Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Disable cross origin check for mozbrowser-enabled top level pipelines
  • Loading branch information
paulrouget committed Mar 28, 2016
1 parent b97ffff commit dd08e90
Show file tree
Hide file tree
Showing 3 changed files with 54 additions and 6 deletions.
32 changes: 26 additions & 6 deletions components/script/dom/xmlhttprequest.rs
Expand Up @@ -62,6 +62,7 @@ use time;
use timers::{OneshotTimerCallback, OneshotTimerHandle};
use url::Url;
use url::percent_encoding::{utf8_percent_encode, USERNAME_ENCODE_SET, PASSWORD_ENCODE_SET};
use util::prefs;
use util::str::DOMString;

pub type SendParam = BlobOrStringOrURLSearchParams;
Expand Down Expand Up @@ -866,14 +867,33 @@ impl XMLHttpRequest {
fn process_headers_available(&self, cors_request: Option<CORSRequest>,
gen_id: GenerationId, metadata: Metadata) -> Result<(), Error> {

if let Some(ref req) = cors_request {
match metadata.headers {
Some(ref h) if allow_cross_origin_request(req, h) => {},
_ => {
self.process_partial_response(XHRProgress::Errored(gen_id, Error::Network));
return Err(Error::Network);
let bypass_cross_origin_check = {
// We want to be able to do cross-origin requests in browser.html.
// If the XHR happens in a top level window and the mozbrowser
// preference is enabled, we allow bypassing the CORS check.
// This is a temporary measure until we figure out Servo privilege
// story. See https://github.com/servo/servo/issues/9582
if let GlobalRoot::Window(win) = self.global() {
let is_root_pipeline = win.parent_info().is_none();
let is_mozbrowser_enabled = prefs::get_pref("dom.mozbrowser.enabled").as_boolean().unwrap_or(false);
is_root_pipeline && is_mozbrowser_enabled
} else {
false
}
};

if !bypass_cross_origin_check {
if let Some(ref req) = cors_request {
match metadata.headers {
Some(ref h) if allow_cross_origin_request(req, h) => {},
_ => {
self.process_partial_response(XHRProgress::Errored(gen_id, Error::Network));
return Err(Error::Network);
}
}
}
} else {
debug!("Bypassing cross origin check");
}

*self.response_url.borrow_mut() = metadata.final_url.serialize_no_fragment();
Expand Down
6 changes: 6 additions & 0 deletions tests/wpt/mozilla/meta/MANIFEST.json
Expand Up @@ -6060,6 +6060,12 @@
"url": "/_mozilla/mozilla/mime_sniffing_font_context.html"
}
],
"mozilla/mozbrowser/crossorigin_xhr.html": [
{
"path": "mozilla/mozbrowser/crossorigin_xhr.html",
"url": "/_mozilla/mozilla/mozbrowser/crossorigin_xhr.html"
}
],
"mozilla/mozbrowser/iframe_goback.html": [
{
"path": "mozilla/mozbrowser/iframe_goback.html",
Expand Down
22 changes: 22 additions & 0 deletions tests/wpt/mozilla/tests/mozilla/mozbrowser/crossorigin_xhr.html
@@ -0,0 +1,22 @@
<head>
<title>cross origin xhr() with mozbrowser</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>
<body>
<script>

async_test(function(t) {
var xhr = new XMLHttpRequest();
xhr.open("GET", "http://www2.web-platform.test:8000");
xhr.send();

xhr.onerror = this.unreached_func("Cross origin xhr() should not have failed");

xhr.onload = this.step_func_done(() => {
assert_equals(xhr.status, 200, "Cross origin xhr() is successful");
});
});

</script>
</body>

0 comments on commit dd08e90

Please sign in to comment.