KotJohansson/UXP
1
0
Fork 0
mirror of https://github.com/roytam1/UXP.git synced 2026-05-26 14:54:25 +00:00
Code Issues Projects Releases Wiki Activity

Bug 1493449 - Change the default credentials mode for module scripts from 'omit' to 'same-origin'

Browse Source 
Resolves #2642
This commit is contained in:
Boris Zbarsky
2024-10-01 00:03:06 +02:00
committed by roytam1
parent ea2268b5e8
commit 32498a0694
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
dom/script/ScriptLoader.cpp
+2 -3
View File
@@ -1307,9 +1307,8 @@ ScriptLoader::StartLoad(ScriptLoadRequest *aRequest, const nsAString &aType,
// According to the spec, module scripts have different behaviour to classic
// scripts and always use CORS.
securityFlags = nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS;
if (aRequest->CORSMode() == CORS_NONE) {
securityFlags |= nsILoadInfo::SEC_COOKIES_OMIT;
} else if (aRequest->CORSMode() == CORS_ANONYMOUS) {
if (aRequest->CORSMode() == CORS_NONE ||
aRequest->CORSMode() == CORS_ANONYMOUS) {
securityFlags |= nsILoadInfo::SEC_COOKIES_SAME_ORIGIN;
} else {
MOZ_ASSERT(aRequest->CORSMode() == CORS_USE_CREDENTIALS);