Diff
Modified: trunk/LayoutTests/ChangeLog (91625 => 91626)
--- trunk/LayoutTests/ChangeLog 2011-07-23 00:16:19 UTC (rev 91625)
+++ trunk/LayoutTests/ChangeLog 2011-07-23 00:18:34 UTC (rev 91626)
@@ -1,3 +1,13 @@
+2011-07-22 Kenneth Russell <[email protected]>
+
+ HTMLImageElement::crossOrigin is hard to use because of caching
+ https://bugs.webkit.org/show_bug.cgi?id=64813
+
+ Reviewed by Adam Barth.
+
+ * http/tests/security/canvas-remote-read-remote-image-blocked-then-allowed-expected.txt: Added.
+ * http/tests/security/canvas-remote-read-remote-image-blocked-then-allowed.html: Added.
+
2011-07-22 Ryosuke Niwa <[email protected]>
Chromium Mac rebaseline after r91605.
Added: trunk/LayoutTests/http/tests/security/canvas-remote-read-remote-image-blocked-then-allowed-expected.txt (0 => 91626)
--- trunk/LayoutTests/http/tests/security/canvas-remote-read-remote-image-blocked-then-allowed-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/canvas-remote-read-remote-image-blocked-then-allowed-expected.txt 2011-07-23 00:18:34 UTC (rev 91626)
@@ -0,0 +1,6 @@
+Test that if an image is served with "Access-Control-Allow-Origin: *", then loading it first without and then with a CORS request works the second time.
+Testing uploading without CORS headers
+PASS: image tainted canvas
+Testing uploading with CORS headers
+PASS: image did not taint canvas
+
Added: trunk/LayoutTests/http/tests/security/canvas-remote-read-remote-image-blocked-then-allowed.html (0 => 91626)
--- trunk/LayoutTests/http/tests/security/canvas-remote-read-remote-image-blocked-then-allowed.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/canvas-remote-read-remote-image-blocked-then-allowed.html 2011-07-23 00:18:34 UTC (rev 91626)
@@ -0,0 +1,71 @@
+<pre id="console"></pre>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+log = function(msg)
+{
+ document.getElementById('console').appendChild(document.createTextNode(msg + "\n"));
+}
+
+var image;
+var url = ""
+
+function testGetImageData(shouldWork)
+{
+ var canvas = document.createElement("canvas");
+ canvas.width = 100;
+ canvas.height = 100;
+ var context = canvas.getContext("2d");
+ context.drawImage(image, 0, 0, 100, 100);
+ var worked = true;
+ try {
+ context.getImageData(0, 0, 100, 100);
+ } catch (e) {
+ worked = false;
+ }
+ if (worked == shouldWork) {
+ if (shouldWork) {
+ log("PASS: image did not taint canvas");
+ } else {
+ log("PASS: image tainted canvas");
+ }
+ } else {
+ if (shouldWork) {
+ log("FAIL: image tainted canvas");
+ } else {
+ log("FAIL: image did not taint canvas");
+ }
+ }
+}
+
+function testWithoutCORS()
+{
+ log("Testing uploading without CORS headers");
+ testGetImageData(false);
+ image = new Image();
+ image._onload_ = testWithCORS;
+ image.crossOrigin = "";
+ image.src = ""
+}
+
+function testWithCORS()
+{
+ log("Testing uploading with CORS headers");
+ testGetImageData(true);
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+
+function start()
+{
+ log('Test that if an image is served with "Access-Control-Allow-Origin: *", then loading it first without and then with a CORS request works the second time.');
+ image = new Image();
+ image._onload_ = testWithoutCORS;
+ image.src = ""
+}
+
+start();
+</script>
Modified: trunk/Source/WebCore/ChangeLog (91625 => 91626)
--- trunk/Source/WebCore/ChangeLog 2011-07-23 00:16:19 UTC (rev 91625)
+++ trunk/Source/WebCore/ChangeLog 2011-07-23 00:18:34 UTC (rev 91626)
@@ -1,3 +1,19 @@
+2011-07-22 Kenneth Russell <[email protected]>
+
+ HTMLImageElement::crossOrigin is hard to use because of caching
+ https://bugs.webkit.org/show_bug.cgi?id=64813
+
+ Reviewed by Adam Barth.
+
+ Reload the resource if the allowCredentials flag doesn't match that in the request.
+
+ Test: http/tests/security/canvas-remote-read-remote-image-blocked-then-allowed.html
+
+ * loader/cache/CachedResourceLoader.cpp:
+ (WebCore::CachedResourceLoader::requestResource):
+ (WebCore::CachedResourceLoader::determineRevalidationPolicy):
+ * loader/cache/CachedResourceLoader.h:
+
2011-07-22 Simon Fraser <[email protected]>
Need to update the acceleratesDrawing status on a layer when switching to/from tiled layers
Modified: trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp (91625 => 91626)
--- trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2011-07-23 00:16:19 UTC (rev 91625)
+++ trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2011-07-23 00:18:34 UTC (rev 91626)
@@ -340,7 +340,7 @@
if (request.url() != url)
request.setURL(url);
- switch (determineRevalidationPolicy(type, forPreload, resource)) {
+ switch (determineRevalidationPolicy(type, request, forPreload, resource)) {
case Load:
resource = loadResource(type, request, charset, priority);
break;
@@ -430,7 +430,7 @@
return resource;
}
-CachedResourceLoader::RevalidationPolicy CachedResourceLoader::determineRevalidationPolicy(CachedResource::Type type, bool forPreload, CachedResource* existingResource) const
+CachedResourceLoader::RevalidationPolicy CachedResourceLoader::determineRevalidationPolicy(CachedResource::Type type, ResourceRequest& request, bool forPreload, CachedResource* existingResource) const
{
if (!existingResource)
return Load;
@@ -463,6 +463,17 @@
return Reload;
}
+ // If credentials were sent with the previous request and won't be
+ // with this one, or vice versa, re-fetch the resource.
+ //
+ // This helps with the case where the server sends back
+ // "Access-Control-Allow-Origin: *" all the time, but some of the
+ // client's requests are made without CORS and some with.
+ if (existingResource->resourceRequest().allowCookies() != request.allowCookies()) {
+ LOG(ResourceLoading, "CachedResourceLoader::determineRevalidationPolicy reloading due to difference in credentials settings.");
+ return Reload;
+ }
+
// Avoid loading the same resource multiple times for a single document, even if the cache policies would tell us to.
if (m_validatedURLs.contains(existingResource->url()))
return Use;
Modified: trunk/Source/WebCore/loader/cache/CachedResourceLoader.h (91625 => 91626)
--- trunk/Source/WebCore/loader/cache/CachedResourceLoader.h 2011-07-23 00:16:19 UTC (rev 91625)
+++ trunk/Source/WebCore/loader/cache/CachedResourceLoader.h 2011-07-23 00:18:34 UTC (rev 91626)
@@ -113,7 +113,7 @@
void requestPreload(CachedResource::Type, ResourceRequest& url, const String& charset);
enum RevalidationPolicy { Use, Revalidate, Reload, Load };
- RevalidationPolicy determineRevalidationPolicy(CachedResource::Type, bool forPreload, CachedResource* existingResource) const;
+ RevalidationPolicy determineRevalidationPolicy(CachedResource::Type, ResourceRequest&, bool forPreload, CachedResource* existingResource) const;
void notifyLoadedFromMemoryCache(CachedResource*);
bool canRequest(CachedResource::Type, const KURL&, bool forPreload = false);
