LadybirdBrowser/ladybird
1
1
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-09-21 02:08:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

LibWeb/Fetch: Don't add cookies when creating ResourceLoader request

Browse Source 
Using LoadRequest::create_for_url_on_page will unconditionally add
cookies as long as there's a page available. However, it is up to
http_network_or_cache_fetch to determine if cookies should be added to
the request.

This was noticed when implementing CORS-preflight requests, where we
sent cookies in OPTIONS requests.
This commit is contained in:
Luke Wilde 2023-02-08 23:29:16 +00:00 committed by Linus Groh
parent c51026a855
commit bf2895365b
Notes: sideshowbarker 2024-07-17 00:33:01 +09:00 
Author: https://github.com/Lubrsi
Commit: https://github.com/SerenityOS/serenity/commit/bf2895365b
Pull-request: https://github.com/SerenityOS/serenity/pull/17383
Reviewed-by: https://github.com/linusg
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Userland/Libraries/LibWeb/Fetch/Fetching/Fetching.cpp
View File

@ -1583,7 +1583,12 @@ WebIDL::ExceptionOr<JS::NonnullGCPtr<PendingResponse>> nonstandard_resource_load
if (is<HTML::Window>(global_object))
page = static_cast<HTML::Window&>(global_object).page();
auto load_request = LoadRequest::create_for_url_on_page(request->current_url(), page);
// NOTE: Using LoadRequest::create_for_url_on_page here will unconditionally add cookies as long as there's a page available.
// However, it is up to http_network_or_cache_fetch to determine if cookies should be added to the request.
LoadRequest load_request;
load_request.set_url(request->current_url());
if (page)
load_request.set_page(*page);
load_request.set_method(DeprecatedString::copy(request->method()));
for (auto const& header : *request->header_list())
load_request.set_header(DeprecatedString::copy(header.name), DeprecatedString::copy(header.value));