[webkit-changes] [214252] trunk

[commit-queue]

Title: [214252] trunk

Revision

214252

Author

commit-qu...@webkit.org

Date

2017-03-22 10:14:36 -0700 (Wed, 22 Mar 2017)

Log Message

XMLHttpRequest: getAllResponseHeaders() should lowercase header names before sorting
https://bugs.webkit.org/show_bug.cgi?id=169286

Patch by Youenn Fablet <you...@apple.com> on 2017-03-22
Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

* web-platform-tests/XMLHttpRequest/getallresponseheaders-cl-expected.txt:
* web-platform-tests/XMLHttpRequest/getallresponseheaders-expected.txt:

Source/WebCore:

Covered by rebased tests.

https://xhr.spec.whatwg.org/#the-getallresponseheaders()-method now mandates to lowercase the header names and
sort them before appending them. This ensures that differences in the way headers are processed by browsers are
not visible to web pages. This also moves towards lowercased/case-insensitive header processing which should be
the norm.

* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::getAllResponseHeaders): Lower-casing, then sorting, then serializing headers.
* xml/XMLHttpRequest.h: Storing getAllResponseHeaders result if case needed again.

Modified Paths

• trunk/LayoutTests/imported/w3c/ChangeLog
• trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/getallresponseheaders-cl-expected.txt
• trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/getallresponseheaders-expected.txt
• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/xml/XMLHttpRequest.cpp
• trunk/Source/WebCore/xml/XMLHttpRequest.h

Diff

Modified: trunk/LayoutTests/imported/w3c/ChangeLog (214251 => 214252)

--- trunk/LayoutTests/imported/w3c/ChangeLog	2017-03-22 16:15:16 UTC (rev 214251)
+++ trunk/LayoutTests/imported/w3c/ChangeLog	2017-03-22 17:14:36 UTC (rev 214252)
@@ -1,3 +1,13 @@
+2017-03-22  Youenn Fablet  <you...@apple.com>
+
+        XMLHttpRequest: getAllResponseHeaders() should lowercase header names before sorting
+        https://bugs.webkit.org/show_bug.cgi?id=169286
+
+        Reviewed by Chris Dumez.
+
+        * web-platform-tests/XMLHttpRequest/getallresponseheaders-cl-expected.txt:
+        * web-platform-tests/XMLHttpRequest/getallresponseheaders-expected.txt:
+
 2017-03-22  Chris Dumez  <cdu...@apple.com>
 
         Implement the "noopener" feature for window.open()

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/getallresponseheaders-cl-expected.txt (214251 => 214252)

--- trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/getallresponseheaders-cl-expected.txt	2017-03-22 16:15:16 UTC (rev 214251)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/getallresponseheaders-cl-expected.txt	2017-03-22 17:14:36 UTC (rev 214252)
@@ -1,5 +1,5 @@
 
-FAIL Casing of known headers assert_equals: expected "content-length: 0\r\n" but got "Content-Length: 0\r\n"
+PASS Casing of known headers 
 FAIL Casing of known headers 1 assert_regexp_match: expected object "/content-TYPE/" but got ""
 FAIL Casing of known headers 2 assert_regexp_match: expected object "/THIS-is-A-test: 1, 2/" but got ""
 

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/getallresponseheaders-expected.txt (214251 => 214252)

--- trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/getallresponseheaders-expected.txt	2017-03-22 16:15:16 UTC (rev 214251)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/getallresponseheaders-expected.txt	2017-03-22 17:14:36 UTC (rev 214252)
@@ -1,4 +1,4 @@
 
 PASS XMLHttpRequest: getAllResponseHeaders() 
-FAIL XMLHttpRequest: getAllResponseHeaders() 1 assert_equals: expected "also-here: Mr. PB\r\newok: lego\r\nfoo-test: 1, 2\r\n" but got "ALSO-here: Mr. PB\r\nFOO-test: 1, 2\r\newok: lego\r\n"
+PASS XMLHttpRequest: getAllResponseHeaders() 1 
 

Modified: trunk/Source/WebCore/ChangeLog (214251 => 214252)

--- trunk/Source/WebCore/ChangeLog	2017-03-22 16:15:16 UTC (rev 214251)
+++ trunk/Source/WebCore/ChangeLog	2017-03-22 17:14:36 UTC (rev 214252)
@@ -1,3 +1,21 @@
+2017-03-22  Youenn Fablet  <you...@apple.com>
+
+        XMLHttpRequest: getAllResponseHeaders() should lowercase header names before sorting
+        https://bugs.webkit.org/show_bug.cgi?id=169286
+
+        Reviewed by Chris Dumez.
+
+        Covered by rebased tests.
+
+        https://xhr.spec.whatwg.org/#the-getallresponseheaders()-method now mandates to lowercase the header names and
+        sort them before appending them. This ensures that differences in the way headers are processed by browsers are
+        not visible to web pages. This also moves towards lowercased/case-insensitive header processing which should be
+        the norm.
+
+        * xml/XMLHttpRequest.cpp:
+        (WebCore::XMLHttpRequest::getAllResponseHeaders): Lower-casing, then sorting, then serializing headers.
+        * xml/XMLHttpRequest.h: Storing getAllResponseHeaders result if case needed again.
+
 2017-03-22  Chris Dumez  <cdu...@apple.com>
 
         Implement the "noopener" feature for window.open()

Modified: trunk/Source/WebCore/xml/XMLHttpRequest.cpp (214251 => 214252)

--- trunk/Source/WebCore/xml/XMLHttpRequest.cpp	2017-03-22 16:15:16 UTC (rev 214251)
+++ trunk/Source/WebCore/xml/XMLHttpRequest.cpp	2017-03-22 17:14:36 UTC (rev 214252)
@@ -930,18 +930,27 @@
     if (m_state < HEADERS_RECEIVED || m_error)
         return emptyString();
 
-    StringBuilder stringBuilder;
+    if (!m_allResponseHeaders) {
+        Vector<String> headers;
+        headers.reserveInitialCapacity(m_response.httpHeaderFields().size());
 
-    for (const auto& header : m_response.httpHeaderFields()) {
-        stringBuilder.append(header.key);
-        stringBuilder.append(':');
-        stringBuilder.append(' ');
-        stringBuilder.append(header.value);
-        stringBuilder.append('\r');
-        stringBuilder.append('\n');
+        for (auto& header : m_response.httpHeaderFields()) {
+            StringBuilder stringBuilder;
+            stringBuilder.append(header.key.convertToASCIILowercase());
+            stringBuilder.append(": ");
+            stringBuilder.append(header.value);
+            stringBuilder.append("\r\n");
+            headers.uncheckedAppend(stringBuilder.toString());
+        }
+        std::sort(headers.begin(), headers.end(), WTF::codePointCompareLessThan);
+
+        StringBuilder stringBuilder;
+        for (auto& header : headers)
+            stringBuilder.append(header);
+        m_allResponseHeaders = stringBuilder.toString();
     }
 
-    return stringBuilder.toString();
+    return m_allResponseHeaders;
 }
 
 String XMLHttpRequest::getResponseHeader(const String& name) const

Modified: trunk/Source/WebCore/xml/XMLHttpRequest.h (214251 => 214252)

--- trunk/Source/WebCore/xml/XMLHttpRequest.h	2017-03-22 16:15:16 UTC (rev 214251)
+++ trunk/Source/WebCore/xml/XMLHttpRequest.h	2017-03-22 17:14:36 UTC (rev 214252)
@@ -229,6 +229,7 @@
 
     ResponseType m_responseType { ResponseType::EmptyString };
     bool m_responseCacheIsValid { false };
+    mutable String m_allResponseHeaders;
 
     Timer m_resumeTimer;
     bool m_dispatchErrorOnResuming { false };

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes