How to detect that a response failed a CORS check?

1,167 views
Skip to first unread message

Christian Biesinger

unread,
Jan 11, 2024, 2:59:50 PMJan 11
to net-dev
Hello,

We currently have implemented a URLLoaderThrottle that takes certain actions for same-origin requests.

We are considering changing it to same-site requests that passed CORS checks. My question is, can a URLLoaderThrottle tell from a network::mojom::URLResponseHead (possibly in combination with a network::ResourceRequest) that CORS checks have failed?


Thanks!
Christian

Matt Menke

unread,
Jan 12, 2024, 11:12:08 AMJan 12
to Christian Biesinger, net-dev
Disclaimer:  I'm not a CORS expert.

If CORS is enabled and CORS checks fail, the underlying URLLoader in the network process returns an error to the caller rather than the actual response.  If CORS isn't enabled, we don't do CORS checks.

Since this code is in the renderer, the request presumably already has CORS enabled, so it should get an error of some sort if CORS checks fail.

--
You received this message because you are subscribed to the Google Groups "net-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to net-dev+u...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/net-dev/CAPTJ0XHeiwbaXBW0AHW0OrwAR%2Baqo00eWEmMS4f6uz_D5w5vmQ%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages