1186589 - Ensure CORS preflight requests aren't intercepted

Status: RESOLVED FIXED

(Core :: DOM: Service Workers, defect)

Description

[Josh Matthews [:jdm]]

Right now the fact that they aren't is an incidental implementation detail, since we skip the HTTP cache for non-GET/POST/HEAD requests in OpenCacheEntry.

Comment 1

[Josh Matthews [:jdm]]

Attachment: Ensure CORS preflight requests are never intercepted

Jonas, let me know if there's someone else that could/should review this.

Comment 2

[Jonas Sicking (:sicking) No longer reading bugmail consistently]

Comment on attachment 8637504 [details] [diff] [review]
Ensure CORS preflight requests are never intercepted

I can only verify that this patch implements the described behavior. I have no idea if that behavior is a good idea or not. Leaving that to the ServiceWorker folks who will surely make sure that this doesn't cause security issues.

Comment 3

[Josh Matthews [:jdm]]

Comment on attachment 8637504 [details] [diff] [review]
Ensure CORS preflight requests are never intercepted

Ehsan, the fetch spec description of CORS states that it requires an HTTP-network-or-cache request (which explicitly does not invoke [[Handle Fetch]]). Does this patch make sense accordingly?

Comment 4

[(no longer active)]

Comment on attachment 8637504 [details] [diff] [review]
Ensure CORS preflight requests are never intercepted

Review of attachment 8637504 [details] [diff] [review]:
-----------------------------------------------------------------

Yes, this makes sense.  Thanks!

Comment 5

[Josh Matthews [:jdm]]

url:        https://hg.mozilla.org/integration/mozilla-inbound/rev/213875242ee5636f0e052ede2da4a69a975ea096
changeset:  213875242ee5636f0e052ede2da4a69a975ea096
user:       Josh Matthews <josh@joshmatthews.net>
date:       Thu Jul 23 10:25:12 2015 -0400
description:
Bug 1186589 - Ensure CORS preflight requests are never intercepted. r=sicking

Comment 6

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/mozilla-central/rev/213875242ee5