Diff
Modified: releases/WebKitGTK/webkit-2.16/LayoutTests/imported/w3c/ChangeLog (214778 => 214779)
--- releases/WebKitGTK/webkit-2.16/LayoutTests/imported/w3c/ChangeLog 2017-04-03 12:39:18 UTC (rev 214778)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/imported/w3c/ChangeLog 2017-04-03 12:56:35 UTC (rev 214779)
@@ -1,3 +1,13 @@
+2017-03-22 Youenn Fablet <you...@apple.com>
+
+ Safari sends empty "Access-Control-Request-Headers" in preflight request
+ https://bugs.webkit.org/show_bug.cgi?id=169851
+
+ Reviewed by Chris Dumez.
+
+ * web-platform-tests/fetch/api/cors/cors-preflight-expected.txt:
+ * web-platform-tests/fetch/api/cors/cors-preflight.js:
+
2017-03-10 Antti Koivisto <an...@apple.com>
imported/w3c/web-platform-tests/html/semantics/embedded-content/the-img-element/sizes/parse-a-sizes-attribute.html is unreliable
Modified: releases/WebKitGTK/webkit-2.16/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-expected.txt (214778 => 214779)
--- releases/WebKitGTK/webkit-2.16/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-expected.txt 2017-04-03 12:39:18 UTC (rev 214778)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-expected.txt 2017-04-03 12:56:35 UTC (rev 214779)
@@ -13,4 +13,5 @@
PASS CORS [GET] [several headers], server refuses
PASS CORS [PUT] [several headers], server allows
PASS CORS [PUT] [several headers], server refuses
+PASS CORS [PUT] [only safe headers], server allows
Modified: releases/WebKitGTK/webkit-2.16/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-worker-expected.txt (214778 => 214779)
--- releases/WebKitGTK/webkit-2.16/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-worker-expected.txt 2017-04-03 12:39:18 UTC (rev 214778)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-worker-expected.txt 2017-04-03 12:56:35 UTC (rev 214779)
@@ -13,4 +13,5 @@
PASS CORS [GET] [several headers], server refuses
PASS CORS [PUT] [several headers], server allows
PASS CORS [PUT] [several headers], server refuses
+PASS CORS [PUT] [only safe headers], server allows
Modified: releases/WebKitGTK/webkit-2.16/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight.js (214778 => 214779)
--- releases/WebKitGTK/webkit-2.16/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight.js 2017-04-03 12:39:18 UTC (rev 214778)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight.js 2017-04-03 12:56:35 UTC (rev 214779)
@@ -99,4 +99,6 @@
corsPreflight("CORS [PUT] [several headers], server allows", corsUrl, "PUT", true, headers, safeHeaders);
corsPreflight("CORS [PUT] [several headers], server refuses", corsUrl, "PUT", false, headers, safeHeaders);
+corsPreflight("CORS [PUT] [only safe headers], server allows", corsUrl, "PUT", true, null, safeHeaders);
+
done();
Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog (214778 => 214779)
--- releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog 2017-04-03 12:39:18 UTC (rev 214778)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog 2017-04-03 12:56:35 UTC (rev 214779)
@@ -1,3 +1,16 @@
+2017-03-22 Youenn Fablet <you...@apple.com>
+
+ Safari sends empty "Access-Control-Request-Headers" in preflight request
+ https://bugs.webkit.org/show_bug.cgi?id=169851
+
+ Reviewed by Chris Dumez.
+
+ Covered by updated test.
+
+ * loader/CrossOriginAccessControl.cpp:
+ (WebCore::createAccessControlPreflightRequest): Not adding "Access-Control-Request-Headers" to
+ request header if value is empty.
+
2017-03-21 Sergio Villar Senin <svil...@igalia.com>
[Soup] "Only from websites I visit" cookie policy is broken
Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/loader/CrossOriginAccessControl.cpp (214778 => 214779)
--- releases/WebKitGTK/webkit-2.16/Source/WebCore/loader/CrossOriginAccessControl.cpp 2017-04-03 12:39:18 UTC (rev 214778)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/loader/CrossOriginAccessControl.cpp 2017-04-03 12:56:35 UTC (rev 214779)
@@ -120,7 +120,8 @@
headerBuffer.append(headerField);
}
- preflightRequest.setHTTPHeaderField(HTTPHeaderName::AccessControlRequestHeaders, headerBuffer.toString());
+ if (!headerBuffer.isEmpty())
+ preflightRequest.setHTTPHeaderField(HTTPHeaderName::AccessControlRequestHeaders, headerBuffer.toString());
}
return preflightRequest;