From 0ffd59095d9920b18d915351dfc2f5adb03057f9 Mon Sep 17 00:00:00 2001 From: Pranjal Jumde Date: Sun, 15 Sep 2019 06:18:10 -0700 Subject: [PATCH] Issue 6021: Add X-Brave-Partner to CORS safelisted request headers --- .../network/public/cpp/cors/cors_unittest.cc | 25 +++++++++++++++++++ ...ices-network-public-cpp-cors-cors.cc.patch | 12 +++++++++ test/BUILD.gn | 1 + 3 files changed, 38 insertions(+) create mode 100644 chromium_src/services/network/public/cpp/cors/cors_unittest.cc create mode 100644 patches/services-network-public-cpp-cors-cors.cc.patch diff --git a/chromium_src/services/network/public/cpp/cors/cors_unittest.cc b/chromium_src/services/network/public/cpp/cors/cors_unittest.cc new file mode 100644 index 000000000000..005a6d4bfb55 --- /dev/null +++ b/chromium_src/services/network/public/cpp/cors/cors_unittest.cc @@ -0,0 +1,25 @@ +/* Copyright (c) 2019 The Brave Authors. All rights reserved. + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "services/network/public/cpp/cors/cors.h" + +#include "chrome/test/base/chrome_render_view_host_test_harness.h" + +namespace network { +namespace cors { +namespace { + +typedef testing::Test CorsTest; + +TEST_F(CorsTest, SafelistedHeader) { + EXPECT_TRUE(IsCorsSafelistedHeader("accept", "foo")); + EXPECT_FALSE(IsCorsSafelistedHeader("foo", "bar")); + EXPECT_FALSE(IsCorsSafelistedHeader("user-agent", "foo")); + EXPECT_TRUE(IsCorsSafelistedHeader("x-brave-partner", "foo")); +} + +} // namespace +} // namespace cors +} // namespace network diff --git a/patches/services-network-public-cpp-cors-cors.cc.patch b/patches/services-network-public-cpp-cors-cors.cc.patch new file mode 100644 index 000000000000..e59ebf9b02c1 --- /dev/null +++ b/patches/services-network-public-cpp-cors-cors.cc.patch @@ -0,0 +1,12 @@ +diff --git a/services/network/public/cpp/cors/cors.cc b/services/network/public/cpp/cors/cors.cc +index e0345d08067946debe655bf7ba2a85c70f29e93b..e63e251173b81493e66c4072f83f4027141fa1c0 100644 +--- a/services/network/public/cpp/cors/cors.cc ++++ b/services/network/public/cpp/cors/cors.cc +@@ -412,6 +412,7 @@ bool IsCorsSafelistedHeader(const std::string& name, const std::string& value) { + "sec-ch-ua-platform", + "sec-ch-ua-arch", + "sec-ch-ua-model", ++ "x-brave-partner", // Prevent Allow-Cross-Origin-Request-Header failures + }; + const std::string lower_name = base::ToLowerASCII(name); + if (std::find(std::begin(safe_names), std::end(safe_names), lower_name) == diff --git a/test/BUILD.gn b/test/BUILD.gn index b177053d3550..ee6436336cb5 100644 --- a/test/BUILD.gn +++ b/test/BUILD.gn @@ -86,6 +86,7 @@ test("brave_unit_tests") { "//brave/chromium_src/extensions/browser/sandboxed_unpacker_unittest.cc", "//brave/chromium_src/extensions/common/permissions/permissions_data_unittest.cc", "//brave/chromium_src/net/cookies/brave_canonical_cookie_unittest.cc", + "//brave/chromium_src/services/network/public/cpp/cors/cors_unittest.cc", "//brave/common/brave_content_client_unittest.cc", "//brave/common/importer/brave_mock_importer_bridge.cc", "//brave/common/importer/brave_mock_importer_bridge.h",