Opened 9 months ago

Closed 3 months ago

#7269 closed change (rejected)

Do not rewrite preflight OPTIONS requests

Reported by: mjethani Assignee:
Priority: Unknown Milestone:
Module: Platform Keywords: circumvention, closed-in-favor-of-gitlab
Cc: sebastian, kzar, hfiguiere, agiammarchi Blocked By:
Blocking: Platform: Unknown / Cross platform
Ready: no Confidential: no
Tester: Unknown Verified working: no
Review URL(s):

https://codereview.adblockplus.org/30002586/

Description

Background

When the browser wants to send a cross-origin request, it first checks with the server whether the server understands CORS using a preflight request. This is an OPTIONS request that the browser sends automatically. Once the server responds with the appropriate methods with the Access-Control-Allow-Methods header, the browser makes the actual GET or POST request.

When we rewrite a URL using the $rewrite option, we want to rewrite the URL for the actual GET or POST request, not the OPTIONS request, because if we do this the call fails and the site resorts to other ways to show ads.

What to change

In lib/requestBlocker.js, rewrite the URL only if the method is not OPTIONS.

Change History (5)

comment:1 Changed 9 months ago by mjethani

  • Review URL(s) modified (diff)

comment:2 Changed 9 months ago by mjethani

  • Cc hfiguiere added

comment:3 Changed 9 months ago by mjethani

  • Cc agiammarchi added

comment:4 in reply to: ↑ description Changed 9 months ago by mjethani

Replying to mjethani:

[...] if we do this the call fails and the site resorts to other ways to show ads.

I'm not sure about this actually, for the case that we are investigating.

Also, not rewriting the preflight OPTIONS request would leak information to the server, which is perhaps why the rewrite filter exists in the first place.

comment:5 Changed 3 months ago by sebastian

  • Keywords closed-in-favor-of-gitlab added
  • Resolution set to rejected
  • Status changed from new to closed

Sorry, but we switched to GitLab. If this issue is still relevant, please file it again in the new issue tracker.

Note: See TracTickets for help on using tickets.