fix(extensions): bypass cors in requests made from background pages (#24483)

2020-08-04 01:56:18 +02:00 · 2020-08-04 01:56:18 +02:00 · f53aac97f5
commit f53aac97f5
parent 1350dc46ed
3 changed files with 31 additions and 6 deletions
--- a/spec-main/extensions-spec.ts
+++ b/spec-main/extensions-spec.ts
@ -16,7 +16,12 @@ describe('chrome extensions', () => {
  let server: http.Server;
  let url: string;
  before(async () => {
-    server = http.createServer((req, res) => res.end(emptyPage));
+    server = http.createServer((req, res) => {
+      if (req.url === '/cors') {
+        res.setHeader('Access-Control-Allow-Origin', 'http://example.com');
+      }
+      res.end(emptyPage);
+    });
    await new Promise(resolve => server.listen(0, '127.0.0.1', () => {
      url = `http://127.0.0.1:${(server.address() as AddressInfo).port}`;
      resolve();
@ -32,6 +37,19 @@ describe('chrome extensions', () => {
    });
  });

+  function fetch (contents: WebContents, url: string) {
+    return contents.executeJavaScript(`fetch(${JSON.stringify(url)})`);
+  }
+
+  it('bypasses CORS in requests made from extensions', async () => {
+    const customSession = session.fromPartition(`persist:${require('uuid').v4()}`);
+    const w = new BrowserWindow({ show: false, webPreferences: { session: customSession, sandbox: true } });
+    const extension = await customSession.loadExtension(path.join(fixtures, 'extensions', 'ui-page'));
+    w.loadURL(`${extension.url}bare-page.html`);
+    await emittedOnce(w.webContents, 'dom-ready');
+    await expect(fetch(w.webContents, `${url}/cors`)).to.not.be.rejectedWith(TypeError);
+  });
+
  it('loads an extension', async () => {
    // NB. we have to use a persist: session (i.e. non-OTR) because the
    // extension registry is redirected to the main session. so installing an