| Summary: | Add helper function to create a potential CORS request | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Daniel Bates <dbates> | ||||
| Component: | WebCore Misc. | Assignee: | Daniel Bates <dbates> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | Normal | CC: | aestes, ddkilzer, webkit-bug-importer, youennf | ||||
| Priority: | P2 | Keywords: | InRadar | ||||
| Version: | WebKit Local Build | ||||||
| Hardware: | All | ||||||
| OS: | All | ||||||
| Attachments: |
|
||||||
Created attachment 348795 [details]
Patch
Comment on attachment 348795 [details] Patch Clearing flags on attachment: 348795 Committed r235617: <https://trac.webkit.org/changeset/235617> All reviewed patches have been landed. Closing bug. |
CachedResourceRequest::setAsPotentiallyCrossOrigin() mixes the concepts of CORS settings states (No CORS, Anonymous and Use Credentials) and module script credentials mode ("omit", "same-origin", and "include") into an algorithm that has a passing resemblance of the algorithm Create a potential-CORS request from the HTML standard: <https://html.spec.whatwg.org/multipage/urls-and-fetching.html#create-a-potential-cors-request> (31 August 2018). Although the standard describes a mapping between CORS settings states and module script credentials modes it is error prone and confusing for setAsPotentiallyCrossOrigin() to support both concepts, called a "cross origin mode", as input to it. We should separate these concepts and more closely implement the algorithm Create a potential-CORS request from the HTML standard.