Samuel Attard ce0739ad4f
fix: ensure corsEnabled: false protocol handlers do not work across protocols (41-x-y) ( #51270 ) ...
fix: ensure corsEnabled: false protocol handlers do not work across protocols (#51152 )
* fix: ensure corsEnabled: false protocol handlers do not work across protocols
Subresource requests for registered custom protocols are routed to
ElectronURLLoaderFactory via the renderer's per-scheme URLLoaderFactoryBundle
entry, which bypasses the network service's CorsURLLoaderFactory. This meant a
cross-origin page could fetch() a scheme registered with {supportFetchAPI: true}
and read the response body even when {corsEnabled: true} was not set.
Replicate CorsURLLoader::StartRequest's kCorsDisabledScheme gate in
ElectronURLLoaderFactory::CreateLoaderAndStart so cross-origin mode=cors
requests to such schemes fail before the JS handler runs, and tag cross-origin
mode=no-cors responses as opaque so the body is not script-readable while <img>
and similar subresource loads continue to work.
Re-enable the long-disabled "disallows CORS and fetch requests when only
supportFetchAPI is specified" test, add coverage for the opaque/no-cors,
same-origin, handler-not-invoked, corsEnabled-unaffected and net.fetch-unaffected
cases, and migrate spec helpers that were exercising a {supportFetchAPI: true}
scheme cross-origin to a corsEnabled scheme.
* chore: oxfmt
(cherry picked from commit 92f0993d94
2026-04-23 09:49:23 +02:00
2026-04-22 10:34:59 -05:00
2026-01-26 11:58:09 +01:00
2026-02-17 16:19:16 -05:00
2026-04-15 16:39:44 +09:00
2026-04-04 11:18:30 -05:00
2026-03-09 15:59:57 -07:00
2025-08-11 12:57:31 +09:00
2026-03-08 19:20:34 +01:00
2026-04-12 10:15:22 -05:00
2024-09-17 12:58:56 -07:00
2026-04-13 17:09:46 -04:00
2026-04-23 09:49:23 +02:00
2026-03-26 20:32:47 +00:00
2026-04-11 13:42:22 -07:00
2025-08-07 11:18:32 -04:00
2026-03-26 09:17:44 -04:00
2026-02-11 12:50:08 +01:00
2026-04-05 00:32:03 +00:00
2026-04-13 17:09:46 -04:00
2026-04-15 16:39:44 +09:00
2026-03-09 15:59:57 -07:00
2025-02-06 15:30:54 -05:00
2025-09-22 20:16:27 -07:00
2023-12-13 13:01:03 -08:00
2023-12-13 13:01:03 -08:00
2025-09-24 19:10:05 -05:00
2025-09-08 12:57:15 +02:00
2025-09-08 12:57:15 +02:00
2023-09-26 16:00:46 -04:00
2026-03-09 23:06:57 +00:00
2026-04-12 10:15:22 -05:00
2026-02-17 16:19:16 -05:00
2026-04-13 17:09:46 -04:00
2026-04-13 17:09:46 -04:00
2026-03-09 23:06:57 +00:00
2026-03-09 23:06:57 +00:00
2026-03-09 23:06:57 +00:00
2025-12-16 12:32:38 -05:00
2024-07-29 12:42:57 -05:00
2025-10-17 13:04:24 -04:00
2025-10-17 13:04:24 -04:00
2024-07-29 12:42:57 -05:00
2024-07-29 12:42:57 -05:00
2022-11-07 10:15:57 -08:00
