Diff
Modified: trunk/LayoutTests/ChangeLog (204794 => 204795)
--- trunk/LayoutTests/ChangeLog 2016-08-23 10:15:08 UTC (rev 204794)
+++ trunk/LayoutTests/ChangeLog 2016-08-23 10:18:38 UTC (rev 204795)
@@ -1,3 +1,15 @@
+2016-08-23 Youenn Fablet <[email protected]>
+
+ Implement redirect support post CORS-preflight
+ https://bugs.webkit.org/show_bug.cgi?id=159056
+
+ Reviewed by Alex Christensen.
+
+ * TestExpectations: Skipping new fetch worker test in Debug mode as it may crash and disrupt other tests.
+ * http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt:
+ * http/tests/xmlhttprequest/redirections-and-user-headers-expected.txt:
+ * http/tests/xmlhttprequest/redirections-and-user-headers.html:
+
2016-08-22 Chris Dumez <[email protected]>
Drop TextTrackCue's constructor as per the latest specification
Modified: trunk/LayoutTests/TestExpectations (204794 => 204795)
--- trunk/LayoutTests/TestExpectations 2016-08-23 10:15:08 UTC (rev 204794)
+++ trunk/LayoutTests/TestExpectations 2016-08-23 10:18:38 UTC (rev 204795)
@@ -354,6 +354,7 @@
[ Debug ] imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-worker.html [ Skip ]
[ Debug ] imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-credentials-worker.html [ Skip ]
[ Debug ] imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-worker.html [ Skip ]
+[ Debug ] imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker.html [ Skip ]
[ Debug ] imported/w3c/web-platform-tests/fetch/api/credentials/authentication-basic-worker.html [ Skip ]
[ Debug ] imported/w3c/web-platform-tests/fetch/api/credentials/cookies-worker.html [ Skip ]
[ Debug ] imported/w3c/web-platform-tests/fetch/api/policies/csp-blocked-worker.html [ Skip ]
Modified: trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt (204794 => 204795)
--- trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt 2016-08-23 10:15:08 UTC (rev 204794)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt 2016-08-23 10:18:38 UTC (rev 204795)
@@ -3,7 +3,7 @@
CONSOLE MESSAGE: Cross-origin redirection to foo://bar.cgi denied by Cross-Origin Resource Sharing policy: URL is either a non-HTTP URL or contains credentials.
CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?url="" due to access control checks.
CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=true&%20%20url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi&%20%20access-control-allow-origin=*. Preflight response is not successful
-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=false&%20%20url=http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi&%20%20access-control-allow-origin=*&%20%20access-control-allow-headers=x-webkit. Cross-origin redirection denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi. Request header field x-webkit is not allowed by Access-Control-Allow-Headers.
Tests that asynchronous XMLHttpRequests handle redirects according to the CORS standard.
Testing http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?url="" without credentials
Modified: trunk/LayoutTests/http/tests/xmlhttprequest/redirections-and-user-headers-expected.txt (204794 => 204795)
--- trunk/LayoutTests/http/tests/xmlhttprequest/redirections-and-user-headers-expected.txt 2016-08-23 10:15:08 UTC (rev 204794)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/redirections-and-user-headers-expected.txt 2016-08-23 10:18:38 UTC (rev 204795)
@@ -1,5 +1,3 @@
-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php?redirect=true&url="" Cross-origin redirection denied by Cross-Origin Resource Sharing policy.
-CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php?redirect=true&url="" Cross-origin redirection denied by Cross-Origin Resource Sharing policy.
PASS Check headers after same-origin redirection to same-origin resource (simple request)
PASS Check headers after same-origin redirection to same-origin resource (not simple request)
@@ -6,7 +4,7 @@
PASS Check headers after same origin redirection to cross-origin resource (simple request)
PASS Check headers after same origin redirection to cross-origin resource (not simple request)
PASS Check headers after cross-origin redirection to same-origin resource (simple request)
-FAIL Check headers after cross-origin redirection to same-origin resource (not simple request) promise_test: Unhandled rejection with value: "Loading failure"
+PASS Check headers after cross-origin redirection to same-origin resource (not simple request)
PASS Check headers after cross-origin redirection to cross-origin resource (simple request)
-FAIL Check headers after cross-origin redirection to cross-origin resource (not simple request) promise_test: Unhandled rejection with value: "Loading failure"
+PASS Check headers after cross-origin redirection to cross-origin resource (not simple request)
Modified: trunk/LayoutTests/http/tests/xmlhttprequest/redirections-and-user-headers.html (204794 => 204795)
--- trunk/LayoutTests/http/tests/xmlhttprequest/redirections-and-user-headers.html 2016-08-23 10:15:08 UTC (rev 204794)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/redirections-and-user-headers.html 2016-08-23 10:18:38 UTC (rev 204795)
@@ -71,7 +71,6 @@
"http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php?redirect=true&url=""
simpleRequest);
-// FIXME: Thistest will not pass as long as not-simple cross origin requests are not allowed to redirect. See https://bugs.webkit.org/show_bug.cgi?id=159056.
doTest("Check headers after cross-origin redirection to same-origin resource (not simple request)",
"http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php?redirect=true&url=""
!simpleRequest);
@@ -80,7 +79,6 @@
"http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php?redirect=true&url=""
simpleRequest);
-// FIXME: Thistest will not pass as long as not-simple cross origin requests are not allowed to redirect. See https://bugs.webkit.org/show_bug.cgi?id=159056.
doTest("Check headers after cross-origin redirection to cross-origin resource (not simple request)",
"http://localhost:8080/xmlhttprequest/resources/access-control-preflight-redirect.php?redirect=true&url=""
!simpleRequest);
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (204794 => 204795)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2016-08-23 10:15:08 UTC (rev 204794)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2016-08-23 10:18:38 UTC (rev 204795)
@@ -1,3 +1,17 @@
+2016-08-23 Youenn Fablet <[email protected]>
+
+ Implement redirect support post CORS-preflight
+ https://bugs.webkit.org/show_bug.cgi?id=159056
+
+ Reviewed by Alex Christensen.
+
+ * web-platform-tests/fetch/api/cors/cors-redirect-preflight-expected.txt: Added.
+ * web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker-expected.txt: Added.
+ * web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker.html: Added.
+ * web-platform-tests/fetch/api/cors/cors-redirect-preflight.html: Added.
+ * web-platform-tests/fetch/api/cors/cors-redirect-preflight.js: Added.
+ (corsRedirect):
+
2016-08-22 Chris Dumez <[email protected]>
Drop TextTrackCue's constructor as per the latest specification
Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-expected.txt (0 => 204795)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-expected.txt (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-expected.txt 2016-08-23 10:18:38 UTC (rev 204795)
@@ -0,0 +1,32 @@
+
+PASS Redirect 301: same origin to cors (preflight after redirection success case)
+PASS Redirect 301: same origin to cors (preflight after redirection failure case)
+PASS Redirect 301: cors to same origin (preflight after redirection success case)
+PASS Redirect 301: cors to same origin (preflight after redirection failure case)
+PASS Redirect 301: cors to another cors (preflight after redirection success case)
+PASS Redirect 301: cors to another cors (preflight after redirection failure case)
+PASS Redirect 302: same origin to cors (preflight after redirection success case)
+PASS Redirect 302: same origin to cors (preflight after redirection failure case)
+PASS Redirect 302: cors to same origin (preflight after redirection success case)
+PASS Redirect 302: cors to same origin (preflight after redirection failure case)
+PASS Redirect 302: cors to another cors (preflight after redirection success case)
+PASS Redirect 302: cors to another cors (preflight after redirection failure case)
+PASS Redirect 303: same origin to cors (preflight after redirection success case)
+PASS Redirect 303: same origin to cors (preflight after redirection failure case)
+PASS Redirect 303: cors to same origin (preflight after redirection success case)
+PASS Redirect 303: cors to same origin (preflight after redirection failure case)
+PASS Redirect 303: cors to another cors (preflight after redirection success case)
+PASS Redirect 303: cors to another cors (preflight after redirection failure case)
+PASS Redirect 307: same origin to cors (preflight after redirection success case)
+PASS Redirect 307: same origin to cors (preflight after redirection failure case)
+PASS Redirect 307: cors to same origin (preflight after redirection success case)
+PASS Redirect 307: cors to same origin (preflight after redirection failure case)
+PASS Redirect 307: cors to another cors (preflight after redirection success case)
+PASS Redirect 307: cors to another cors (preflight after redirection failure case)
+PASS Redirect 308: same origin to cors (preflight after redirection success case)
+PASS Redirect 308: same origin to cors (preflight after redirection failure case)
+PASS Redirect 308: cors to same origin (preflight after redirection success case)
+PASS Redirect 308: cors to same origin (preflight after redirection failure case)
+PASS Redirect 308: cors to another cors (preflight after redirection success case)
+PASS Redirect 308: cors to another cors (preflight after redirection failure case)
+
Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker-expected.txt (0 => 204795)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker-expected.txt (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker-expected.txt 2016-08-23 10:18:38 UTC (rev 204795)
@@ -0,0 +1,32 @@
+
+PASS Redirect 301: same origin to cors (preflight after redirection success case)
+PASS Redirect 301: same origin to cors (preflight after redirection failure case)
+PASS Redirect 301: cors to same origin (preflight after redirection success case)
+PASS Redirect 301: cors to same origin (preflight after redirection failure case)
+PASS Redirect 301: cors to another cors (preflight after redirection success case)
+PASS Redirect 301: cors to another cors (preflight after redirection failure case)
+PASS Redirect 302: same origin to cors (preflight after redirection success case)
+PASS Redirect 302: same origin to cors (preflight after redirection failure case)
+PASS Redirect 302: cors to same origin (preflight after redirection success case)
+PASS Redirect 302: cors to same origin (preflight after redirection failure case)
+PASS Redirect 302: cors to another cors (preflight after redirection success case)
+PASS Redirect 302: cors to another cors (preflight after redirection failure case)
+PASS Redirect 303: same origin to cors (preflight after redirection success case)
+PASS Redirect 303: same origin to cors (preflight after redirection failure case)
+PASS Redirect 303: cors to same origin (preflight after redirection success case)
+PASS Redirect 303: cors to same origin (preflight after redirection failure case)
+PASS Redirect 303: cors to another cors (preflight after redirection success case)
+PASS Redirect 303: cors to another cors (preflight after redirection failure case)
+PASS Redirect 307: same origin to cors (preflight after redirection success case)
+PASS Redirect 307: same origin to cors (preflight after redirection failure case)
+PASS Redirect 307: cors to same origin (preflight after redirection success case)
+PASS Redirect 307: cors to same origin (preflight after redirection failure case)
+PASS Redirect 307: cors to another cors (preflight after redirection success case)
+PASS Redirect 307: cors to another cors (preflight after redirection failure case)
+PASS Redirect 308: same origin to cors (preflight after redirection success case)
+PASS Redirect 308: same origin to cors (preflight after redirection failure case)
+PASS Redirect 308: cors to same origin (preflight after redirection success case)
+PASS Redirect 308: cors to same origin (preflight after redirection failure case)
+PASS Redirect 308: cors to another cors (preflight after redirection success case)
+PASS Redirect 308: cors to another cors (preflight after redirection failure case)
+
Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker.html (0 => 204795)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker.html (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker.html 2016-08-23 10:18:38 UTC (rev 204795)
@@ -0,0 +1,15 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <title>Fetch in worker: CORS preflight after redirection</title>
+ <meta name="help" href=""
+ <script src=""
+ <script src=""
+ </head>
+ <body>
+ <script>
+ fetch_tests_from_worker(new Worker("cors-redirect-preflight.js"));
+ </script>
+ </body>
+</html>
Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight.html (0 => 204795)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight.html (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight.html 2016-08-23 10:18:38 UTC (rev 204795)
@@ -0,0 +1,16 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <title>Fetch: CORS preflight after redirection</title>
+ <meta name="help" href=""
+ <script src=""
+ <script src=""
+ </head>
+ <body>
+ <script src=""
+ <script src=""
+ <script src=""
+ <script src=""
+ </body>
+</html>
Added: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight.js (0 => 204795)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight.js (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight.js 2016-08-23 10:18:38 UTC (rev 204795)
@@ -0,0 +1,50 @@
+if (this.document === undefined) {
+ importScripts("/resources/testharness.js");
+ importScripts("/common/utils.js");
+ importScripts("../resources/utils.js");
+ importScripts("../resources/get-host-info.sub.js");
+}
+
+function corsRedirect(desc, redirectUrl, redirectLocation, redirectStatus, expectSuccess) {
+ var urlBaseParameters = "&redirect_status=" + redirectStatus;
+ var urlParametersSuccess = urlBaseParameters + "&allow_headers=x-w3c&location=" + encodeURIComponent(redirectLocation + "?allow_headers=x-w3c");
+ var urlParametersFailure = urlBaseParameters + "&location=" + encodeURIComponent(redirectLocation);
+
+ var requestInit = {"mode": "cors", "redirect": "follow", "headers" : [["x-w3c", "test"]]};
+
+ promise_test(function(test) {
+ var uuid_token = token();
+ return fetch(RESOURCES_DIR + "clean-stash.py?token=" + uuid_token).then(function(resp) {
+ return fetch(redirectUrl + "?token=" + uuid_token + "&max_age=0" + urlParametersSuccess, requestInit).then(function(resp) {
+ assert_equals(resp.status, 200, "Response's status is 200");
+ assert_equals(resp.headers.get("x-did-preflight"), "1", "Preflight request has been made");
+ });
+ });
+ }, desc + " (preflight after redirection success case)");
+ promise_test(function(test) {
+ var uuid_token = token();
+ return fetch(RESOURCES_DIR + "clean-stash.py?token=" + uuid_token).then(function(resp) {
+ return promise_rejects(test, new TypeError(), fetch(redirectUrl + "?token=" + uuid_token + "&max_age=0" + urlParametersFailure, requestInit));
+ });
+ }, desc + " (preflight after redirection failure case)");
+}
+
+var redirPath = dirname(location.pathname) + RESOURCES_DIR + "redirect.py";
+var preflightPath = dirname(location.pathname) + RESOURCES_DIR + "preflight.py";
+
+var host_info = get_host_info();
+
+var localRedirect = host_info.HTTP_ORIGIN + redirPath;
+var remoteRedirect = host_info.HTTP_REMOTE_ORIGIN + redirPath;
+
+var localLocation = host_info.HTTP_ORIGIN + preflightPath;
+var remoteLocation = host_info.HTTP_REMOTE_ORIGIN + preflightPath;
+var remoteLocation2 = host_info.HTTP_ORIGIN_WITH_DIFFERENT_PORT + preflightPath;
+
+for (var code of [301, 302, 303, 307, 308]) {
+ corsRedirect("Redirect " + code + ": same origin to cors", localRedirect, remoteLocation, code);
+ corsRedirect("Redirect " + code + ": cors to same origin", remoteRedirect, localLocation, code);
+ corsRedirect("Redirect " + code + ": cors to another cors", remoteRedirect, remoteLocation2, code);
+}
+
+done();
Modified: trunk/Source/WebCore/ChangeLog (204794 => 204795)
--- trunk/Source/WebCore/ChangeLog 2016-08-23 10:15:08 UTC (rev 204794)
+++ trunk/Source/WebCore/ChangeLog 2016-08-23 10:18:38 UTC (rev 204795)
@@ -1,3 +1,20 @@
+2016-08-23 Youenn Fablet <[email protected]>
+
+ Implement redirect support post CORS-preflight
+ https://bugs.webkit.org/show_bug.cgi?id=159056
+
+ Reviewed by Alex Christensen.
+
+ Tests: imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight-worker.html
+ imported/w3c/web-platform-tests/fetch/api/cors/cors-redirect-preflight.html
+ Covered also by rebased tests.
+
+ Enabling to follow cross-origin redirections for not-simple requests, through preflight checks.
+ Making sure that same-origin redirections to cross-origin resources use preflight if they are not simple.
+
+ * loader/DocumentThreadableLoader.cpp:
+ (WebCore::DocumentThreadableLoader::redirectReceived):
+
2016-08-23 Frederic Wang <[email protected]>
Introduce a MathMLRowElement class for mrow-like elements
Modified: trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp (204794 => 204795)
--- trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp 2016-08-23 10:15:08 UTC (rev 204794)
+++ trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp 2016-08-23 10:18:38 UTC (rev 204795)
@@ -232,20 +232,14 @@
ASSERT(m_resource);
ASSERT(m_resource->loader());
ASSERT(m_options.mode == FetchOptions::Mode::Cors);
+ ASSERT(m_originalHeaders);
- // FIXME: We could remove that restriction, since we can use preflighting.
- if (!m_simpleRequest) {
- reportCrossOriginResourceSharingError(*m_client, redirectResponse.url());
- request = ResourceRequest();
- return;
- }
-
// Loader might have modified the origin to a unique one, let's reuse it for subsequent loads.
m_origin = m_resource->loader()->origin();
// Except in case where preflight is needed, loading should be able to continue on its own.
// But we also handle credentials here if it is restricted to SameOrigin.
- if (m_options.credentials != FetchOptions::Credentials::SameOrigin)
+ if (m_options.credentials != FetchOptions::Credentials::SameOrigin && m_simpleRequest && isSimpleCrossOriginAccessRequest(request.httpMethod(), *m_originalHeaders))
return;
m_options.allowCredentials = DoNotAllowStoredCredentials;
@@ -252,7 +246,6 @@
clearResource();
- ASSERT(m_originalHeaders);
// Let's fetch the request with the original headers (equivalent to request cloning specified by fetch algorithm).
// Do not copy the Authorization header if removed by the network layer.
if (!request.httpHeaderFields().contains(HTTPHeaderName::Authorization))
