How to detect that a response failed a CORS check?

Skip to first unread message

Christian Biesinger

Jan 11, 2024, 2:59:50 PMJan 11
to net-dev

We currently have implemented a URLLoaderThrottle that takes certain actions for same-origin requests.

We are considering changing it to same-site requests that passed CORS checks. My question is, can a URLLoaderThrottle tell from a network::mojom::URLResponseHead (possibly in combination with a network::ResourceRequest) that CORS checks have failed?


Matt Menke

Jan 12, 2024, 11:12:08 AMJan 12
to Christian Biesinger, net-dev
Disclaimer:  I'm not a CORS expert.

If CORS is enabled and CORS checks fail, the underlying URLLoader in the network process returns an error to the caller rather than the actual response.  If CORS isn't enabled, we don't do CORS checks.

Since this code is in the renderer, the request presumably already has CORS enabled, so it should get an error of some sort if CORS checks fail.

You received this message because you are subscribed to the Google Groups "net-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To view this discussion on the web visit
Reply all
Reply to author
0 new messages