mirror of
https://github.com/fergalmoran/ladybird.git
synced 2025-12-30 05:08:56 +00:00
95da08e035
CORS cross-origin responses in the No CORS request mode provide an opaque filtered response, which is the original response with certain attributes removed/changed. The relevant effect it has is setting the body to `null`, which means `body_bytes` has `Empty` in the process_response_consume_body callback. This effectively disables cross-origin linked resources (e.g. stylesheets). However, the web actually depends on this, especially for stylesheets retrieved from a cross-origin CDN. For example, Shopify websites request stylesheets from `cdn.shopify.com` and Substack websites request stylesheets from `substackcdn.com`. This makes this a specification bug, as this code was written from it. The workaround is to read the actual body from the unfiltered response and then call `process_linked_resource` from there. This _should_ be safe to do, as linked resource fetches do not include credentials (i.e. cookies and the Authorization header), so it cannot provide personalized responses.
25 KiB
25 KiB