Closed Bug 1272440 Opened 4 years ago Closed 3 years ago
Reevaluate whether CORS is required after HSTS Priming
In nsHttpChannel::ContinueConnect, if the HSTS priming result alters the URI, reevaluate whether CORS is required before sending the preflight.
Status: NEW → ASSIGNED
I don't believe CORS needs to be reevaluated as an additional step. Since AsyncOpen2 is required for HSTS priming, and HSTS priming uses nsHttpChannel::HandleAsyncRedirectChannelToHttps, which results in AsyncOpen2 being called on the upgraded URI. AsyncOpen2 will evaluate whether CORS is required on the updated URI, so no additional steps are required.
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.