Diff
Modified: trunk/LayoutTests/ChangeLog (233738 => 233739)
--- trunk/LayoutTests/ChangeLog 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/LayoutTests/ChangeLog 2018-07-11 19:36:16 UTC (rev 233739)
@@ -1,3 +1,29 @@
+2018-07-11 Youenn Fablet <you...@apple.com>
+
+ Fix remaining Cross-Origin-Resource-Policy failures, if any
+ https://bugs.webkit.org/show_bug.cgi?id=186761
+ <rdar://problem/41209829>
+
+ Reviewed by Alex Christensen.
+
+ Remove redundant tests with WPT.
+
+ * http/wpt/cross-origin-resource-policy/fetch-expected.txt: Removed.
+ * http/wpt/cross-origin-resource-policy/fetch-in-iframe-expected.txt: Removed.
+ * http/wpt/cross-origin-resource-policy/fetch-in-iframe.html: Removed.
+ * http/wpt/cross-origin-resource-policy/fetch.html: Removed.
+ * http/wpt/cross-origin-resource-policy/iframe-loads-expected.txt: Removed.
+ * http/wpt/cross-origin-resource-policy/iframe-loads.html: Removed.
+ * http/wpt/cross-origin-resource-policy/image-loads-expected.txt: Removed.
+ * http/wpt/cross-origin-resource-policy/image-loads.html: Removed.
+ * http/wpt/cross-origin-resource-policy/resources/hello.py: Removed.
+ * http/wpt/cross-origin-resource-policy/resources/iframe.py: Removed.
+ * http/wpt/cross-origin-resource-policy/resources/iframeFetch.html: Removed.
+ * http/wpt/cross-origin-resource-policy/resources/redirect.py: Removed.
+ * http/wpt/cross-origin-resource-policy/resources/script.py: Removed.
+ * http/wpt/cross-origin-resource-policy/script-loads-expected.txt: Removed.
+ * http/wpt/cross-origin-resource-policy/script-loads.html: Removed.
+
2018-07-11 Jer Noble <jer.no...@apple.com>
Disable all network caching for HLS streams.
Deleted: trunk/LayoutTests/http/wpt/cross-origin-resource-policy/fetch-expected.txt (233738 => 233739)
--- trunk/LayoutTests/http/wpt/cross-origin-resource-policy/fetch-expected.txt 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/LayoutTests/http/wpt/cross-origin-resource-policy/fetch-expected.txt 2018-07-11 19:36:16 UTC (rev 233739)
@@ -1,26 +0,0 @@
-CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same-origin because it violates the resource's Cross-Origin-Resource-Policy response header.
-CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same-origin due to access control checks.
-CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same-site because it violates the resource's Cross-Origin-Resource-Policy response header.
-CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same-site due to access control checks.
-CONSOLE MESSAGE: Cancelled load to https://localhost:9443/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same-origin because it violates the resource's Cross-Origin-Resource-Policy response header.
-CONSOLE MESSAGE: Fetch API cannot load https://localhost:9443/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same-origin due to access control checks.
-CONSOLE MESSAGE: Cancelled load to http://localhost:8801/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same-origin because it violates the resource's Cross-Origin-Resource-Policy response header.
-CONSOLE MESSAGE: Fetch API cannot load http://localhost:8801/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same-origin due to access control checks.
-CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same-origin because it violates the resource's Cross-Origin-Resource-Policy response header.
-CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same-origin due to access control checks.
-CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8800/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same-origin denied by Cross-Origin Resource Sharing policy: Cancelled load to http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/redirect.py?corp=same-origin&redirectTo=http%3A%2F%2Flocalhost%3A8800%2FWebKit%2Fcross-origin-resource-policy%2Fresources%2Fhello.py%3Fcorp%3Dsame-origin because it violates the resource's Cross-Origin-Resource-Policy response header.
-CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/redirect.py?corp=same-origin&redirectTo=http%3A%2F%2Flocalhost%3A8800%2FWebKit%2Fcross-origin-resource-policy%2Fresources%2Fhello.py%3Fcorp%3Dsame-origin due to access control checks.
-
-PASS Same-origin fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header.
-PASS Same-origin fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.
-PASS Cross-origin cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header.
-PASS Cross-origin cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.
-PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header.
-PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.
-PASS Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-site' response header.
-PASS Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-origin' response header.
-PASS Valid cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.
-PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header after a redirection.
-PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header after a cross-origin redirection.
-PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' redirect response header.
-
Deleted: trunk/LayoutTests/http/wpt/cross-origin-resource-policy/fetch-in-iframe-expected.txt (233738 => 233739)
--- trunk/LayoutTests/http/wpt/cross-origin-resource-policy/fetch-in-iframe-expected.txt 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/LayoutTests/http/wpt/cross-origin-resource-policy/fetch-in-iframe-expected.txt 2018-07-11 19:36:16 UTC (rev 233739)
@@ -1,12 +0,0 @@
-CONSOLE MESSAGE: Cancelled load to http://localhost:8800/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same-origin because it violates the resource's Cross-Origin-Resource-Policy response header.
-CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same-origin due to access control checks.
-CONSOLE MESSAGE: Cancelled load to http://localhost:8800/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same-site because it violates the resource's Cross-Origin-Resource-Policy response header.
-CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same-site due to access control checks.
-CONSOLE MESSAGE: Cancelled load to http://localhost:8800/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same-origin because it violates the resource's Cross-Origin-Resource-Policy response header.
-CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/WebKit/cross-origin-resource-policy/resources/hello.py?corp=same-origin due to access control checks.
-
-PASS Cross-origin fetch in a data: iframe load fails if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same-origin' response header.
-PASS Cross-origin fetch in a data: iframe load fails if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same-site' response header.
-PASS Cross-origin fetch in a cross origin iframe load fails if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same-origin' response header.
-PASS Same-origin fetch in a cross origin iframe load succeeds if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same-origin' response header.
-
Deleted: trunk/LayoutTests/http/wpt/cross-origin-resource-policy/fetch-in-iframe.html (233738 => 233739)
--- trunk/LayoutTests/http/wpt/cross-origin-resource-policy/fetch-in-iframe.html 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/LayoutTests/http/wpt/cross-origin-resource-policy/fetch-in-iframe.html 2018-07-11 19:36:16 UTC (rev 233739)
@@ -1,63 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <script src=""
- <script src=""
- <script src=""
-</head>
-<body>
- <script>
-const host = get_host_info();
-const remoteBaseURL = host.HTTP_REMOTE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ;
-const localBaseURL = host.HTTP_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ;
-
-function with_iframe(url)
-{
- return new Promise(function(resolve) {
- var frame = document.createElement('iframe');
- frame.src = ""
- frame._onload_ = function() { resolve(frame); };
- document.body.appendChild(frame);
- });
-}
-
-function loadIFrameAndFetch(iframeURL, fetchURL, expectedFetchResult)
-{
- promise_test(async () => {
- const frame = await with_iframe(iframeURL);
- let receiveMessage;
- const promise = new Promise((resolve, reject) => {
- receiveMessage = (event) => {
- if (event.data !== expectedFetchResult) {
- reject("Received unexpected message " + event.data);
- return;
- }
- resolve();
- }
- window.addEventListener("message", receiveMessage, false);
- });
- frame.contentWindow.postMessage(fetchURL, "*");
- return promise.finally(() => {
- frame.remove();
- window.removeEventListener("message", receiveMessage, false);
- });
- }, title);
-}
-
-// This above data URL should be equivalent to resources/iframeFetch.html
-var dataIFrameURL = "data:text/html;base64,PCFET0NUWVBFIGh0bWw+CjxodG1sPgo8aGVhZD4KICAgIDxzY3JpcHQ+CiAgICAgICAgZnVuY3Rpb24gcHJvY2Vzc01lc3NhZ2UoZXZlbnQpCiAgICAgICAgewogICAgICAgICAgICBmZXRjaChldmVudC5kYXRhLCB7IG1vZGU6ICJuby1jb3JzIiB9KS50aGVuKCgpID0+IHsKICAgICAgICAgICAgICAgIHBhcmVudC5wb3N0TWVzc2FnZSgib2siLCAiKiIpOwogICAgICAgICAgICB9LCAoKSA9PiB7CiAgICAgICAgICAgICAgICBwYXJlbnQucG9zdE1lc3NhZ2UoImtvIiwgIioiKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgfQogICAgICAgIHdpbmRvdy5hZGRFdmVudExpc3RlbmVyKCJtZXNzYWdlIiwgcHJvY2Vzc01lc3NhZ2UsIGZhbHNlKTsKICAgIDwvc2NyaXB0Pgo8L2hlYWQ+Cjxib2R5PgogICAgPGgzPlRoZSBpZnJhbWUgbWFraW5nIGEgc2FtZSBvcmlnaW4gZmV0Y2ggY2FsbC48L2gzPgo8L2JvZHk+CjwvaHRtbD4K";
-
-title = "Cross-origin fetch in a data: iframe load fails if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same-origin' response header.";
-loadIFrameAndFetch(dataIFrameURL, localBaseURL + "resources/hello.py?corp=same-origin", "ko");
-
-title = "Cross-origin fetch in a data: iframe load fails if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same-site' response header.";
-loadIFrameAndFetch(dataIFrameURL, localBaseURL + "resources/hello.py?corp=same-site", "ko");
-
-title = "Cross-origin fetch in a cross origin iframe load fails if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same-origin' response header.";
-loadIFrameAndFetch(remoteBaseURL + "resources/iframeFetch.html", localBaseURL + "resources/hello.py?corp=same-origin", "ko");
-
-title = "Same-origin fetch in a cross origin iframe load succeeds if the server blocks cross-origin loads with a 'Cross-Origin-Resource-Policy: same-origin' response header.";
-loadIFrameAndFetch(remoteBaseURL + "resources/iframeFetch.html", remoteBaseURL + "resources/hello.py?corp=same-origin", "ok");
- </script>
-</body>
-</html>
Deleted: trunk/LayoutTests/http/wpt/cross-origin-resource-policy/fetch.html (233738 => 233739)
--- trunk/LayoutTests/http/wpt/cross-origin-resource-policy/fetch.html 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/LayoutTests/http/wpt/cross-origin-resource-policy/fetch.html 2018-07-11 19:36:16 UTC (rev 233739)
@@ -1,83 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <script src=""
- <script src=""
- <script src=""
-</head>
-<body>
- <script>
-const host = get_host_info();
-const remoteBaseURL = host.HTTP_REMOTE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ;
-const localBaseURL = host.HTTP_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ;
-const remoteSameSiteBaseURL = "http://" + host.ORIGINAL_HOST + ":" + host.HTTP_PORT2 + window.location.pathname.replace(/\/[^\/]*$/, '/') ;
-const httpsBaseURL = host.HTTPS_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ;
-
-promise_test(async () => {
- const response = await fetch("./resources/hello.py?corp=same-origin");
- assert_equals(await response.text(), "hello");
-}, "Same-origin fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header.");
-
-promise_test(async () => {
- const response = await fetch("./resources/hello.py?corp=same-site");
- assert_equals(await response.text(), "hello");
-}, "Same-origin fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.");
-
-promise_test(async (test) => {
- const response = await fetch(remoteBaseURL + "resources/hello.py?corp=same-origin");
- assert_equals(await response.text(), "hello");
