fuchsia/engine/browser/web_engine_content_browser_client.h · 1d0c7959d6c9dd3a96442c0654e374f265360cc5 · eriksson monteiro / tangled

[web_engine] Use standard CORS header exemption list. · 1d0c7959

Kevin Marshall authored Oct 07, 2019

Configures the NetworkContext to permit CORS requests with headers
"Purpose" or "X-Requested-With" headers. These headers are safe and
used for resource preloading and CSRF blocking, respectively.

Previously, the Chromium netstack would block resources from loading if
either of these headers were set.

Bug: 1011905
Change-Id: I994ad2adddca5d00226e603b37c87d57cca69e1b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1846013Reviewed-by: Wez <wez@chromium.org>
Commit-Queue: Kevin Marshall <kmarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#703479}

1d0c7959

web_engine_content_browser_client.h 3 KB

Replace web_engine_content_browser_client.h