Title: [202779] trunk/Source/WebCore
- Revision
- 202779
- Author
- [email protected]
- Date
- 2016-07-02 10:44:42 -0700 (Sat, 02 Jul 2016)
Log Message
Synchronous preflight checker should set loading options to not use credentials
https://bugs.webkit.org/show_bug.cgi?id=159351
Patch by Youenn Fablet <[email protected]> on 2016-07-02
Reviewed by Alex Christensen.
Like for asynchronous preflighting, synchronous preflighting loading options should disqble any credentials.
No change of behavior as preflight request is expressly set to not use credentials in
createAccessControlPreflightRequest.
* loader/CrossOriginPreflightChecker.cpp:
(WebCore::CrossOriginPreflightChecker::doPreflight):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (202778 => 202779)
--- trunk/Source/WebCore/ChangeLog 2016-07-02 17:43:56 UTC (rev 202778)
+++ trunk/Source/WebCore/ChangeLog 2016-07-02 17:44:42 UTC (rev 202779)
@@ -1,3 +1,18 @@
+2016-07-02 Youenn Fablet <[email protected]>
+
+ Synchronous preflight checker should set loading options to not use credentials
+ https://bugs.webkit.org/show_bug.cgi?id=159351
+
+ Reviewed by Alex Christensen.
+
+ Like for asynchronous preflighting, synchronous preflighting loading options should disqble any credentials.
+
+ No change of behavior as preflight request is expressly set to not use credentials in
+ createAccessControlPreflightRequest.
+
+ * loader/CrossOriginPreflightChecker.cpp:
+ (WebCore::CrossOriginPreflightChecker::doPreflight):
+
2016-07-01 Commit Queue <[email protected]>
Unreviewed, rolling out r202766.
Modified: trunk/Source/WebCore/loader/CrossOriginPreflightChecker.cpp (202778 => 202779)
--- trunk/Source/WebCore/loader/CrossOriginPreflightChecker.cpp 2016-07-02 17:43:56 UTC (rev 202778)
+++ trunk/Source/WebCore/loader/CrossOriginPreflightChecker.cpp 2016-07-02 17:44:42 UTC (rev 202779)
@@ -130,7 +130,7 @@
ResourceError error;
ResourceResponse response;
RefPtr<SharedBuffer> data;
- unsigned identifier = loader.document().frame()->loader().loadResourceSynchronously(preflightRequest, loader.options().allowCredentials(), loader.options().clientCredentialPolicy(), error, response, data);
+ unsigned identifier = loader.document().frame()->loader().loadResourceSynchronously(preflightRequest, DoNotAllowStoredCredentials, DoNotAskClientForCrossOriginCredentials, error, response, data);
if (!error.isNull() && response.httpStatusCode() <= 0) {
error.setType(ResourceError::Type::AccessControl);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