-}, "Cross-origin cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header.");
-
-promise_test(async (test) => {
- const response = await fetch(remoteBaseURL + "resources/hello.py?corp=same-site");
- assert_equals(await response.text(), "hello");
-}, "Cross-origin cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.");
-
-promise_test((test) => {
- const remoteURL = remoteBaseURL + "resources/hello.py?corp=same-origin";
- return promise_rejects(test, new TypeError, fetch(remoteURL, { mode : "no-cors" }));
-}, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header.");
-
-promise_test((test) => {
- const remoteURL = remoteBaseURL + "resources/hello.py?corp=same-site";
- return promise_rejects(test, new TypeError, fetch(remoteURL, { mode: "no-cors" }));
-}, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.");
-
-promise_test((test) => {
- const remoteURL = httpsBaseURL + "resources/hello.py?corp=same-site";
- return fetch(remoteURL, { mode: "no-cors" });
-}, "Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-site' response header.");
-
-promise_test((test) => {
- const remoteURL = httpsBaseURL + "resources/hello.py?corp=same-origin";
- return promise_rejects(test, new TypeError, fetch(remoteURL, { mode : "no-cors" }));
-}, "Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-origin' response header.");
-
-promise_test(async (test) => {
- const remoteSameSiteURL = remoteSameSiteBaseURL + "resources/hello.py?corp=same-site";
-
- await fetch(remoteSameSiteURL, { mode: "no-cors" });
-
- return promise_rejects(test, new TypeError, fetch(remoteSameSiteBaseURL + "resources/hello.py?corp=same-origin", { mode: "no-cors" }));
-}, "Valid cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.");
-
-promise_test((test) => {
- const finalURL = remoteBaseURL + "resources/hello.py?corp=same-origin";
- return promise_rejects(test, new TypeError, fetch("resources/redirect.py?redirectTo=" + encodeURIComponent(finalURL), { mode: "no-cors" }));
-}, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header after a redirection.");
-
-promise_test((test) => {
- const finalURL = localBaseURL + "resources/hello.py?corp=same-origin";
- return fetch(remoteBaseURL + "resources/redirect.py?redirectTo=" + encodeURIComponent(finalURL), { mode: "no-cors" });
-}, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header after a cross-origin redirection.");
-
-promise_test(async (test) => {
- const finalURL = localBaseURL + "resources/hello.py?corp=same-origin";
-
- await fetch(finalURL, { mode: "no-cors" });
-
- return promise_rejects(test, new TypeError, fetch(remoteBaseURL + "resources/redirect.py?corp=same-origin&redirectTo=" + encodeURIComponent(finalURL), { mode: "no-cors" }));
-}, "Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' redirect response header.");
- </script>
-</body>
-</html>
Deleted: trunk/LayoutTests/http/wpt/cross-origin-resource-policy/iframe-loads-expected.txt (233738 => 233739)
--- trunk/LayoutTests/http/wpt/cross-origin-resource-policy/iframe-loads-expected.txt 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/LayoutTests/http/wpt/cross-origin-resource-policy/iframe-loads-expected.txt 2018-07-11 19:36:16 UTC (rev 233739)
@@ -1,5 +0,0 @@
-CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/iframe.py?corp=same-origin because it violates the resource's Cross-Origin-Resource-Policy response header.
-CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/iframe.py?corp=same-origin due to access control checks.
-
-PASS Load an iframe that has Cross-Origin-Resource-Policy header
-
Deleted: trunk/LayoutTests/http/wpt/cross-origin-resource-policy/iframe-loads.html (233738 => 233739)
--- trunk/LayoutTests/http/wpt/cross-origin-resource-policy/iframe-loads.html 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/LayoutTests/http/wpt/cross-origin-resource-policy/iframe-loads.html 2018-07-11 19:36:16 UTC (rev 233739)
@@ -1,46 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <script src=""
- <script src=""
- <script src=""
-</head>
-<body>
- <script>
-const host = get_host_info();
-const remoteBaseURL = host.HTTP_REMOTE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ;
-const localBaseURL = host.HTTP_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ;
-
-function with_iframe(url) {
- return new Promise(function(resolve) {
- var frame = document.createElement('iframe');
- frame.src = ""
- frame._onload_ = function() { resolve(frame); };
- document.body.appendChild(frame);
- });
-}
-
-promise_test(async() => {
- const url = "" + "resources/iframe.py?corp=same-origin";
-
- await new Promise((resolve, reject) => {
- return fetch(url, { mode: "no-cors" }).then(reject, resolve);
- });
-
- const iframe = await with_iframe(url);
- return new Promise((resolve, reject) => {
- window.addEventListener("message", (event) => {
- if (event.data !== "pong") {
- reject(event.data);
- return;
- }
- resolve();
- }, false);
- iframe.contentWindow.postMessage("ping", "*");
- }).finally(() => {
- iframe.remove();
- });
-}, "Load an iframe that has Cross-Origin-Resource-Policy header");
- </script>
-</body>
-</html>
Deleted: trunk/LayoutTests/http/wpt/cross-origin-resource-policy/image-loads-expected.txt (233738 => 233739)
--- trunk/LayoutTests/http/wpt/cross-origin-resource-policy/image-loads-expected.txt 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/LayoutTests/http/wpt/cross-origin-resource-policy/image-loads-expected.txt 2018-07-11 19:36:16 UTC (rev 233739)
@@ -1,12 +0,0 @@
-CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/image.py?corp=same-origin&acao=* because it violates the resource's Cross-Origin-Resource-Policy response header.
-CONSOLE MESSAGE: Cannot load image http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/image.py?corp=same-origin&acao=* due to access control checks.
-CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/image.py?corp=same-site&acao=* because it violates the resource's Cross-Origin-Resource-Policy response header.
-CONSOLE MESSAGE: Cannot load image http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/image.py?corp=same-site&acao=* due to access control checks.
-
-PASS Same-origin image load with a 'Cross-Origin-Resource-Policy: same-origin' response header.
-PASS Same-origin image load with a 'Cross-Origin-Resource-Policy: same-site' response header.
-PASS Cross-origin cors image load with a 'Cross-Origin-Resource-Policy: same-origin' response header.
-PASS Cross-origin cors image load with a 'Cross-Origin-Resource-Policy: same-site' response header.
-PASS Cross-origin no-cors image load with a 'Cross-Origin-Resource-Policy: same-origin' response header.
-PASS Cross-origin no-cors image load with a 'Cross-Origin-Resource-Policy: same-site' response header.
-
Deleted: trunk/LayoutTests/http/wpt/cross-origin-resource-policy/image-loads.html (233738 => 233739)
--- trunk/LayoutTests/http/wpt/cross-origin-resource-policy/image-loads.html 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/LayoutTests/http/wpt/cross-origin-resource-policy/image-loads.html 2018-07-11 19:36:16 UTC (rev 233739)
@@ -1,52 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <script src=""
- <script src=""
- <script src=""
-</head>
-<body>
- <div id="testDiv"></div>
- <script>
-const host = get_host_info();
-const remoteBaseURL = host.HTTP_REMOTE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ;
-const ok = true;
-const ko = false;
-
-function loadImage(url, shoudLoad, corsMode)
-{
- promise_test(() => {
- const img = new Image();
- if (corsMode)
- img.crossOrigin = corsMode;
- img.src = ""
- return new Promise((resolve, reject) => {
- img._onload_ = shoudLoad ? resolve : reject;
- img._onerror_ = shoudLoad ? reject : resolve;
- testDiv.appendChild(img);
- }).finally(() => {
- testDiv.innerHTML = "";
- });
- }, title)
-}
-
-title = "Same-origin image load with a 'Cross-Origin-Resource-Policy: same-origin' response header.";
-loadImage("./resources/image.py?corp=same-origin", ok);
-
-title = "Same-origin image load with a 'Cross-Origin-Resource-Policy: same-site' response header.";
-loadImage("./resources/image.py?corp=same-site", ok);
-
-title = "Cross-origin cors image load with a 'Cross-Origin-Resource-Policy: same-origin' response header.";
-loadImage(remoteBaseURL + "resources/image.py?corp=same-origin&acao=*", ok, "anonymous");
-
-title = "Cross-origin cors image load with a 'Cross-Origin-Resource-Policy: same-site' response header.";
-loadImage(remoteBaseURL + "resources/image.py?corp=same-site&acao=*", ok, "anonymous");
-
-title = "Cross-origin no-cors image load with a 'Cross-Origin-Resource-Policy: same-origin' response header.";
-loadImage(remoteBaseURL + "resources/image.py?corp=same-origin&acao=*", ko);
-
-title = "Cross-origin no-cors image load with a 'Cross-Origin-Resource-Policy: same-site' response header.";
-loadImage(remoteBaseURL + "resources/image.py?corp=same-site&acao=*", ko);
- </script>
-</body>
-</html>
Deleted: trunk/LayoutTests/http/wpt/cross-origin-resource-policy/resources/hello.py (233738 => 233739)
--- trunk/LayoutTests/http/wpt/cross-origin-resource-policy/resources/hello.py 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/LayoutTests/http/wpt/cross-origin-resource-policy/resources/hello.py 2018-07-11 19:36:16 UTC (rev 233739)
@@ -1,6 +0,0 @@
-def main(request, response):
- headers = [("Cross-Origin-Resource-Policy", request.GET['corp'])]
- if 'origin' in request.headers:
- headers.append(('Access-Control-Allow-Origin', request.headers['origin']))
-
- return 200, headers, "hello"
Deleted: trunk/LayoutTests/http/wpt/cross-origin-resource-policy/resources/iframe.py (233738 => 233739)
--- trunk/LayoutTests/http/wpt/cross-origin-resource-policy/resources/iframe.py 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/LayoutTests/http/wpt/cross-origin-resource-policy/resources/iframe.py 2018-07-11 19:36:16 UTC (rev 233739)
@@ -1,5 +0,0 @@
-def main(request, response):
- headers = [("Content-Type", "text/html"),
- ("Cross-Origin-Resource-Policy", request.GET['corp'])]
- return 200, headers, "<body><h3>The iframe</h3><script>window._onmessage_ = () => { parent.postMessage('pong', '*'); }</script></body>"
-
Deleted: trunk/LayoutTests/http/wpt/cross-origin-resource-policy/resources/iframeFetch.html (233738 => 233739)
--- trunk/LayoutTests/http/wpt/cross-origin-resource-policy/resources/iframeFetch.html 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/LayoutTests/http/wpt/cross-origin-resource-policy/resources/iframeFetch.html 2018-07-11 19:36:16 UTC (rev 233739)
@@ -1,19 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <script>
- function processMessage(event)
- {
- fetch(event.data, { mode: "no-cors" }).then(() => {
- parent.postMessage("ok", "*");
- }, () => {
- parent.postMessage("ko", "*");
- });
- }
- window.addEventListener("message", processMessage, false);
- </script>
-</head>
-<body>
- <h3>The iframe making a same origin fetch call.</h3>
-</body>
-</html>
