Fetch CORS cache match for credentials is incorrect #10525
Comments
|
Looks interesting! I don't know much about CORS, but I should have a PR in soon |
bors-servo
pushed a commit
that referenced
this issue
Apr 28, 2016
Fix logic for cors cache match The current logic for a cors cache match does not consider "credentials is false and request's credentials mode is not "include" or credentials is true." I could have missed something, but `CacheRequestDetails::credentials` is set to true if credentials mode is "include", and false otherwise. So `(!cors_cache.credentials && !cors_req.credentials) || cors_cache.credentials` would be directly following the spec, but unless I'm mistaken `cors_cache.credentials || !cors_req.credentials` is logically the same. Fixes: #10525 <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="35" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/10867) <!-- Reviewable:end -->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As far as I can tell, the implementation of the cache match concept is here. This doesn't handle the "either credentials is false and request's credentials mode is not "include" or credentials is true" text properly.
The text was updated successfully, but these errors were encountered: