Prompt
When creating network requests, ensure all security-sensitive parameters are properly configured including origin, referrer, CORS mode, and destination. Incomplete request configuration can lead to test failures, security vulnerabilities, and incorrect cross-origin behavior.
Always specify:
- Origin: Set to the document’s origin for the request context
- Referrer: Use the document URL rather than NoReferrer when appropriate
- CORS mode: Configure based on the request type and cross-origin requirements
- Destination: Specify the correct destination type (e.g., Font, Script, etc.)
Example of proper request configuration:
let request = RequestBuilder::new(
state.webview_id,
url.clone().into(),
Referrer::ReferrerUrl(document_context.document_url.clone()),
)
.destination(Destination::Font)
.mode(RequestMode::CorsMode)
.origin(ImmutableOrigin::new(url.origin()));
Be particularly careful with CORS mode settings as they can cause failures when loading cross-origin resources. Test thoroughly when modifying request builder parameters, as incomplete configuration often manifests as test failures that may not be immediately obvious.