Skip to content

Commit

Permalink
Merge pull request #123 from johnathan79717/skip-cors-checks-for-pna-…
Browse files Browse the repository at this point in the history 
…only-preflights

Skip CORS checks when preflight is only for PNA
  • Loading branch information
@johnathan79717
johnathan79717 authored Feb 1, 2024
2 parents 10350ae + fb91a9c commit e36babb
Showing 1 changed file with 48 additions and 8 deletions.
56 changes: 48 additions & 8 deletions index.src.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -841,15 +841,48 @@ <h4 id="fetching">Fetching</h4>
1. If |privateNetworkAccessCheckResult| is a [=network error=], return
|privateNetworkAccessCheckResult|.

1. Define a new algorithm to <dfn>determine the preflight mode</dfn>, given a
[=request=] |request| and a boolean |makeCORSPreflight|:

1. If |makeCORSPreflight| is true and one of these conditions is true:

* There is no method cache entry match for |request|'s
[=request/method=] using |request|, and either |request|'s
[=request/method=] is not a [=CORS-safelisted method=] or
|request|'s [=request/use-CORS-preflight flag=] is set.

* There is at least one [=list/item=] in the CORS-unsafe
request-header names with |request|'s [=request/header list=] for
which there is no header-name cache entry match using |request|.

Then:

1. If |request|'s [=request/target IP address space=] is not
null, then return "cors+pna".

1. Otherwise, return "cors".

1. If |request|'s [=request/target IP address space=] is not null, then
return "pna".

1. Otherwise, return "none".

1. Define a new algorithm called <dfn>HTTP-no-service-worker fetch</dfn>
based on the existing steps in [=HTTP fetch=] that are run if |response|
is still null after handling the fetch via service workers, and amend
those slightly as follows:

1. At the very start:
1. Let |preflightMode| be the result of invoking [=determine the
preflight mode=] given |request| and |makeCORSPreflight|.

1. If |request|'s [=request/target IP address space=] is not null,
then set <var ignore>makeCORSPreflight</var> to true.
1. Replace the entire condition "If <var ignore>makeCORSPreflight</var>
is true and ..., Then:" with:

1. If |preflightMode| is not "none", then:

1. Replace "running [=CORS-preflight fetch=] given |request|" with
"running [=CORS-preflight fetch=] given |request| and
|preflightMode|"

1. Immediately after running [=CORS-preflight fetch=]:

Expand Down Expand Up @@ -878,8 +911,13 @@ <h4 id="fetching">Fetching</h4>
Note: Because |request|'s [=request/target IP address space=] is set to a
non-null value when recursing, this recursion can go at most 1 level deep.

1. The [=CORS-preflight fetch=] algorithm is adjusted to handle the
new headers:
1. The [=CORS-preflight fetch=] algorithm is adjusted to take a new parameter
|preflightMode| (default "cors"), and handle the new headers as follows:

1. Only append \``Accept`\` and
\`<a http-header>`Access-Control-Request-Headers`</a>\` to
<var ignore>preflight</var>'s [=request/header list=] if
|preflightMode| is true.

1. Immediately before running [$HTTP-network-or-cache fetch$]:

Expand All @@ -893,8 +931,10 @@ <h4 id="fetching">Fetching</h4>

1. Immediately after the [=CORS check=]:

1. If |request|'s [=request/target IP address space=] is not null,
then:
1. If |preflightMode| is "pna" or "cors+pna",

1. [=Assert=]: |request|'s [=request/target IP address space=] is
not null.

1. Let |allow| be the result of [=extracting header list values=]
given
Expand All @@ -917,7 +957,7 @@ <h4 id="fetching">Fetching</h4>
empty, let |targetId| be |request|'s [=request/target IP
address space=]. Store the permission as an ephemeral
permission, then return null.

1. Let |targetId| be the result of [=extracting header list
values=] given
"<a http-header>`Private-Network-Access-ID`</a>" and
Expand Down

0 comments on commit e36babb

Please sign in to comment.