-
Notifications
You must be signed in to change notification settings - Fork 898
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #3434 from brave/update_safelisted_headers
Issue 5952: Add X-Brave-Partner to CORS safelisted request headers
- Loading branch information
Showing
3 changed files
with
38 additions
and
0 deletions.
There are no files selected for viewing
25 changes: 25 additions & 0 deletions
25
chromium_src/services/network/public/cpp/cors/cors_unittest.cc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| /* Copyright (c) 2019 The Brave Authors. All rights reserved. | ||
| * This Source Code Form is subject to the terms of the Mozilla Public | ||
| * License, v. 2.0. If a copy of the MPL was not distributed with this file, | ||
| * You can obtain one at http://mozilla.org/MPL/2.0/. */ | ||
|
|
||
| #include "services/network/public/cpp/cors/cors.h" | ||
|
|
||
| #include "chrome/test/base/chrome_render_view_host_test_harness.h" | ||
|
|
||
| namespace network { | ||
| namespace cors { | ||
| namespace { | ||
|
|
||
| typedef testing::Test CorsTest; | ||
|
|
||
| TEST_F(CorsTest, SafelistedHeader) { | ||
| EXPECT_TRUE(IsCorsSafelistedHeader("accept", "foo")); | ||
| EXPECT_FALSE(IsCorsSafelistedHeader("foo", "bar")); | ||
| EXPECT_FALSE(IsCorsSafelistedHeader("user-agent", "foo")); | ||
| EXPECT_TRUE(IsCorsSafelistedHeader("x-brave-partner", "foo")); | ||
| } | ||
|
|
||
| } // namespace | ||
| } // namespace cors | ||
| } // namespace network |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| diff --git a/services/network/public/cpp/cors/cors.cc b/services/network/public/cpp/cors/cors.cc | ||
| index e0345d08067946debe655bf7ba2a85c70f29e93b..e63e251173b81493e66c4072f83f4027141fa1c0 100644 | ||
| --- a/services/network/public/cpp/cors/cors.cc | ||
| +++ b/services/network/public/cpp/cors/cors.cc | ||
| @@ -412,6 +412,7 @@ bool IsCorsSafelistedHeader(const std::string& name, const std::string& value) { | ||
| "sec-ch-ua-platform", | ||
| "sec-ch-ua-arch", | ||
| "sec-ch-ua-model", | ||
| + "x-brave-partner", // Prevent Allow-Cross-Origin-Request-Header failures | ||
| }; | ||
| const std::string lower_name = base::ToLowerASCII(name); | ||
| if (std::find(std::begin(safe_names), std::end(safe_names), lower_name) == |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters