OOR-CORS: Cleanup preflight algorithm changes

Now that the adding "Accept: */*" is clearly defined in the fetch spec, this patch make some cleanups to follow the spec algorithm, and remove a link to the issue thread. Bug: 995740 Change-Id: I5a8899f1a02254e95009c4202957e73e8e4ece31 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1828767 Auto-Submit: Takashi Toyoshima <toyoshim@chromium.org> Commit-Queue: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Cr-Commit-Position: refs/heads/master@{#701023}

OOR-CORS: Cleanup preflight algorithm changes
Now that the adding "Accept: */*" is clearly defined in the fetch spec, this patch make some cleanups to follow the spec algorithm, and remove a link to the issue thread. Bug: 995740 Change-Id: I5a8899f1a02254e95009c4202957e73e8e4ece31 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1828767 Auto-Submit: Takashi Toyoshima <toyoshim@chromium.org> Commit-Queue: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Cr-Commit-Position: refs/heads/master@{#701023}
b75db91e · Takashi Toyoshima · Commit Bot · 26279492 · b75db91e · b75db91e
Commit b75db91e authored Sep 30, 2019 by Takashi Toyoshima Committed by Commit Bot Sep 30, 2019
2 changed files
--- a/services/network/cors/preflight_controller.cc
+++ b/services/network/cors/preflight_controller.cc
@@ -78,8 +78,8 @@ std::unique_ptr<ResourceRequest> CreatePreflightRequest(
  std::unique_ptr<ResourceRequest> preflight_request =
      std::make_unique<ResourceRequest>();
-  // Algorithm step 1 through 4 of the CORS-preflight fetch,
+  // Algorithm step 1 through 5 of the CORS-preflight fetch,
-  // https://fetch.spec.whatwg.org/#cors-preflight-fetch-0.
+  // https://fetch.spec.whatwg.org/#cors-preflight-fetch.
  preflight_request->url = request.url;
  preflight_request->method = "OPTIONS";
  preflight_request->priority = request.priority;
@@ -93,6 +93,9 @@ std::unique_ptr<ResourceRequest> CreatePreflightRequest(
  preflight_request->fetch_window_id = request.fetch_window_id;
  preflight_request->render_frame_id = request.render_frame_id;
+  preflight_request->headers.SetHeader(network::kAcceptHeader,
+                                       kDefaultAcceptHeader);
  preflight_request->headers.SetHeader(
      header_names::kAccessControlRequestMethod, request.method);
@@ -117,9 +120,6 @@ std::unique_ptr<ResourceRequest> CreatePreflightRequest(
  // Additional headers that the algorithm in the spec does not require, but
  // it's better that CORS preflight requests have them.
  preflight_request->headers.SetHeader("Sec-Fetch-Mode", "cors");
-  // See also https://github.com/whatwg/fetch/issues/922 for kAcceptHeader.
-  preflight_request->headers.SetHeader(network::kAcceptHeader,
-                                       kDefaultAcceptHeader);
  return preflight_request;
 }

--- a/third_party/blink/web_tests/external/wpt/fetch/api/resources/preflight.py
+++ b/third_party/blink/web_tests/external/wpt/fetch/api/resources/preflight.py
@@ -26,7 +26,6 @@ def main(request, response):
            response.set_error(400, "No Access-Control-Request-Method header")
            return "ERROR: No access-control-request-method in preflight!"
-        # https://github.com/whatwg/fetch/issues/922
        if request.headers.get("Accept", "") != "*/*":
            response.set_error(400, "Request does not have 'Accept: */*' header")
            return "ERROR: Invalid access in preflight!"