New issue
Advanced search Search tips

Issue 860478 link

Starred by 2 users
Status: Fixed
Owner:
na...@chromium.org
Closed: Aug 20
Cc:
peter@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Bug



Sign in to add a comment

Origin header checks for POST instead of HEAD

Reported by sjoer...@gmail.com, Jul 5 
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:61.0) Gecko/20100101 Firefox/61.0

Steps to reproduce the problem:
I came across the following code in background_fetch_delegate_proxy.cc:

    // Append the Origin header for requests whose CORS flag is set, or whose
    // request method is not GET or HEAD. See section 3.1 of the standard:
    // https://fetch.spec.whatwg.org/#origin-header
    if (fetch_request.mode == network::mojom::FetchRequestMode::kCORS ||
        fetch_request.mode ==
            network::mojom::FetchRequestMode::kCORSWithForcedPreflight ||
        (fetch_request.method != "GET" && fetch_request.method != "POST")) {
      headers.SetHeader("Origin", origin.Serialize());
    }

The comment and spec says to check for GET or HEAD. The code checks for GET or POST. The code is inconsistent with the comment.

What is the expected behavior?
I would expect the second check for method to compare against "HEAD", not "POST".

What went wrong?
This is something I noticed in the source code, not some behavior of the browser that I could reproduce.

Did this work before? N/A 

Chrome version: pre_blink_merge-404550-gc1bd75f2cab8  Channel: canary
OS Version: OS X 10.12
Flash Version:

Comment 1 by dtapu...@chromium.org, Jul 5

Components: Blink>BackgroundFetch

Comment 2 by peter@chromium.org, Jul 5

Owner: na...@chromium.org
Status: Assigned (was: Unconfirmed)
Mugdha, mind having a look?

Comment 3 by na...@chromium.org, Aug 7

Status: Started (was: Assigned)
Sure.

Comment 4 by na...@chromium.org, Aug 7

Labels: BlocksMVP
Project Member

Comment 5 by bugdroid1@chromium.org, Aug 7 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f4fd7516f718593e4a113db17620e06a21ecdb2c

commit f4fd7516f718593e4a113db17620e06a21ecdb2c
Author: Mugdha Lakhani <nator@chromium.org>
Date: Tue Aug 07 20:16:46 2018

[Background Fetch]: Append the Origin header for requests where the request method is not
GET or HEAD, per https://fetch.spec.whatwg.org/#origin-header.

Bug:  860478 
Change-Id: I1dfda7fb630fbd200c5ed635228ebf81dd003156
Reviewed-on: https://chromium-review.googlesource.com/1165163
Commit-Queue: Mugdha Lakhani <nator@chromium.org>
Commit-Queue: Peter Beverloo <peter@chromium.org>
Reviewed-by: Peter Beverloo <peter@chromium.org>
Cr-Commit-Position: refs/heads/master@{#581327}
[modify] https://crrev.com/f4fd7516f718593e4a113db17620e06a21ecdb2c/content/browser/background_fetch/background_fetch_delegate_proxy.cc

Comment 6 by na...@chromium.org, Aug 20

Status: Fixed (was: Started)

Sign in to add a comment