-
Takashi Toyoshima authored
cors::CheckAccessInternal() ensures if the HTTP response status is set to a non-zero value. This code was originally introduced in Blink side, but it's out-of-spec implementation. CORS preflight response expects an ok status for CORS checks and our implementation implicitly rejects the status 0. Actual response does not have such CORS specific status code check, and fetch() or XHR can receive an error status as long as the response has a right access control headers. But since 0 is not used in HTTP, we don't need such check in CORS code. So, let's remove this stale check and relevant test, WebAssociatedURLLoaderTest. CrossOriginWithAccessControlFailureBadStatusCode. This was added by https://codereview.chromium.org/110273006/, but the original change's intention does not help developers today. Also note that usual server applications such as Apache converts this kind of invalid status from CGI to 500 to assume such situation as an internal server error. This patch also integrate the ok status check into the cors::PreflightAccessCheck so to minimize exposed functions. Bug: 1039174 Change-Id: Ib8f8d84e200a01884daab9d726ac52b38e36a591 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1983696 Commit-Queue: Takashi Toyoshima <toyoshim@chromium.org> Reviewed-by:
Yutaka Hirano <yhirano@chromium.org> Reviewed-by:
Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/master@{#730111}
5c1d44bb