2026-01-12 17:02:58 -06:00
2025-08-27 09:30:50 +09:00
2026-01-12 17:02:58 -06:00
2025-08-27 09:30:50 +09:00
2025-04-25 13:11:53 -05:00
2025-03-24 10:09:14 +01:00
2026-04-11 19:05:11 -07:00
2024-07-29 12:42:57 -05:00
2026-04-22 16:05:18 +02:00
2026-04-13 17:09:46 -04:00
2026-02-17 16:19:16 -05:00
2026-02-17 16:19:16 -05:00
2025-11-13 10:39:03 -05:00
2025-04-22 15:53:29 -04:00
2026-03-26 17:01:28 -04:00
2026-03-26 17:01:28 -04:00
2025-08-27 09:30:50 +09:00
2024-07-17 09:48:03 -04:00
2026-03-02 18:36:12 -05:00
2025-02-19 16:49:34 -06:00
2022-02-09 18:58:52 -08:00
2021-11-22 16:34:31 +09:00
2025-07-14 13:42:37 -07:00
2025-06-03 11:19:20 -04:00
2025-12-16 12:32:38 -05:00
2025-09-22 20:16:27 -07:00
2026-03-02 20:45:46 -08:00
2026-03-02 20:45:46 -08:00
2025-12-04 16:40:04 -08:00
2025-12-04 16:40:04 -08:00
2025-07-28 15:31:54 -07:00
2025-08-06 20:14:23 -04:00
2025-08-06 20:14:23 -04:00
2025-08-06 20:14:23 -04:00
2025-04-22 15:53:29 -04:00
2025-03-14 10:59:15 -05:00
2025-10-15 14:10:10 -07:00
2021-11-22 16:34:31 +09:00
2026-04-15 16:39:44 +09:00
2024-12-03 16:25:48 -06:00
2024-09-12 16:05:37 +02:00
2023-06-22 10:51:15 +02:00
2024-09-10 16:05:57 -07:00
2026-04-06 16:01:41 -04:00
2024-09-10 16:05:57 -07:00
2023-10-03 12:26:35 -07:00
2026-01-09 22:57:38 -08:00
2024-07-25 11:25:45 +02:00
2025-09-08 12:57:15 +02:00
2025-03-07 18:22:03 +09:00
2025-04-03 19:02:49 -05:00
2025-04-03 19:02:49 -05:00
2025-11-10 21:30:44 +01:00
2025-11-10 21:30:44 +01:00
2024-10-29 23:25:40 -05:00
2023-05-11 16:07:39 -04:00
2024-06-07 17:18:35 -04:00
2022-01-26 13:59:09 -08:00
2026-04-12 10:15:22 -05:00
2026-04-20 15:25:00 -07:00
2026-04-20 15:25:00 -07:00
2025-10-03 20:10:18 +02:00
2026-04-22 12:33:06 +02:00
2026-04-10 12:07:28 +02:00
2026-04-20 15:25:00 -07:00
2026-04-20 15:25:00 -07:00
2025-08-25 18:52:06 +09:00
2023-05-11 16:07:39 -04:00
2025-06-13 10:15:32 +02:00
2025-06-13 10:15:32 +02:00
2024-08-23 17:15:45 -05:00
2024-08-23 17:15:45 -05:00
2025-09-08 12:57:15 +02:00
2024-07-22 11:31:32 +02:00
2026-03-04 13:37:50 -06:00
2025-03-14 10:59:15 -05:00
2024-11-30 06:54:40 -06:00
2025-01-31 09:32:45 -05:00
2025-01-31 09:32:45 -05:00
2026-02-17 16:19:16 -05:00
2026-02-17 16:19:16 -05:00
2026-04-05 00:32:03 +00:00
2026-04-05 00:32:03 +00:00
2026-03-09 23:26:10 +00:00
2026-03-03 10:45:18 +01:00
2025-10-13 12:21:54 -04:00
2025-10-23 16:28:51 -04:00
2024-07-29 12:42:57 -05:00
2025-07-14 13:42:37 -07:00
2025-07-14 13:42:37 -07:00
2023-11-28 13:40:12 -08:00
2024-01-05 12:18:31 +01:00
2024-12-03 16:25:48 -06:00
2025-06-29 21:32:03 +02:00
2024-01-10 14:01:49 -06:00
2026-02-17 16:19:16 -05:00
2026-02-17 16:19:16 -05:00
ce0739ad4f