Title: [214252] trunk
- Revision
- 214252
- Author
- commit-qu...@webkit.org
- Date
- 2017-03-22 10:14:36 -0700 (Wed, 22 Mar 2017)
Log Message
XMLHttpRequest: getAllResponseHeaders() should lowercase header names before sorting
https://bugs.webkit.org/show_bug.cgi?id=169286
Patch by Youenn Fablet <you...@apple.com> on 2017-03-22
Reviewed by Chris Dumez.
LayoutTests/imported/w3c:
* web-platform-tests/XMLHttpRequest/getallresponseheaders-cl-expected.txt:
* web-platform-tests/XMLHttpRequest/getallresponseheaders-expected.txt:
Source/WebCore:
Covered by rebased tests.
https://xhr.spec.whatwg.org/#the-getallresponseheaders()-method now mandates to lowercase the header names and
sort them before appending them. This ensures that differences in the way headers are processed by browsers are
not visible to web pages. This also moves towards lowercased/case-insensitive header processing which should be
the norm.
* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::getAllResponseHeaders): Lower-casing, then sorting, then serializing headers.
* xml/XMLHttpRequest.h: Storing getAllResponseHeaders result if case needed again.
Modified Paths
Diff
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (214251 => 214252)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2017-03-22 16:15:16 UTC (rev 214251)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2017-03-22 17:14:36 UTC (rev 214252)
@@ -1,3 +1,13 @@
+2017-03-22 Youenn Fablet <you...@apple.com>
+
+ XMLHttpRequest: getAllResponseHeaders() should lowercase header names before sorting
+ https://bugs.webkit.org/show_bug.cgi?id=169286
+
+ Reviewed by Chris Dumez.
+
+ * web-platform-tests/XMLHttpRequest/getallresponseheaders-cl-expected.txt:
+ * web-platform-tests/XMLHttpRequest/getallresponseheaders-expected.txt:
+
2017-03-22 Chris Dumez <cdu...@apple.com>
Implement the "noopener" feature for window.open()
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/getallresponseheaders-cl-expected.txt (214251 => 214252)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/getallresponseheaders-cl-expected.txt 2017-03-22 16:15:16 UTC (rev 214251)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/getallresponseheaders-cl-expected.txt 2017-03-22 17:14:36 UTC (rev 214252)
@@ -1,5 +1,5 @@
-FAIL Casing of known headers assert_equals: expected "content-length: 0\r\n" but got "Content-Length: 0\r\n"
+PASS Casing of known headers
FAIL Casing of known headers 1 assert_regexp_match: expected object "/content-TYPE/" but got ""
FAIL Casing of known headers 2 assert_regexp_match: expected object "/THIS-is-A-test: 1, 2/" but got ""
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/getallresponseheaders-expected.txt (214251 => 214252)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/getallresponseheaders-expected.txt 2017-03-22 16:15:16 UTC (rev 214251)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/getallresponseheaders-expected.txt 2017-03-22 17:14:36 UTC (rev 214252)
@@ -1,4 +1,4 @@
PASS XMLHttpRequest: getAllResponseHeaders()
-FAIL XMLHttpRequest: getAllResponseHeaders() 1 assert_equals: expected "also-here: Mr. PB\r\newok: lego\r\nfoo-test: 1, 2\r\n" but got "ALSO-here: Mr. PB\r\nFOO-test: 1, 2\r\newok: lego\r\n"
+PASS XMLHttpRequest: getAllResponseHeaders() 1
Modified: trunk/Source/WebCore/ChangeLog (214251 => 214252)
--- trunk/Source/WebCore/ChangeLog 2017-03-22 16:15:16 UTC (rev 214251)
+++ trunk/Source/WebCore/ChangeLog 2017-03-22 17:14:36 UTC (rev 214252)
@@ -1,3 +1,21 @@
+2017-03-22 Youenn Fablet <you...@apple.com>
+
+ XMLHttpRequest: getAllResponseHeaders() should lowercase header names before sorting
+ https://bugs.webkit.org/show_bug.cgi?id=169286
+
+ Reviewed by Chris Dumez.
+
+ Covered by rebased tests.
+
+ https://xhr.spec.whatwg.org/#the-getallresponseheaders()-method now mandates to lowercase the header names and
+ sort them before appending them. This ensures that differences in the way headers are processed by browsers are
+ not visible to web pages. This also moves towards lowercased/case-insensitive header processing which should be
+ the norm.
+
+ * xml/XMLHttpRequest.cpp:
+ (WebCore::XMLHttpRequest::getAllResponseHeaders): Lower-casing, then sorting, then serializing headers.
+ * xml/XMLHttpRequest.h: Storing getAllResponseHeaders result if case needed again.
+
2017-03-22 Chris Dumez <cdu...@apple.com>
Implement the "noopener" feature for window.open()
Modified: trunk/Source/WebCore/xml/XMLHttpRequest.cpp (214251 => 214252)
--- trunk/Source/WebCore/xml/XMLHttpRequest.cpp 2017-03-22 16:15:16 UTC (rev 214251)
+++ trunk/Source/WebCore/xml/XMLHttpRequest.cpp 2017-03-22 17:14:36 UTC (rev 214252)
@@ -930,18 +930,27 @@
if (m_state < HEADERS_RECEIVED || m_error)
return emptyString();
- StringBuilder stringBuilder;
+ if (!m_allResponseHeaders) {
+ Vector<String> headers;
+ headers.reserveInitialCapacity(m_response.httpHeaderFields().size());
- for (const auto& header : m_response.httpHeaderFields()) {
- stringBuilder.append(header.key);
- stringBuilder.append(':');
- stringBuilder.append(' ');
- stringBuilder.append(header.value);
- stringBuilder.append('\r');
- stringBuilder.append('\n');
+ for (auto& header : m_response.httpHeaderFields()) {
+ StringBuilder stringBuilder;
+ stringBuilder.append(header.key.convertToASCIILowercase());
+ stringBuilder.append(": ");
+ stringBuilder.append(header.value);
+ stringBuilder.append("\r\n");
+ headers.uncheckedAppend(stringBuilder.toString());
+ }
+ std::sort(headers.begin(), headers.end(), WTF::codePointCompareLessThan);
+
+ StringBuilder stringBuilder;
+ for (auto& header : headers)
+ stringBuilder.append(header);
+ m_allResponseHeaders = stringBuilder.toString();
}
- return stringBuilder.toString();
+ return m_allResponseHeaders;
}
String XMLHttpRequest::getResponseHeader(const String& name) const
Modified: trunk/Source/WebCore/xml/XMLHttpRequest.h (214251 => 214252)
--- trunk/Source/WebCore/xml/XMLHttpRequest.h 2017-03-22 16:15:16 UTC (rev 214251)
+++ trunk/Source/WebCore/xml/XMLHttpRequest.h 2017-03-22 17:14:36 UTC (rev 214252)
@@ -229,6 +229,7 @@
ResponseType m_responseType { ResponseType::EmptyString };
bool m_responseCacheIsValid { false };
+ mutable String m_allResponseHeaders;
Timer m_resumeTimer;
bool m_dispatchErrorOnResuming { false };
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes