RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 21:57:43 +00:00
Code Issues Activity Actions

LibWeb/Fetch: Don't add cookies when creating ResourceLoader request

Browse source 
Using LoadRequest::create_for_url_on_page will unconditionally add
cookies as long as there's a page available. However, it is up to
http_network_or_cache_fetch to determine if cookies should be added to
the request.

This was noticed when implementing CORS-preflight requests, where we
sent cookies in OPTIONS requests.
This commit is contained in:
Luke Wilde 2023-02-08 23:29:16 +00:00 committed by Linus Groh
parent c51026a855
commit bf2895365b
1 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
Userland/Libraries/LibWeb/Fetch/Fetching/Fetching.cpp
View file

@ -1583,7 +1583,12 @@ WebIDL::ExceptionOr<JS::NonnullGCPtr<PendingResponse>> nonstandard_resource_load
if (is<HTML::Window>(global_object)) if (is<HTML::Window>(global_object))
page = static_cast<HTML::Window&>(global_object).page(); page = static_cast<HTML::Window&>(global_object).page();
auto load_request = LoadRequest::create_for_url_on_page(request->current_url(), page); // NOTE: Using LoadRequest::create_for_url_on_page here will unconditionally add cookies as long as there's a page available.
// However, it is up to http_network_or_cache_fetch to determine if cookies should be added to the request.
LoadRequest load_request;
load_request.set_url(request->current_url());
if (page)
load_request.set_page(*page);
load_request.set_method(DeprecatedString::copy(request->method())); load_request.set_method(DeprecatedString::copy(request->method()));
for (auto const& header : *request->header_list()) for (auto const& header : *request->header_list())
load_request.set_header(DeprecatedString::copy(header.name), DeprecatedString::copy(header.value)); load_request.set_header(DeprecatedString::copy(header.name), DeprecatedString::copy(header.value));