[webkit-changes] [214254] trunk

[commit-queue]

Title: [214254] trunk

Revision

214254

Author

commit-qu...@webkit.org

Date

2017-03-22 10:18:27 -0700 (Wed, 22 Mar 2017)

Log Message

Safari sends empty "Access-Control-Request-Headers" in preflight request
https://bugs.webkit.org/show_bug.cgi?id=169851

Patch by Youenn Fablet <you...@apple.com> on 2017-03-22
Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

* web-platform-tests/fetch/api/cors/cors-preflight-expected.txt:
* web-platform-tests/fetch/api/cors/cors-preflight.js:

Source/WebCore:

Covered by updated test.

* loader/CrossOriginAccessControl.cpp:
(WebCore::createAccessControlPreflightRequest): Not adding "Access-Control-Request-Headers" to
request header if value is empty.

Modified Paths

• trunk/LayoutTests/imported/w3c/ChangeLog
• trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-expected.txt
• trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-worker-expected.txt
• trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight.js
• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp

Diff

Modified: trunk/LayoutTests/imported/w3c/ChangeLog (214253 => 214254)

--- trunk/LayoutTests/imported/w3c/ChangeLog	2017-03-22 17:15:17 UTC (rev 214253)
+++ trunk/LayoutTests/imported/w3c/ChangeLog	2017-03-22 17:18:27 UTC (rev 214254)
@@ -1,5 +1,15 @@
 2017-03-22  Youenn Fablet  <you...@apple.com>
 
+        Safari sends empty "Access-Control-Request-Headers" in preflight request
+        https://bugs.webkit.org/show_bug.cgi?id=169851
+
+        Reviewed by Chris Dumez.
+
+        * web-platform-tests/fetch/api/cors/cors-preflight-expected.txt:
+        * web-platform-tests/fetch/api/cors/cors-preflight.js:
+
+2017-03-22  Youenn Fablet  <you...@apple.com>
+
         XMLHttpRequest: getAllResponseHeaders() should lowercase header names before sorting
         https://bugs.webkit.org/show_bug.cgi?id=169286
 

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-expected.txt (214253 => 214254)

--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-expected.txt	2017-03-22 17:15:17 UTC (rev 214253)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-expected.txt	2017-03-22 17:18:27 UTC (rev 214254)
@@ -13,4 +13,5 @@
 PASS CORS [GET] [several headers], server refuses 
 PASS CORS [PUT] [several headers], server allows 
 PASS CORS [PUT] [several headers], server refuses 
+PASS CORS [PUT] [only safe headers], server allows 
 

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-worker-expected.txt (214253 => 214254)

--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-worker-expected.txt	2017-03-22 17:15:17 UTC (rev 214253)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-worker-expected.txt	2017-03-22 17:18:27 UTC (rev 214254)
@@ -13,4 +13,5 @@
 PASS CORS [GET] [several headers], server refuses 
 PASS CORS [PUT] [several headers], server allows 
 PASS CORS [PUT] [several headers], server refuses 
+PASS CORS [PUT] [only safe headers], server allows 
 

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight.js (214253 => 214254)

--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight.js	2017-03-22 17:15:17 UTC (rev 214253)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight.js	2017-03-22 17:18:27 UTC (rev 214254)
@@ -99,4 +99,6 @@
 corsPreflight("CORS [PUT] [several headers], server allows", corsUrl, "PUT", true, headers, safeHeaders);
 corsPreflight("CORS [PUT] [several headers], server refuses", corsUrl, "PUT", false, headers, safeHeaders);
 
+corsPreflight("CORS [PUT] [only safe headers], server allows", corsUrl, "PUT", true, null, safeHeaders);
+
 done();

Modified: trunk/Source/WebCore/ChangeLog (214253 => 214254)

--- trunk/Source/WebCore/ChangeLog	2017-03-22 17:15:17 UTC (rev 214253)
+++ trunk/Source/WebCore/ChangeLog	2017-03-22 17:18:27 UTC (rev 214254)
@@ -1,5 +1,18 @@
 2017-03-22  Youenn Fablet  <you...@apple.com>
 
+        Safari sends empty "Access-Control-Request-Headers" in preflight request
+        https://bugs.webkit.org/show_bug.cgi?id=169851
+
+        Reviewed by Chris Dumez.
+
+        Covered by updated test.
+
+        * loader/CrossOriginAccessControl.cpp:
+        (WebCore::createAccessControlPreflightRequest): Not adding "Access-Control-Request-Headers" to
+        request header if value is empty.
+
+2017-03-22  Youenn Fablet  <you...@apple.com>
+
         XMLHttpRequest: getAllResponseHeaders() should lowercase header names before sorting
         https://bugs.webkit.org/show_bug.cgi?id=169286
 

Modified: trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp (214253 => 214254)

--- trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp	2017-03-22 17:15:17 UTC (rev 214253)
+++ trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp	2017-03-22 17:18:27 UTC (rev 214254)
@@ -120,7 +120,8 @@
 
             headerBuffer.append(headerField);
         }
-        preflightRequest.setHTTPHeaderField(HTTPHeaderName::AccessControlRequestHeaders, headerBuffer.toString());
+        if (!headerBuffer.isEmpty())
+            preflightRequest.setHTTPHeaderField(HTTPHeaderName::AccessControlRequestHeaders, headerBuffer.toString());
     }
 
     return preflightRequest;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes