS preflight requests cannot be intercepteda.

intercepted

@@ +156,5 @@
>    finish();
>  }, [["X-Unsafe", "unsafe"]]);
>  
> +// Test that CORS preflight requests cannot be intercepteda.
> +// This test happens without an internal redirect because the SW does call respondWith.

Same confusion. More explicitly:
Performs a cross-origin XHR that the SW chooses to intercept and respond with a cross-origin fetch. This requires a preflight request, which the SW must not be allowed to intercept.

Attachment #8654171 - Flags: review?(josh) → review+

Pulsebot

Comment 3

•

9 years ago

https://hg.mozilla.org/integration/mozilla-inbound/rev/7ba08e5e0857

Ryan VanderMeulen [:RyanVM]

Comment 4

•

9 years ago

https://hg.mozilla.org/mozilla-central/rev/7ba08e5e0857

Assignee: nobody → ehsan

Status: NEW → RESOLVED

Closed: 9 years ago

status-firefox43: --- → fixed

Flags: in-testsuite+

Resolution: --- → FIXED

Target Milestone: --- → mozilla43

Nobody; OK to take it and work on it

Updated

•

5 years ago

Component: DOM → DOM: Core & HTML

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Test CORS preflight interception with and without an internal redirect

Categories

(Core :: DOM: Core & HTML, defect)

Tracking

()

People

(Reporter: ehsan.akhgari, Assigned: ehsan.akhgari)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Updated

Comment 2

Comment 3

Comment 4

Updated

Attachment

General

Description

File Name

Content Type