Deleted: trunk/LayoutTests/http/wpt/cross-origin-resource-policy/resources/redirect.py (233738 => 233739)
--- trunk/LayoutTests/http/wpt/cross-origin-resource-policy/resources/redirect.py 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/LayoutTests/http/wpt/cross-origin-resource-policy/resources/redirect.py 2018-07-11 19:36:16 UTC (rev 233739)
@@ -1,6 +0,0 @@
-def main(request, response):
- headers = [("Location", request.GET['redirectTo'])]
- if 'corp' in request.GET:
- headers.append(('Cross-Origin-Resource-Policy', request.GET['corp']))
-
- return 302, headers, ""
Deleted: trunk/LayoutTests/http/wpt/cross-origin-resource-policy/resources/script.py (233738 => 233739)
--- trunk/LayoutTests/http/wpt/cross-origin-resource-policy/resources/script.py 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/LayoutTests/http/wpt/cross-origin-resource-policy/resources/script.py 2018-07-11 19:36:16 UTC (rev 233739)
@@ -1,6 +0,0 @@
-def main(request, response):
- headers = [("Cross-Origin-Resource-Policy", request.GET['corp'])]
- if 'origin' in request.headers:
- headers.append(('Access-Control-Allow-Origin', request.headers['origin']))
-
- return 200, headers, ""
Deleted: trunk/LayoutTests/http/wpt/cross-origin-resource-policy/script-loads-expected.txt (233738 => 233739)
--- trunk/LayoutTests/http/wpt/cross-origin-resource-policy/script-loads-expected.txt 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/LayoutTests/http/wpt/cross-origin-resource-policy/script-loads-expected.txt 2018-07-11 19:36:16 UTC (rev 233739)
@@ -1,12 +0,0 @@
-CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/script.py?corp=same-origin&acao=* because it violates the resource's Cross-Origin-Resource-Policy response header.
-CONSOLE MESSAGE: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
-CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/WebKit/cross-origin-resource-policy/resources/script.py?corp=same-site&acao=* because it violates the resource's Cross-Origin-Resource-Policy response header.
-CONSOLE MESSAGE: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
-
-PASS Same-origin script load with a 'Cross-Origin-Resource-Policy: same-origin' response header.
-PASS Same-origin script load with a 'Cross-Origin-Resource-Policy: same-site' response header.
-PASS Cross-origin cors script load with a 'Cross-Origin-Resource-Policy: same-origin' response header.
-PASS Cross-origin cors script load with a 'Cross-Origin-Resource-Policy: same-site' response header.
-PASS Cross-origin no-cors script load with a 'Cross-Origin-Resource-Policy: same-origin' response header.
-PASS Cross-origin no-cors script load with a 'Cross-Origin-Resource-Policy: same-site' response header.
-
Deleted: trunk/LayoutTests/http/wpt/cross-origin-resource-policy/script-loads.html (233738 => 233739)
--- trunk/LayoutTests/http/wpt/cross-origin-resource-policy/script-loads.html 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/LayoutTests/http/wpt/cross-origin-resource-policy/script-loads.html 2018-07-11 19:36:16 UTC (rev 233739)
@@ -1,50 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <script src=""
- <script src=""
- <script src=""
-</head>
-<body>
- <div id="testDiv"></div>
- <script>
-const host = get_host_info();
-const remoteBaseURL = host.HTTP_REMOTE_ORIGIN + window.location.pathname.replace(/\/[^\/]*$/, '/') ;
-const ok = true;
-const ko = false;
-
-function loadScript(url, shoudLoad, corsMode)
-{
- promise_test(() => {
- const script = document.createElement("script");
- if (corsMode)
- script.crossOrigin = corsMode;
- script.src = ""
- return new Promise((resolve, reject) => {
- script._onload_ = shoudLoad ? resolve : reject;
- script._onerror_ = shoudLoad ? reject : resolve;
- testDiv.appendChild(script);
- });
- }, title);
-}
-
-title = "Same-origin script load with a 'Cross-Origin-Resource-Policy: same-origin' response header.";
-loadScript("./resources/script.py?corp=same-origin", ok);
-
-title = "Same-origin script load with a 'Cross-Origin-Resource-Policy: same-site' response header.";
-loadScript("./resources/script.py?corp=same-site", ok);
-
-title = "Cross-origin cors script load with a 'Cross-Origin-Resource-Policy: same-origin' response header.";
-loadScript(remoteBaseURL + "resources/script.py?corp=same-origin&acao=*", ok, "anonymous");
-
-title = "Cross-origin cors script load with a 'Cross-Origin-Resource-Policy: same-site' response header.";
-loadScript(remoteBaseURL + "resources/script.py?corp=same-site&acao=*", ok, "anonymous");
-
-title = "Cross-origin no-cors script load with a 'Cross-Origin-Resource-Policy: same-origin' response header.";
-loadScript(remoteBaseURL + "resources/script.py?corp=same-origin&acao=*", ko);
-
-title = "Cross-origin no-cors script load with a 'Cross-Origin-Resource-Policy: same-site' response header.";
-loadScript(remoteBaseURL + "resources/script.py?corp=same-site&acao=*", ko);
- </script>
-</body>
-</html>
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (233738 => 233739)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2018-07-11 19:36:16 UTC (rev 233739)
@@ -1,3 +1,24 @@
+2018-07-11 Youenn Fablet <you...@apple.com>
+
+ Fix remaining Cross-Origin-Resource-Policy failures, if any
+ https://bugs.webkit.org/show_bug.cgi?id=186761
+ <rdar://problem/41209829>
+
+ Reviewed by Alex Christensen.
