[0.72] Omit trailing slash in Origin header (#12794)

* Omit trailing slash in Origin header

* Remove change file

* Change files

change/react-native-windows-90589a96-220b-4960-b974-b71ccff43cac.json

@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "Omit trailing slash in Origin header #12791",
+  "packageName": "react-native-windows",
+  "email": "julio.rocha@microsoft.com",
+  "dependentChangeType": "patch"
+}

vnext/Desktop.UnitTests/OriginPolicyHttpFilterTest.cpp

@@ -294,6 +294,33 @@ TEST_CLASS (OriginPolicyHttpFilterTest) {
       Assert::Fail(e.message().c_str());
     }
   }
+
+  TEST_METHOD(GetOriginRespectsDefaultPorts) {
+    constexpr const wchar_t *urls[] = {
+        L"http://site.ext",
+        L"https://site.ext",
+        L"http://site.ext:80",
+        L"https://site.ext:443",
+        L"http://site.ext:5555",
+        L"https://site.ext:5555",
+        L"http://site.ext:443",
+        L"https://site.ext:80"};
+
+    constexpr const wchar_t *expected[] = {
+        L"http://site.ext",
+        L"https://site.ext",
+        L"http://site.ext",
+        L"https://site.ext",
+        L"http://site.ext:5555",
+        L"https://site.ext:5555",
+        L"http://site.ext:443",
+        L"https://site.ext:80"};
+
+    auto size = sizeof(urls) / sizeof(wchar_t *);
+    for (size_t i = 0; i < size; ++i) {
+      Assert::AreEqual(expected[i], OriginPolicyHttpFilter::GetOrigin(Uri{urls[i]}).c_str());
+    }
+  }
 };
 
 } // namespace Microsoft::React::Test

vnext/Shared/Networking/OriginPolicyHttpFilter.cpp

@@ -154,8 +154,16 @@ bool OriginPolicyHttpFilter::ConstWcharComparer::operator()(const wchar_t *a, co
   return s_simpleCorsMethods.find(request.Method().ToString().c_str()) != s_simpleCorsMethods.cend();
 }
 
-/*static*/ Uri OriginPolicyHttpFilter::GetOrigin(Uri const &uri) noexcept {
-  return Uri{uri.SchemeName() + L"://" + uri.Host() + L":" + to_hstring(uri.Port())};
+/*static*/ const hstring OriginPolicyHttpFilter::GetOrigin(Uri const &uri) noexcept {
+  auto const &scheme = uri.SchemeName();
+  auto port = uri.Port();
+
+  hstring result = scheme + L"://" + uri.Host();
+  if (!(port == 80 && scheme == L"http") && !(port == 443 && scheme == L"https")) {
+    result = result + L":" + to_hstring(port);
+  }
+
+  return result;
 }
 
 /*static*/ bool OriginPolicyHttpFilter::AreSafeRequestHeaders(
@@ -677,7 +685,7 @@ ResponseOperation OriginPolicyHttpFilter::SendPreflightAsync(HttpRequestMessage
   }
 
   preflightRequest.Headers().Insert(L"Access-Control-Request-Headers", headerNames);
-  preflightRequest.Headers().Insert(L"Origin", s_origin.AbsoluteCanonicalUri());
+  preflightRequest.Headers().Insert(L"Origin", GetOrigin(s_origin));
   preflightRequest.Headers().Insert(L"Sec-Fetch-Mode", L"CORS");
 
   co_return {co_await m_innerFilter.SendRequestAsync(preflightRequest)};
@@ -763,7 +771,7 @@ ResponseOperation OriginPolicyHttpFilter::SendRequestAsync(HttpRequestMessage co
 
     if (originPolicy == OriginPolicy::SimpleCrossOriginResourceSharing ||
         originPolicy == OriginPolicy::CrossOriginResourceSharing) {
-      coRequest.Headers().Insert(L"Origin", s_origin.AbsoluteCanonicalUri());
+      coRequest.Headers().Insert(L"Origin", GetOrigin(s_origin));
     }
 
     auto response = co_await m_innerFilter.SendRequestAsync(coRequest);

vnext/Shared/Networking/OriginPolicyHttpFilter.h

@@ -57,7 +57,7 @@ class OriginPolicyHttpFilter
       winrt::Windows::Foundation::Uri const &u1,
       winrt::Windows::Foundation::Uri const &u2) noexcept;
 
-  static winrt::Windows::Foundation::Uri GetOrigin(winrt::Windows::Foundation::Uri const &uri) noexcept;
+  static const winrt::hstring GetOrigin(winrt::Windows::Foundation::Uri const &uri) noexcept;
 
   static bool IsSimpleCorsRequest(winrt::Windows::Web::Http::HttpRequestMessage const &request) noexcept;