diff options
author | Michal Klocek <michal.klocek@qt.io> | 2018-08-10 11:44:32 +0200 |
---|---|---|
committer | Michal Klocek <michal.klocek@qt.io> | 2018-08-10 14:45:53 +0000 |
commit | 0cce345ee0781cda8effabf7521b9a3653c6674e (patch) | |
tree | cb436419d6cf3d5beea814b948d48742af912807 | |
parent | 0ce2beac90d6996a23854a95c91880695059d073 (diff) |
[Backport] CVE-2018-4117
[Fetch API] Fix redirect leak on "no-cors" requests
The spec issue is now fixed, and this CL follows the spec change[1].
1: https://github.com/whatwg/fetch/commit/14858d3e9402285a7ff3b5e47a22896ff3adc95d
Bug: 791324
Reviewed-on: https://chromium-review.googlesource.com/1023613
Change-Id: I4ed948591697e1dc9cff91d82333a49d8ec0c1a2
Reviewed-by: Michael BrĂ¼ning <michael.bruning@qt.io>
-rw-r--r-- | chromium/third_party/WebKit/Source/core/fetch/FetchManager.cpp | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/chromium/third_party/WebKit/Source/core/fetch/FetchManager.cpp b/chromium/third_party/WebKit/Source/core/fetch/FetchManager.cpp index 17d4734eed8..fbf917212e9 100644 --- a/chromium/third_party/WebKit/Source/core/fetch/FetchManager.cpp +++ b/chromium/third_party/WebKit/Source/core/fetch/FetchManager.cpp @@ -632,6 +632,16 @@ void FetchManager::Loader::Start() { // "- |request|'s mode is |no CORS|" if (request_->Mode() == network::mojom::FetchRequestMode::kNoCORS) { + // "If |request|'s redirect mode is not |follow|, then return a network + // error. + if (request_->Redirect() != network::mojom::FetchRedirectMode::kFollow) { + PerformNetworkError("Fetch API cannot load " + + request_->Url().GetString() + + ". Request mode is \"no-cors\" but the redirect mode " + " is not \"follow\"."); + return; + } + // "Set |request|'s response tainting to |opaque|." request_->SetResponseTainting(FetchRequestData::kOpaqueTainting); // "The result of performing a scheme fetch using |request|." |