+
+ Fixed some tests for correctness.
+
+ * web-platform-tests/fetch/cross-origin-resource-policy/fetch-in-service-worker-expected.txt:
+ * web-platform-tests/fetch/cross-origin-resource-policy/fetch.any-expected.txt:
+ * web-platform-tests/fetch/cross-origin-resource-policy/fetch.any.js:
+ (promise_test):
+ * web-platform-tests/fetch/cross-origin-resource-policy/fetch.any.worker-expected.txt:
+ * web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window-expected.txt: Added.
+ * web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.html: Added.
+ * web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js:
+ * web-platform-tests/fetch/cross-origin-resource-policy/syntax.any-expected.txt:
+ * web-platform-tests/fetch/cross-origin-resource-policy/syntax.any.worker-expected.txt:
+
2018-07-10 Antoine Quint <grao...@apple.com>
[Web Animations] Make WPT test at interfaces/KeyframeEffect/processing-a-keyframes-argument-001.html pass reliably
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch-in-service-worker-expected.txt (233738 => 233739)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch-in-service-worker-expected.txt 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch-in-service-worker-expected.txt 2018-07-11 19:36:16 UTC (rev 233739)
@@ -6,7 +6,7 @@
PASS Cross-origin cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.
PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header.
PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.
-PASS Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-site' response header.
+PASS Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-site' response header, HTTP context, HTTPS resource.
PASS Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-origin' response header.
PASS Valid cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.
PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header after a redirection.
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch.any-expected.txt (233738 => 233739)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch.any-expected.txt 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch.any-expected.txt 2018-07-11 19:36:16 UTC (rev 233739)
@@ -2,6 +2,8 @@
CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-origin due to access control checks.
CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site because it violates the resource's Cross-Origin-Resource-Policy response header.
CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site due to access control checks.
+CONSOLE MESSAGE: Cancelled load to https://localhost:9443/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Fetch API cannot load https://localhost:9443/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site due to access control checks.
CONSOLE MESSAGE: Cancelled load to https://localhost:9443/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-origin because it violates the resource's Cross-Origin-Resource-Policy response header.
CONSOLE MESSAGE: Fetch API cannot load https://localhost:9443/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-origin due to access control checks.
CONSOLE MESSAGE: Cancelled load to http://localhost:8801/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-origin because it violates the resource's Cross-Origin-Resource-Policy response header.
@@ -17,7 +19,7 @@
PASS Cross-origin cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.
PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header.
PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.
-PASS Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-site' response header.
+PASS Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-site' response header, HTTP context, HTTPS resource.
PASS Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-origin' response header.
PASS Valid cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.
PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header after a redirection.
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch.any.js (233738 => 233739)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch.any.js 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch.any.js 2018-07-11 19:36:16 UTC (rev 233739)
@@ -45,8 +45,8 @@
promise_test((test) => {
const remoteURL = httpsBaseURL + "resources/hello.py?corp=same-site";
- return fetch(remoteURL, { mode: "no-cors" });
-}, "Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-site' response header.");
+ return promise_rejects(test, new TypeError, fetch(remoteURL, { mode: "no-cors" }));
+}, "Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-site' response header, HTTP context, HTTPS resource.");
promise_test((test) => {
const remoteURL = httpsBaseURL + "resources/hello.py?corp=same-origin";
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch.any.worker-expected.txt (233738 => 233739)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch.any.worker-expected.txt 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/fetch.any.worker-expected.txt 2018-07-11 19:36:16 UTC (rev 233739)
@@ -1,5 +1,6 @@
CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-origin because it violates the resource's Cross-Origin-Resource-Policy response header.
CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Cancelled load to https://localhost:9443/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-site because it violates the resource's Cross-Origin-Resource-Policy response header.
CONSOLE MESSAGE: Cancelled load to https://localhost:9443/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-origin because it violates the resource's Cross-Origin-Resource-Policy response header.
CONSOLE MESSAGE: Cancelled load to http://localhost:8801/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-origin because it violates the resource's Cross-Origin-Resource-Policy response header.
CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=same-origin because it violates the resource's Cross-Origin-Resource-Policy response header.
@@ -11,7 +12,7 @@
PASS Cross-origin cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.
PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header.
PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.
-PASS Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-site' response header.
+PASS Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-site' response header, HTTP context, HTTPS resource.
PASS Cross-origin no-cors fetch to a same-site URL with a 'Cross-Origin-Resource-Policy: same-origin' response header.
PASS Valid cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-site' response header.
