Closed
Bug 1517872
Opened 5 years ago
Closed 5 years ago
[wpt-sync] Sync PR 14722 - Allow same-origin responses in CORB (even initiated by content scripts).
Categories
(Core :: DOM: Core & HTML, enhancement, P4)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla67
Tracking | Status | |
---|---|---|
firefox67 | --- | fixed |
People
(Reporter: mozilla.org, Unassigned)
References
()
Details
(Whiteboard: [wptsync downstream])
Sync web-platform-tests PR 14722 into mozilla-central (this bug is closed when the sync is complete). PR: https://github.com/web-platform-tests/wpt/pull/14722 Details from upstream follow. Lukasz Anforowicz <lukasza@chromium.org> wrote: > Allow same-origin responses in CORB (even initiated by content scripts). > > Consider the following scenario: A content script from > chrome-extension://example-extension injected into > https://example.com/page.html performs an XHR/fetch of > https://example.com/resource.json. > > The scenario above has been problematic for CORB, because > CrossOriginReadBlocking::ResponseAnalyzer::ShouldBlockBasedOnHeaders > sees that |initiator| (chrome-extension://example-extension) is > different from |target_origin| (https://example.com). Before this > CL, such case would be considered cross-origin and blocked (this didn't > happen in practice only because URLLoaderFactories for extensions had > CORB turned off). After this CL, such case would be considered > same-origin based on a matching |request_initiator_site_lock| (this > change enables turning CORB on for extensions in a separate, later CL). > > Change-Id: I367a5452f7aa080d590ff46bf4a57d1403ae80dd > Bug: 918660 > Reviewed-on: https://chromium-review.googlesource.com/1394432 > WPT-Export-Revision: cbe9e6597682ec0369bf96fd67403305d0f02ea8
Assignee | ||
Updated•5 years ago
|
Component: web-platform-tests → DOM
Product: Testing → Core
Assignee | ||
Comment 1•5 years ago
|
||
Pushed to try https://treeherder.mozilla.org/#/jobs?repo=try&revision=dfe07094a922883ec46c2a3ebe69c382825a158b
Assignee | ||
Comment 2•5 years ago
|
||
Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=03e527c34470eaa19a7d2e32bdb035df5a56e3c8
Pushed by james@hoppipolla.co.uk: https://hg.mozilla.org/integration/mozilla-inbound/rev/fae2c3eae0f2 [wpt PR 14722] - Allow same-origin responses in CORB (even initiated by content scripts)., a=testonly
Pushed by james@hoppipolla.co.uk: https://hg.mozilla.org/integration/mozilla-inbound/rev/8c9722a9c976 [wpt PR 14722] - Allow same-origin responses in CORB (even initiated by content scripts)., a=testonly
Comment 5•5 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox67:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla67
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•