diff --git a/shell/browser/net/proxying_url_loader_factory.cc b/shell/browser/net/proxying_url_loader_factory.cc index 85a886f4752e..8b87367fa364 100644 --- a/shell/browser/net/proxying_url_loader_factory.cc +++ b/shell/browser/net/proxying_url_loader_factory.cc @@ -326,6 +326,14 @@ bool ProxyingURLLoaderFactory::IsForServiceWorkerScript() const { void ProxyingURLLoaderFactory::InProgressRequest::OnLoaderCreated( mojo::PendingReceiver receiver) { + // When CORS is involved there may be multiple network::URLLoader associated + // with this InProgressRequest, because CorsURLLoader may create a new + // network::URLLoader for the same request id in redirect handling - see + // CorsURLLoader::FollowRedirect. In such a case the old network::URLLoader + // is going to be detached fairly soon, so we don't need to take care of it. + // We need this explicit reset to avoid a DCHECK failure in mojo::Receiver. + header_client_receiver_.reset(); + header_client_receiver_.Bind(std::move(receiver)); if (for_cors_preflight_) { // In this case we don't have |target_loader_| and @@ -600,13 +608,17 @@ void ProxyingURLLoaderFactory::InProgressRequest:: override_headers_ = nullptr; if (for_cors_preflight_) { - // If this is for CORS preflight, there is no associated client. We notify - // the completion here, and deletes |this|. + // If this is for CORS preflight, there is no associated client. info_->AddResponseInfoFromResourceResponse(*current_response_); + // Do not finish proxied preflight requests that require proxy auth. + // The request is not finished yet, give control back to network service + // which will start authentication process. + if (info_->response_code == net::HTTP_PROXY_AUTHENTICATION_REQUIRED) + return; + // We notify the completion here, and delete |this|. factory_->web_request_api()->OnResponseStarted(&info_.value(), request_); factory_->web_request_api()->OnCompleted(&info_.value(), request_, net::OK); - // Deletes |this|. factory_->RemoveRequest(network_service_request_id_, request_id_); return; }