mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-08-05 15:49:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

LibWeb: Set Sec-Fetch-Site header to same-site where appropriate

Browse source 
This also fixes it looking at the request's current URL origin instead
of the request's actual origin.
This commit is contained in:
Luke Wilde 2025-01-28 19:10:32 +00:00 committed by Andreas Kling
commit b35979c3f7
Notes: github-actions[bot] 2025-01-30 20:57:30 +00:00
1 changed files with 9 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

12
Libraries/LibWeb/Fetch/Fetching/Fetching.cpp
View file

@ -2722,17 +2722,23 @@ void set_sec_fetch_site_header(Infrastructure::Request& request)
// 5. If headers value is not none, then for each url in rs url list: // 5. If headers value is not none, then for each url in rs url list:
if (!header_value.equals_ignoring_ascii_case("none"sv)) { if (!header_value.equals_ignoring_ascii_case("none"sv)) {
VERIFY(request.origin().has<URL::Origin>());
auto& request_origin = request.origin().get<URL::Origin>();
for (auto& url : request.url_list()) { for (auto& url : request.url_list()) {
// 1. If url is same origin with rs origin, continue. // 1. If url is same origin with rs origin, continue.
if (url.origin().is_same_origin(request.current_url().origin())) if (url.origin().is_same_origin(request_origin))
continue; continue;
// 2. Set headers value to cross-site. // 2. Set headers value to cross-site.
header_value = "cross-site"sv; header_value = "cross-site"sv;
// FIXME: 3. If rs origin is not same site with urls origin, then break. // 3. If rs origin is not same site with urls origin, then break.
if (!request_origin.is_same_site(url.origin()))
break;
// FIXME: 4. Set headers value to same-site. // 4. Set headers value to same-site.
header_value = "same-site"sv;
} }
} }