PASS Cross-origin no-cors fetch with a 'Cross-Origin-Resource-Policy: same-origin' response header after a redirection.
Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window-expected.txt (0 => 233739)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window-expected.txt (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window-expected.txt 2018-07-11 19:36:16 UTC (rev 233739)
@@ -0,0 +1,5 @@
+CONSOLE MESSAGE: line 1489: The page at https://localhost:9443/fetch/cross-origin-resource-policy/scheme-restriction.https.window.html was allowed to display insecure content from http://localhost:8800/fetch/cross-origin-resource-policy/resources/image.py?corp=same-site.
+
+
+PASS Cross-Origin-Resource-Policy does not block Mixed Content <img>
+
Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.html (0 => 233739)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.html (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.html 2018-07-11 19:36:16 UTC (rev 233739)
@@ -0,0 +1 @@
+<!-- This file is required for WebKit test infrastructure to run the templated test -->
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js (233738 => 233739)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js 2018-07-11 19:36:16 UTC (rev 233739)
@@ -2,7 +2,7 @@
promise_test(t => {
const img = new Image();
- img.src = "" + "/fetch/cross-origin-resource-policy/resources/image.py?corp=same-site";
+ img.src = "" + "/fetch/cross-origin-resource-policy/resources/image.py?corp=same-site";
return new Promise((resolve, reject) => {
img._onload_ = resolve;
img._onerror_ = reject;
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/syntax.any-expected.txt (233738 => 233739)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/syntax.any-expected.txt 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/syntax.any-expected.txt 2018-07-11 19:36:16 UTC (rev 233739)
@@ -1,12 +1,8 @@
-CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=SAME-ORIGIN because it violates the resource's Cross-Origin-Resource-Policy response header.
-CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=SAME-ORIGIN due to access control checks.
-CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=Same-Origin because it violates the resource's Cross-Origin-Resource-Policy response header.
-CONSOLE MESSAGE: Fetch API cannot load http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=Same-Origin due to access control checks.
PASS Parsing Cross-Origin-Resource-Policy: same
PASS Parsing Cross-Origin-Resource-Policy: same, same-origin
-FAIL Parsing Cross-Origin-Resource-Policy: SAME-ORIGIN promise_test: Unhandled rejection with value: object "TypeError: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=SAME-ORIGIN because it violates the resource's Cross-Origin-Resource-Policy response header."
-FAIL Parsing Cross-Origin-Resource-Policy: Same-Origin promise_test: Unhandled rejection with value: object "TypeError: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=Same-Origin because it violates the resource's Cross-Origin-Resource-Policy response header."
+PASS Parsing Cross-Origin-Resource-Policy: SAME-ORIGIN
+PASS Parsing Cross-Origin-Resource-Policy: Same-Origin
PASS Parsing Cross-Origin-Resource-Policy: same-origin, <>
PASS Parsing Cross-Origin-Resource-Policy: same-origin, same-origin
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/syntax.any.worker-expected.txt (233738 => 233739)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/syntax.any.worker-expected.txt 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/syntax.any.worker-expected.txt 2018-07-11 19:36:16 UTC (rev 233739)
@@ -1,10 +1,8 @@
-CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=SAME-ORIGIN because it violates the resource's Cross-Origin-Resource-Policy response header.
-CONSOLE MESSAGE: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=Same-Origin because it violates the resource's Cross-Origin-Resource-Policy response header.
PASS Parsing Cross-Origin-Resource-Policy: same
PASS Parsing Cross-Origin-Resource-Policy: same, same-origin
-FAIL Parsing Cross-Origin-Resource-Policy: SAME-ORIGIN promise_test: Unhandled rejection with value: object "TypeError: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=SAME-ORIGIN because it violates the resource's Cross-Origin-Resource-Policy response header."
-FAIL Parsing Cross-Origin-Resource-Policy: Same-Origin promise_test: Unhandled rejection with value: object "TypeError: Cancelled load to http://127.0.0.1:8800/fetch/cross-origin-resource-policy/resources/hello.py?corp=Same-Origin because it violates the resource's Cross-Origin-Resource-Policy response header."
+PASS Parsing Cross-Origin-Resource-Policy: SAME-ORIGIN
+PASS Parsing Cross-Origin-Resource-Policy: Same-Origin
PASS Parsing Cross-Origin-Resource-Policy: same-origin, <>
PASS Parsing Cross-Origin-Resource-Policy: same-origin, same-origin
Modified: trunk/Source/WebCore/ChangeLog (233738 => 233739)
--- trunk/Source/WebCore/ChangeLog 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/Source/WebCore/ChangeLog 2018-07-11 19:36:16 UTC (rev 233739)
@@ -1,3 +1,22 @@
+2018-07-11 Youenn Fablet <you...@apple.com>
+
+ Fix remaining Cross-Origin-Resource-Policy failures, if any
+ https://bugs.webkit.org/show_bug.cgi?id=186761
+ <rdar://problem/41209829>
+
+ Reviewed by Alex Christensen.
+
+ Add case-sensitive check for CORP header value, as per fetch specification.
+ Add HTTP->HTTPS check for same-site case, as per fetch specification.
