RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 16:18:12 +00:00
Code Issues Activity Actions

LibWeb/Fetch: Use origins in Cross-Origin-Embedder-Policy algorithm

Browse source
This commit is contained in:
Kemal Zebari 2023-08-25 16:32:45 -07:00 committed by Tim Flynn
parent b33a71a35e
commit 4533794c32
1 changed files with 5 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

10
Userland/Libraries/LibWeb/Fetch/Infrastructure/HTTP/Requests.cpp
View file

@ -364,12 +364,12 @@ bool Request::cross_origin_embedder_policy_allows_credentials() const
// FIXME: 3. If requests clients policy containers embedder policys value is not "credentialless", then return true.
// 4. If requests origin is same origin with requests current URLs origin and request does not have a redirect-tainted origin, then return true.
// FIXME: Actually use the given origins once we have https://url.spec.whatwg.org/#concept-url-origin.
if (HTML::Origin().is_same_origin(HTML::Origin()) && !has_redirect_tainted_origin())
return true;
// 5. Return false.
return false;
auto const* request_origin = m_origin.get_pointer<HTML::Origin>();
if (request_origin == nullptr)
return false;
return request_origin->is_same_origin(URL::url_origin(current_url())) && !has_redirect_tainted_origin();
}
}