Permalink
Browse files

Do not allow CORS responses to "same-origin" requests

Tests will be done as part of https://bugzilla.mozilla.org/show_bug.cgi?id=1427978.

Fixes #629.
  • Loading branch information...
annevk committed Jan 6, 2018
1 parent b21fdeb commit 548bca234ad5d0296030b2384cc0b784799c4664
Showing with 4 additions and 2 deletions.
  1. +4 −2 fetch.bs
View
@@ -3009,13 +3009,15 @@ optional <i>CORS flag</i> and <i>CORS-preflight flag</i>, run these steps:
<a for=internal>internal response</a> otherwise.
<li>
<p>If one of the following conditions is true, then return a
<a>network error</a>:
<p>If one of the following conditions is true, then return a <a>network error</a>:
<ul class=brief>
<li><var>response</var>'s
<a for=response>type</a> is "<code>error</code>".
<li><var>request</var>'s <a for=request>mode</a> is "<code>same-origin</code>" and
<var>response</var>'s <a for=response>type</a> is "<code>cors</code>".
<li><var>request</var>'s <a for=request>mode</a> is not
"<code>no-cors</code>" and <var>response</var>'s
<a for=response>type</a> is "<code>opaque</code>".

0 comments on commit 548bca2

Please sign in to comment.