Test for CORS-mediated requests from content scripts.
Before r694827, request_initiator for fetches from content scripts would be incompatible with request_initiator_site_lock, so CORB would safe-fail to treating request_initiator as if it was an opaque origin. This meant that no Access-Control-Allow-Origin would ever satisfy CORB. Since r694827 requests from content scripts set request_initiator to the origin of the frame/page where the content script was injected (not to the origin of the extension). This helps a tiny bit with https://crbug.com/920638 - now CORB will pass through responses with Access-Control-Allow-Origin that matches the origin of the frame/page where the content script runs. This CL adds a test that verifies this particular benefit of r694827. Bug: 920638 Change-Id: I139b12e4f46d48136e627a98b4f072cacc33b8e3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1864827 Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org> Reviewed-by:Devlin <rdevlin.cronin@chromium.org> Cr-Commit-Position: refs/heads/master@{#707594}
Showing
This diff is collapsed.
Please register or sign in to comment