Bug 1330682 - Use CORS when loading modules as per current spec

author: janekptacijarabaci <janekptacijarabaci@seznam.cz> 2018-04-14 08:46:05 +0200
committer: janekptacijarabaci <janekptacijarabaci@seznam.cz> 2018-04-14 08:46:05 +0200
commit: 7d38fbd5e1fdae628c9b2c54060885bdeca248c1 (patch)
tree: 8dd1d01a57e96c26daf22ce36969a11137f593fc /dom/base/nsScriptLoader.cpp
parent: 700c322d3766f191cfc8b329ac2000a973677139 (diff)
download: UXP-7d38fbd5e1fdae628c9b2c54060885bdeca248c1.tar
UXP-7d38fbd5e1fdae628c9b2c54060885bdeca248c1.tar.gz
UXP-7d38fbd5e1fdae628c9b2c54060885bdeca248c1.tar.lz
UXP-7d38fbd5e1fdae628c9b2c54060885bdeca248c1.tar.xz
UXP-7d38fbd5e1fdae628c9b2c54060885bdeca248c1.zip
1 files changed, 21 insertions, 9 deletions
diff --git a/dom/base/nsScriptLoader.cpp b/dom/base/nsScriptLoader.cpp
index 2098b8e70..433f6afa5 100644
--- a/dom/base/nsScriptLoader.cpp
+++ b/dom/base/nsScriptLoader.cpp
@@ -1236,15 +1236,27 @@ nsScriptLoader::StartLoad(nsScriptLoadRequest *aRequest, const nsAString &aType,
   nsCOMPtr<nsIInterfaceRequestor> prompter(do_QueryInterface(docshell));
 
   nsSecurityFlags securityFlags;
-  // TODO: the spec currently gives module scripts different CORS behaviour to
-  // classic scripts.
-  securityFlags = aRequest->mCORSMode == CORS_NONE
-    ? nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL
-    : nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS;
-  if (aRequest->mCORSMode == CORS_ANONYMOUS) {
-    securityFlags |= nsILoadInfo::SEC_COOKIES_SAME_ORIGIN;
-  } else if (aRequest->mCORSMode == CORS_USE_CREDENTIALS) {
-    securityFlags |= nsILoadInfo::SEC_COOKIES_INCLUDE;
+  if (aRequest->IsModuleRequest()) {
+    // According to the spec, module scripts have different behaviour to classic
+    // scripts and always use CORS.
+    securityFlags = nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS;
+    if (aRequest->mCORSMode == CORS_NONE) {
+      securityFlags |= nsILoadInfo::SEC_COOKIES_OMIT;
+    } else if (aRequest->mCORSMode == CORS_ANONYMOUS) {
+      securityFlags |= nsILoadInfo::SEC_COOKIES_SAME_ORIGIN;
+    } else {
+      MOZ_ASSERT(aRequest->mCORSMode == CORS_USE_CREDENTIALS);
+      securityFlags |= nsILoadInfo::SEC_COOKIES_INCLUDE;
+    }
+  } else {
+    securityFlags = aRequest->mCORSMode == CORS_NONE
+      ? nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL
+      : nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS;
+    if (aRequest->mCORSMode == CORS_ANONYMOUS) {
+      securityFlags |= nsILoadInfo::SEC_COOKIES_SAME_ORIGIN;
+    } else if (aRequest->mCORSMode == CORS_USE_CREDENTIALS) {
+      securityFlags |= nsILoadInfo::SEC_COOKIES_INCLUDE;
+    }
   }
   securityFlags |= nsILoadInfo::SEC_ALLOW_CHROME;
author	janekptacijarabaci <janekptacijarabaci@seznam.cz>	2018-04-14 08:46:05 +0200
committer	janekptacijarabaci <janekptacijarabaci@seznam.cz>	2018-04-14 08:46:05 +0200
commit	7d38fbd5e1fdae628c9b2c54060885bdeca248c1 (patch)
tree	8dd1d01a57e96c26daf22ce36969a11137f593fc /dom/base/nsScriptLoader.cpp
parent	700c322d3766f191cfc8b329ac2000a973677139 (diff)
download	UXP-7d38fbd5e1fdae628c9b2c54060885bdeca248c1.tar UXP-7d38fbd5e1fdae628c9b2c54060885bdeca248c1.tar.gz UXP-7d38fbd5e1fdae628c9b2c54060885bdeca248c1.tar.lz UXP-7d38fbd5e1fdae628c9b2c54060885bdeca248c1.tar.xz UXP-7d38fbd5e1fdae628c9b2c54060885bdeca248c1.zip