diff --git a/credential-management/support/fedcm/continue_on.py b/credential-management/support/fedcm/continue_on.py index 2a580e0f3f4fd5..1b4831b51de7ee 100644 --- a/credential-management/support/fedcm/continue_on.py +++ b/credential-management/support/fedcm/continue_on.py @@ -7,8 +7,6 @@ def main(request, response): return request_error response.headers.set(b"Content-Type", b"application/json") - response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin")) - response.headers.set(b"Access-Control-Allow-Credentials", "true") account = request.POST.get(b"account_id").decode("utf-8") nonce = request.POST.get(b"nonce").decode("utf-8") diff --git a/credential-management/support/fedcm/request-params-check.py b/credential-management/support/fedcm/request-params-check.py index 08c28e32b7942d..6c610e6e201dd1 100644 --- a/credential-management/support/fedcm/request-params-check.py +++ b/credential-management/support/fedcm/request-params-check.py @@ -63,16 +63,12 @@ def accountsCheck(request): return (539, [], "Should not have Origin") def tokenCheck(request): - common_error = commonCheck(request, b"cors") + common_error = commonCheck(request) if (common_error): return common_error common_credentialed_error = commonCredentialedRequestCheck(request) if (common_credentialed_error): return common_credentialed_error - # The value of the Sec-Fetch-Site header can vary depending on the IdP origin - # but it should not be 'none'. - if request.headers.get(b"Sec-Fetch-Site") == b"none": - return (538, [], "Wrong Sec-Fetch-Site header") post_error = commonPostCheck(request) if (post_error): @@ -90,9 +86,8 @@ def revokeCheck(request): if (common_error): return common_error - common_credentialed_error = commonCredentialedRequestCheck(request) - if (common_credentialed_error): - return common_credentialed_error + if request.cookies.get(b"cookie") != b"1": + return (537, [], "Missing cookie") # The value of the Sec-Fetch-Site header can vary depending on the IdP origin # but it should not be 'none'. if request.headers.get(b"Sec-Fetch-Site") == b"none": diff --git a/credential-management/support/fedcm/token_with_account_id.py b/credential-management/support/fedcm/token_with_account_id.py index 04e7b5b56b9e56..52fb20184bc081 100644 --- a/credential-management/support/fedcm/token_with_account_id.py +++ b/credential-management/support/fedcm/token_with_account_id.py @@ -7,8 +7,6 @@ def main(request, response): return request_error response.headers.set(b"Content-Type", b"application/json") - response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin")) - response.headers.set(b"Access-Control-Allow-Credentials", "true") account_id = request.POST.get(b"account_id") return "{\"token\": \"account_id=" + account_id.decode("utf-8") + "\"}" diff --git a/credential-management/support/fedcm/token_with_auto_selected_flag.py b/credential-management/support/fedcm/token_with_auto_selected_flag.py index 3e011ce788c88a..93ccf3ee7e2277 100644 --- a/credential-management/support/fedcm/token_with_auto_selected_flag.py +++ b/credential-management/support/fedcm/token_with_auto_selected_flag.py @@ -7,8 +7,6 @@ def main(request, response): return request_error response.headers.set(b"Content-Type", b"application/json") - response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin")) - response.headers.set(b"Access-Control-Allow-Credentials", "true") is_auto_selected = request.POST.get(b"is_auto_selected") return "{\"token\": \"is_auto_selected=" + is_auto_selected.decode("utf-8") + "\"}" diff --git a/credential-management/support/fedcm/token_with_http_error.py b/credential-management/support/fedcm/token_with_http_error.py index 05b9945ba80dad..c8d95ab63d7ebd 100644 --- a/credential-management/support/fedcm/token_with_http_error.py +++ b/credential-management/support/fedcm/token_with_http_error.py @@ -7,8 +7,6 @@ def main(request, response): return request_error response.headers.set(b"Content-Type", b"application/json") - response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin")) - response.headers.set(b"Access-Control-Allow-Credentials", "true") response.status = (403, b"Forbidden") return "{\"token\": \"token\"}" diff --git a/credential-management/support/fedcm/token_with_rp_mode.py b/credential-management/support/fedcm/token_with_rp_mode.py index add634c99bb959..515736416f49cb 100644 --- a/credential-management/support/fedcm/token_with_rp_mode.py +++ b/credential-management/support/fedcm/token_with_rp_mode.py @@ -7,8 +7,6 @@ def main(request, response): return request_error response.headers.set(b"Content-Type", b"application/json") - response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin")) - response.headers.set(b"Access-Control-Allow-Credentials", "true") rp_mode = request.POST.get(b"mode") return "{\"token\": \"mode=" + rp_mode.decode("utf-8") + "\"}"