[webkit-changes] [205134] trunk

Mon, 29 Aug 2016 12:07:56 -0700

Title: [205134] trunk
Revision
205134
Author
[email protected]
Date
2016-08-29 12:07:59 -0700 (Mon, 29 Aug 2016)

Log Message

Image Loader should use FetchOptions::mode according its crossOrigin attribute
https://bugs.webkit.org/show_bug.cgi?id=161309

Patch by Youenn Fablet <[email protected]> on 2016-08-29
Reviewed by Darin Adler.

Source/WebCore:

Test: http/tests/security/load-image-after-redirection.html

* loader/ImageLoader.cpp:
(WebCore::ImageLoader::updateFromElement): Using CachedResourceRequest::setAsPotentiallyCrossOrigin to set fetch mode.

LayoutTests:

* http/tests/security/load-image-after-redirection-expected.txt: Added.
* http/tests/security/load-image-after-redirection.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (205133 => 205134)


--- trunk/LayoutTests/ChangeLog	2016-08-29 19:07:22 UTC (rev 205133)
+++ trunk/LayoutTests/ChangeLog	2016-08-29 19:07:59 UTC (rev 205134)
@@ -1,3 +1,13 @@
+2016-08-29  Youenn Fablet  <[email protected]>
+
+        Image Loader should use FetchOptions::mode according its crossOrigin attribute
+        https://bugs.webkit.org/show_bug.cgi?id=161309
+
+        Reviewed by Darin Adler.
+
+        * http/tests/security/load-image-after-redirection-expected.txt: Added.
+        * http/tests/security/load-image-after-redirection.html: Added.
+
 2016-08-29  Jiewen Tan  <[email protected]>
 
         Unreviewed, update iOS simulator WK1 flaky tests.

Added: trunk/LayoutTests/http/tests/security/load-image-after-redirection-expected.txt (0 => 205134)


--- trunk/LayoutTests/http/tests/security/load-image-after-redirection-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/load-image-after-redirection-expected.txt	2016-08-29 19:07:59 UTC (rev 205134)
@@ -0,0 +1,7 @@
+CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8000/security/resources/abe-allow-star.php denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Cross-origin image load denied by Cross-Origin Resource Sharing policy.
+ 
+
+PASS Loading an image in no-cors mode after a CORS invalid redirection is ok 
+PASS Loading an image in cors mode after a CORS invalid redirection is stopped 
+

Added: trunk/LayoutTests/http/tests/security/load-image-after-redirection.html (0 => 205134)


--- trunk/LayoutTests/http/tests/security/load-image-after-redirection.html	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/load-image-after-redirection.html	2016-08-29 19:07:59 UTC (rev 205134)
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Testing redirection with images fetched with cors mode</title>
+
+<script src=""
+<script src=""
+</head>
+<body>
+<img id="image1" style="visibility:hidden"></img>
+<img id="image2"crossorigin="anonymous" style="visibility:hidden"></img>
+<script type="text/_javascript_">
+var imageURLAfterCORSInvalidRedirection = "http://localhost:8000/resources/redirect.php?url=""
+promise_test((test) => {
+    return new Promise((resolve, reject) => {
+        var image = document.getElementById("image1");
+        image._onload_ = resolve;
+        image._onerror_ = () => { reject("image loading failed unexpectedly"); };
+        image.src = ""
+    });
+}, "Loading an image in no-cors mode after a CORS invalid redirection is ok");
+
+promise_test((test) => {
+    return new Promise((resolve, reject) => {
+        var image = document.getElementById("image2");
+        image._onerror_ = resolve;
+        image._onload_ = () => { reject("image loading succeeded unexpectedly"); };
+        image.src = ""
+    });
+}, "Loading an image in cors mode after a CORS invalid redirection is stopped");
+</script>
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (205133 => 205134)


--- trunk/Source/WebCore/ChangeLog	2016-08-29 19:07:22 UTC (rev 205133)
+++ trunk/Source/WebCore/ChangeLog	2016-08-29 19:07:59 UTC (rev 205134)
@@ -1,3 +1,15 @@
+2016-08-29  Youenn Fablet  <[email protected]>
+
+        Image Loader should use FetchOptions::mode according its crossOrigin attribute
+        https://bugs.webkit.org/show_bug.cgi?id=161309
+
+        Reviewed by Darin Adler.
+
+        Test: http/tests/security/load-image-after-redirection.html
+
+        * loader/ImageLoader.cpp:
+        (WebCore::ImageLoader::updateFromElement): Using CachedResourceRequest::setAsPotentiallyCrossOrigin to set fetch mode.
+
 2016-08-29  Frederic Wang  <[email protected]>
 
         Use MathMLPresentationElement for all MathML presentation tags

Modified: trunk/Source/WebCore/loader/ImageLoader.cpp (205133 => 205134)


--- trunk/Source/WebCore/loader/ImageLoader.cpp	2016-08-29 19:07:22 UTC (rev 205133)
+++ trunk/Source/WebCore/loader/ImageLoader.cpp	2016-08-29 19:07:59 UTC (rev 205134)
@@ -179,12 +179,7 @@
         CachedResourceRequest request(ResourceRequest(document.completeURL(sourceURI(attr))), options);
         request.setInitiator(&element());
 
-        String crossOriginMode = element().attributeWithoutSynchronization(HTMLNames::crossoriginAttr);
-        if (!crossOriginMode.isNull()) {
-            StoredCredentials allowCredentials = equalLettersIgnoringASCIICase(crossOriginMode, "use-credentials") ? AllowStoredCredentials : DoNotAllowStoredCredentials;
-            ASSERT(document.securityOrigin());
-            updateRequestForAccessControl(request.mutableResourceRequest(), *document.securityOrigin(), allowCredentials);
-        }
+        request.setAsPotentiallyCrossOrigin(element().attributeWithoutSynchronization(HTMLNames::crossoriginAttr), document);
 
         if (m_loadManually) {
             bool autoLoadOtherImages = document.cachedResourceLoader().autoLoadImages();

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to