From 739f09e19979b16b508cbb0048e519e1d4015f3a Mon Sep 17 00:00:00 2001 From: Patrick Shaughnessy Date: Fri, 14 Feb 2020 13:13:22 -0500 Subject: [PATCH] Handle access-control header wildcards --- components/net/fetch/methods.rs | 19 ++++++++++--------- components/net_traits/response.rs | 8 +++----- .../api/cors/cors-expose-star.sub.any.js.ini | 15 --------------- 3 files changed, 13 insertions(+), 29 deletions(-) delete mode 100644 tests/wpt/metadata/fetch/api/cors/cors-expose-star.sub.any.js.ini diff --git a/components/net/fetch/methods.rs b/components/net/fetch/methods.rs index e8c35e4a9015..e3c74e9da053 100644 --- a/components/net/fetch/methods.rs +++ b/components/net/fetch/methods.rs @@ -340,15 +340,16 @@ pub fn main_fetch( .map(|v| v.iter().collect()); match header_names { // Subsubstep 2. - Some(ref list) if request.credentials_mode != CredentialsMode::Include => { - if list.len() == 1 && list[0] == "*" { - response.cors_exposed_header_name_list = response - .headers - .iter() - .map(|(name, _)| name.as_str().to_owned()) - .collect(); - } - }, + Some(ref list) + if request.credentials_mode != CredentialsMode::Include && + list.iter().any(|header| header == "*") => + { + response.cors_exposed_header_name_list = response + .headers + .iter() + .map(|(name, _)| name.as_str().to_owned()) + .collect(); + } // Subsubstep 3. Some(list) => { response.cors_exposed_header_name_list = diff --git a/components/net_traits/response.rs b/components/net_traits/response.rs index 4ee8b37eb569..34e46ebc6a31 100644 --- a/components/net_traits/response.rs +++ b/components/net_traits/response.rs @@ -6,7 +6,7 @@ //! resulting from a [fetch operation](https://fetch.spec.whatwg.org/#concept-fetch) use crate::{FetchMetadata, FilteredMetadata, Metadata, NetworkError, ReferrerPolicy}; use crate::{ResourceFetchTiming, ResourceTimingType}; -use headers::{AccessControlExposeHeaders, ContentType, HeaderMapExt}; +use headers::{ContentType, HeaderMapExt}; use http::{HeaderMap, StatusCode}; use hyper_serde::Serde; use servo_arc::Arc; @@ -241,6 +241,7 @@ impl Response { } let old_headers = old_response.headers.clone(); + let exposed_headers = old_response.cors_exposed_header_name_list.clone(); let mut response = old_response.clone(); response.internal_response = Some(Box::new(old_response)); response.response_type = filter_type; @@ -266,10 +267,7 @@ impl Response { "expires" | "last-modified" | "pragma" => true, "set-cookie" | "set-cookie2" => false, header => { - let access = old_headers.typed_get::(); - let result = access - .and_then(|v| v.iter().find(|h| *header == h.as_str().to_ascii_lowercase())); - result.is_some() + exposed_headers.iter().any(|h| *header == h.as_str().to_ascii_lowercase()) } } }).map(|(n, v)| (n.clone(), v.clone())).collect(); diff --git a/tests/wpt/metadata/fetch/api/cors/cors-expose-star.sub.any.js.ini b/tests/wpt/metadata/fetch/api/cors/cors-expose-star.sub.any.js.ini deleted file mode 100644 index 9b247bfeb2e2..000000000000 --- a/tests/wpt/metadata/fetch/api/cors/cors-expose-star.sub.any.js.ini +++ /dev/null @@ -1,15 +0,0 @@ -[cors-expose-star.sub.any.html] - [Basic Access-Control-Expose-Headers: * support] - expected: FAIL - - [* can be one of several values] - expected: FAIL - - -[cors-expose-star.sub.any.worker.html] - [Basic Access-Control-Expose-Headers: * support] - expected: FAIL - - [* can be one of several values] - expected: FAIL -