Diff
Modified: trunk/LayoutTests/ChangeLog (202161 => 202162)
--- trunk/LayoutTests/ChangeLog 2016-06-17 09:24:49 UTC (rev 202161)
+++ trunk/LayoutTests/ChangeLog 2016-06-17 10:34:02 UTC (rev 202162)
@@ -1,3 +1,15 @@
+2016-06-17 Youenn Fablet <[email protected]>
+
+ CORS preflight with a non-200 response should be a preflight failure
+ https://bugs.webkit.org/show_bug.cgi?id=111008
+
+ Reviewed by Darin Adler.
+
+ * http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt:
+ * http/tests/xmlhttprequest/access-control-and-redirects-async.html:
+ * http/tests/xmlhttprequest/access-control-basic-get-fail-non-simple-expected.txt:
+ * http/tests/xmlhttprequest/workers/access-control-basic-get-fail-non-simple-expected.txt:
+
2016-06-17 Frederic Wang <[email protected]>
MathOperator: Add fallback mechanisms for stretching and mirroring radical symbols
Modified: trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt (202161 => 202162)
--- trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt 2016-06-17 09:24:49 UTC (rev 202161)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt 2016-06-17 10:34:02 UTC (rev 202162)
@@ -1,3 +1,4 @@
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=true&%20%20url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi&%20%20access-control-allow-origin=*. Preflight response is not successful
Tests that asynchronous XMLHttpRequests handle redirects according to the CORS standard.
Testing http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?url="" without credentials
Modified: trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async.html (202161 => 202162)
--- trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async.html 2016-06-17 09:24:49 UTC (rev 202161)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async.html 2016-06-17 10:34:02 UTC (rev 202162)
@@ -24,12 +24,13 @@
xhr._onload_ = function() {
log((expectSuccess ? "PASS" : "FAIL") + ": " + xhr.responseText);
- nextTest();
}
xhr._onerror_ = function() {
log((expectSuccess ? "FAIL" : "PASS") + ": " + xhr.status);
- nextTest();
}
+ xhr._onloadend_ = function() {
+ nextTest();
+ }
xhr.send(null);
}
Modified: trunk/LayoutTests/http/tests/xmlhttprequest/access-control-basic-get-fail-non-simple-expected.txt (202161 => 202162)
--- trunk/LayoutTests/http/tests/xmlhttprequest/access-control-basic-get-fail-non-simple-expected.txt 2016-06-17 09:24:49 UTC (rev 202161)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/access-control-basic-get-fail-non-simple-expected.txt 2016-06-17 10:34:02 UTC (rev 202162)
@@ -1,3 +1,3 @@
-CONSOLE MESSAGE: line 28: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-get-fail-non-simple.cgi. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: line 28: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-get-fail-non-simple.cgi. Preflight response is not successful
PASS: Exception thrown. Cross-domain access was denied in 'send'. [NetworkError: DOM Exception 19].
Modified: trunk/LayoutTests/http/tests/xmlhttprequest/workers/access-control-basic-get-fail-non-simple-expected.txt (202161 => 202162)
--- trunk/LayoutTests/http/tests/xmlhttprequest/workers/access-control-basic-get-fail-non-simple-expected.txt 2016-06-17 09:24:49 UTC (rev 202161)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/workers/access-control-basic-get-fail-non-simple-expected.txt 2016-06-17 10:34:02 UTC (rev 202162)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-get-fail-non-simple.cgi. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-get-fail-non-simple.cgi. Preflight response is not successful
GET should not trigger a preflight request from a worker unless it has non-simple headers.
PASS: Cross-domain access allowed for simple get.
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (202161 => 202162)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2016-06-17 09:24:49 UTC (rev 202161)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2016-06-17 10:34:02 UTC (rev 202162)
@@ -1,3 +1,12 @@
+2016-06-17 Youenn Fablet <[email protected]>
+
+ CORS preflight with a non-200 response should be a preflight failure
+ https://bugs.webkit.org/show_bug.cgi?id=111008
+
+ Reviewed by Darin Adler.
+
+ * web-platform-tests/XMLHttpRequest/data-uri-expected.txt:
+
2016-06-16 Benjamin Poulain <[email protected]>
:in-range & :out-of-range CSS pseudo-classes shouldn't match disabled or readonly inputs
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/data-uri-expected.txt (202161 => 202162)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/data-uri-expected.txt 2016-06-17 09:24:49 UTC (rev 202161)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/data-uri-expected.txt 2016-06-17 10:34:02 UTC (rev 202162)
@@ -5,9 +5,9 @@
CONSOLE MESSAGE: line 40: XMLHttpRequest cannot load data:image/png,Hello, World!. Cross origin requests are only supported for HTTP.
CONSOLE MESSAGE: line 40: XMLHttpRequest cannot load data:text/plain,Hello, World!. Cross origin requests are only supported for HTTP.
CONSOLE MESSAGE: line 40: XMLHttpRequest cannot load data:text/plain,Hello, World!. Cross origin requests are only supported for HTTP.
-CONSOLE MESSAGE: XMLHttpRequest cannot load data:text/plain,Hello, World!. Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
-CONSOLE MESSAGE: XMLHttpRequest cannot load data:text/plain,Hello, World!. Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
-CONSOLE MESSAGE: XMLHttpRequest cannot load data:text/plain,Hello, World!. Origin http://localhost:8800 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load data:text/plain,Hello, World!. Preflight response is not successful
+CONSOLE MESSAGE: XMLHttpRequest cannot load data:text/plain,Hello, World!. Preflight response is not successful
+CONSOLE MESSAGE: XMLHttpRequest cannot load data:text/plain,Hello, World!. Preflight response is not successful
FAIL XHR method GET with charset text/plain assert_equals: expected "Hello, World!" but got ""
FAIL XHR method GET with charset text/plain (base64) assert_equals: expected "Hello, World!" but got ""
Modified: trunk/Source/WebCore/ChangeLog (202161 => 202162)
--- trunk/Source/WebCore/ChangeLog 2016-06-17 09:24:49 UTC (rev 202161)
+++ trunk/Source/WebCore/ChangeLog 2016-06-17 10:34:02 UTC (rev 202162)
@@ -1,3 +1,26 @@
+2016-06-17 Youenn Fablet <[email protected]>
+
+ CORS preflight with a non-200 response should be a preflight failure
+ https://bugs.webkit.org/show_bug.cgi?id=111008
+
+ Reviewed by Darin Adler.
+
+ Covered by rebased tests.
+
+ * Modules/fetch/FetchResponse.h: Making use of ResourceResponse::isSuccessful.
+ * loader/CrossOriginPreflightChecker.cpp:
+ (WebCore::CrossOriginPreflightChecker::validatePreflightResponse): Checking that response status is code is
+ successful. If not, calling preflight failure callback.
+ (WebCore::CrossOriginPreflightChecker::startPreflight): Putting in manual redirection mode so that redirection
+ responses are processed as other responses.
+ * loader/ResourceLoaderOptions.h:
+ (WebCore::ResourceLoaderOptions::fetchOptions): Adding a non-const getter and fixing const getter to return a
+ const reference.
+ (WebCore::ResourceLoaderOptions::setFetchOptions): Passing options by reference.
+ * platform/network/ResourceResponseBase.cpp:
+ (WebCore::ResourceResponseBase::isSuccessful): Utility function.
+ * platform/network/ResourceResponseBase.h:
+
2016-06-17 Frederic Wang <[email protected]>
MathOperator: Add fallback mechanisms for stretching and mirroring radical symbols
Modified: trunk/Source/WebCore/Modules/fetch/FetchResponse.h (202161 => 202162)
--- trunk/Source/WebCore/Modules/fetch/FetchResponse.h 2016-06-17 09:24:49 UTC (rev 202161)
+++ trunk/Source/WebCore/Modules/fetch/FetchResponse.h 2016-06-17 10:34:02 UTC (rev 202162)
@@ -64,7 +64,7 @@
const String& url() const { return m_response.url().string(); }
bool redirected() const { return m_response.isRedirected(); }
int status() const { return m_response.httpStatusCode(); }
- bool ok() const { return status() >= 200 && status() <= 299; }
+ bool ok() const { return m_response.isSuccessful(); }
const String& statusText() const { return m_response.httpStatusText(); }
FetchHeaders& headers() { return m_headers; }
Modified: trunk/Source/WebCore/loader/CrossOriginPreflightChecker.cpp (202161 => 202162)
--- trunk/Source/WebCore/loader/CrossOriginPreflightChecker.cpp 2016-06-17 09:24:49 UTC (rev 202161)
+++ trunk/Source/WebCore/loader/CrossOriginPreflightChecker.cpp 2016-06-17 10:34:02 UTC (rev 202162)
@@ -72,9 +72,14 @@
auto cookie = InspectorInstrumentation::willReceiveResourceResponse(frame);
InspectorInstrumentation::didReceiveResourceResponse(cookie, identifier, frame->loader().documentLoader(), response, 0);
+ if (!response.isSuccessful()) {
+ loader.preflightFailure(identifier, ResourceError(errorDomainWebKitInternal, 0, request.url(), ASCIILiteral("Preflight response is not successful")));
+ return;
+ }
+
String description;
if (!passesAccessControlCheck(response, loader.options().allowCredentials(), loader.securityOrigin(), description)) {
- loader.preflightFailure(identifier, ResourceError(errorDomainWebKitInternal, 0, response.url(), description));
+ loader.preflightFailure(identifier, ResourceError(errorDomainWebKitInternal, 0, request.url(), description));
return;
}
@@ -82,7 +87,7 @@
if (!result->parse(response, description)
|| !result->allowsCrossOriginMethod(request.httpMethod(), description)
|| !result->allowsCrossOriginHeaders(request.httpHeaderFields(), description)) {
- loader.preflightFailure(identifier, ResourceError(errorDomainWebKitInternal, 0, response.url(), description));
+ loader.preflightFailure(identifier, ResourceError(errorDomainWebKitInternal, 0, request.url(), description));
return;
}
@@ -111,6 +116,8 @@
// Keep buffering the data for the preflight request.
options.setDataBufferingPolicy(BufferData);
+ options.fetchOptions().redirect = FetchOptions::Redirect::Manual;
+
CachedResourceRequest preflightRequest(createAccessControlPreflightRequest(m_request, m_loader.securityOrigin()), options);
if (RuntimeEnabledFeatures::sharedFeatures().resourceTimingEnabled())
preflightRequest.setInitiator(m_loader.options().initiator);
Modified: trunk/Source/WebCore/loader/ResourceLoaderOptions.h (202161 => 202162)
--- trunk/Source/WebCore/loader/ResourceLoaderOptions.h 2016-06-17 09:24:49 UTC (rev 202161)
+++ trunk/Source/WebCore/loader/ResourceLoaderOptions.h 2016-06-17 10:34:02 UTC (rev 202162)
@@ -136,8 +136,9 @@
void setDefersLoadingPolicy(DefersLoadingPolicy defersLoadingPolicy) { m_defersLoadingPolicy = defersLoadingPolicy; }
CachingPolicy cachingPolicy() const { return m_cachingPolicy; }
void setCachingPolicy(CachingPolicy cachingPolicy) { m_cachingPolicy = cachingPolicy; }
- FetchOptions fetchOptions() const { return m_fetchOptions; }
- void setFetchOptions(FetchOptions fetchOptions) { m_fetchOptions = fetchOptions; }
+ const FetchOptions& fetchOptions() const { return m_fetchOptions; }
+ FetchOptions& fetchOptions() { return m_fetchOptions; }
+ void setFetchOptions(const FetchOptions& fetchOptions) { m_fetchOptions = fetchOptions; }
unsigned m_sendLoadCallbacks : 1;
unsigned m_sniffContent : 1;
Modified: trunk/Source/WebCore/platform/network/ResourceResponseBase.cpp (202161 => 202162)
--- trunk/Source/WebCore/platform/network/ResourceResponseBase.cpp 2016-06-17 09:24:49 UTC (rev 202161)
+++ trunk/Source/WebCore/platform/network/ResourceResponseBase.cpp 2016-06-17 10:34:02 UTC (rev 202162)
@@ -193,6 +193,12 @@
return static_cast<const ResourceResponse*>(this)->platformSuggestedFilename();
}
+bool ResourceResponseBase::isSuccessful() const
+{
+ int code = httpStatusCode();
+ return code >= 200 && code < 300;
+}
+
int ResourceResponseBase::httpStatusCode() const
{
lazyInit(CommonFieldsOnly);
Modified: trunk/Source/WebCore/platform/network/ResourceResponseBase.h (202161 => 202162)
--- trunk/Source/WebCore/platform/network/ResourceResponseBase.h 2016-06-17 09:24:49 UTC (rev 202161)
+++ trunk/Source/WebCore/platform/network/ResourceResponseBase.h 2016-06-17 10:34:02 UTC (rev 202162)
@@ -70,6 +70,7 @@
bool isNull() const { return m_isNull; }
WEBCORE_EXPORT bool isHTTP() const;
+ bool isSuccessful() const;
WEBCORE_EXPORT const URL& url() const;
WEBCORE_EXPORT void setURL(const URL&);
@@ -85,7 +86,7 @@
WEBCORE_EXPORT int httpStatusCode() const;
WEBCORE_EXPORT void setHTTPStatusCode(int);
-
+
WEBCORE_EXPORT const String& httpStatusText() const;
WEBCORE_EXPORT void setHTTPStatusText(const String&);