+ https://fetch.spec.whatwg.org/#cross-origin-resource-policy-check
+
+ Test: imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window.html
+
+ * loader/CrossOriginAccessControl.cpp:
+ (WebCore::shouldCrossOriginResourcePolicyCancelLoad):
+ * platform/network/HTTPParsers.cpp:
+ (WebCore::parseCrossOriginResourcePolicyHeader):
+
2018-07-11 Ross Kirsling <ross.kirsl...@sony.com>
[WinCairo] MIME type registry doesn't explicitly recognize *.xht
Modified: trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp (233738 => 233739)
--- trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp 2018-07-11 19:36:16 UTC (rev 233739)
@@ -212,21 +212,22 @@
return false;
auto policy = parseCrossOriginResourcePolicyHeader(response.httpHeaderField(HTTPHeaderName::CrossOriginResourcePolicy));
- switch (policy) {
- case CrossOriginResourcePolicy::None:
- case CrossOriginResourcePolicy::Invalid:
- return false;
- case CrossOriginResourcePolicy::SameOrigin:
+
+ if (policy == CrossOriginResourcePolicy::SameOrigin)
return true;
- case CrossOriginResourcePolicy::SameSite: {
+
+ if (policy == CrossOriginResourcePolicy::SameSite) {
+ if (origin.isUnique())
+ return true;
#if ENABLE(PUBLIC_SUFFIX_LIST)
- return origin.isUnique() || !registrableDomainsAreEqual(response.url(), ResourceRequest::partitionName(origin.host()));
-#else
- return true;
+ if (!registrableDomainsAreEqual(response.url(), ResourceRequest::partitionName(origin.host())))
+ return true;
#endif
- }}
+ if (origin.protocol() == "http" && response.url().protocol() == "https")
+ return true;
+ }
- RELEASE_ASSERT_NOT_REACHED();
+ return false;
}
std::optional<ResourceError> validateCrossOriginResourcePolicy(const SecurityOrigin& origin, const URL& requestURL, const ResourceResponse& response)
Modified: trunk/Source/WebCore/platform/network/HTTPParsers.cpp (233738 => 233739)
--- trunk/Source/WebCore/platform/network/HTTPParsers.cpp 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/Source/WebCore/platform/network/HTTPParsers.cpp 2018-07-11 19:36:16 UTC (rev 233739)
@@ -911,10 +911,10 @@
if (strippedHeader.isEmpty())
return CrossOriginResourcePolicy::None;
- if (equalLettersIgnoringASCIICase(strippedHeader, "same-origin"))
+ if (strippedHeader == "same-origin")
return CrossOriginResourcePolicy::SameOrigin;
- if (equalLettersIgnoringASCIICase(strippedHeader, "same-site"))
+ if (strippedHeader == "same-site")
return CrossOriginResourcePolicy::SameSite;
return CrossOriginResourcePolicy::Invalid;
Modified: trunk/Tools/ChangeLog (233738 => 233739)
--- trunk/Tools/ChangeLog 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/Tools/ChangeLog 2018-07-11 19:36:16 UTC (rev 233739)
@@ -1,3 +1,14 @@
+2018-07-11 Youenn Fablet <you...@apple.com>
+
+ Fix remaining Cross-Origin-Resource-Policy failures, if any
+ https://bugs.webkit.org/show_bug.cgi?id=186761
+ <rdar://problem/41209829>
+
+ Reviewed by Alex Christensen.
+
+ * TestWebKitAPI/Tests/WebCore/HTTPParsers.cpp:
+ (TestWebKitAPI::TEST):
+
2018-07-11 Aakash Jain <aakash_j...@apple.com>
[ews-build] EWS should unapply the patch and build ToT when patch fails to build
Modified: trunk/Tools/TestWebKitAPI/Tests/WebCore/HTTPParsers.cpp (233738 => 233739)
--- trunk/Tools/TestWebKitAPI/Tests/WebCore/HTTPParsers.cpp 2018-07-11 19:29:58 UTC (rev 233738)
+++ trunk/Tools/TestWebKitAPI/Tests/WebCore/HTTPParsers.cpp 2018-07-11 19:36:16 UTC (rev 233739)
@@ -38,13 +38,13 @@
EXPECT_TRUE(parseCrossOriginResourcePolicyHeader(" ") == CrossOriginResourcePolicy::None);
EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("same-origin") == CrossOriginResourcePolicy::SameOrigin);
- EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("Same-Origin") == CrossOriginResourcePolicy::SameOrigin);
- EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("SAME-ORIGIN") == CrossOriginResourcePolicy::SameOrigin);
- EXPECT_TRUE(parseCrossOriginResourcePolicyHeader(" same-orIGIN ") == CrossOriginResourcePolicy::SameOrigin);
+ EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("Same-Origin") == CrossOriginResourcePolicy::Invalid);
+ EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("SAME-ORIGIN") == CrossOriginResourcePolicy::Invalid);
+ EXPECT_TRUE(parseCrossOriginResourcePolicyHeader(" same-orIGIN ") == CrossOriginResourcePolicy::Invalid);
EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("same-site") == CrossOriginResourcePolicy::SameSite);
- EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("Same-Site") == CrossOriginResourcePolicy::SameSite);
- EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("SAME-SITE") == CrossOriginResourcePolicy::SameSite);
+ EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("Same-Site") == CrossOriginResourcePolicy::Invalid);
+ EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("SAME-SITE") == CrossOriginResourcePolicy::Invalid);
EXPECT_TRUE(parseCrossOriginResourcePolicyHeader(" same-site ") == CrossOriginResourcePolicy::SameSite);
EXPECT_TRUE(parseCrossOriginResourcePolicyHeader("SameOrigin") == CrossOriginResourcePolicy::Invalid);