[webkit-changes] [214779] releases/WebKitGTK/webkit-2.16

Mon, 03 Apr 2017 05:56:58 -0700

Title: [214779] releases/WebKitGTK/webkit-2.16
Revision
214779
Author
carlo...@webkit.org
Date
2017-04-03 05:56:35 -0700 (Mon, 03 Apr 2017)

Log Message

Merge r214254 - Safari sends empty "Access-Control-Request-Headers" in preflight request
https://bugs.webkit.org/show_bug.cgi?id=169851

Patch by Youenn Fablet <you...@apple.com> on 2017-03-22
Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

* web-platform-tests/fetch/api/cors/cors-preflight-expected.txt:
* web-platform-tests/fetch/api/cors/cors-preflight.js:

Source/WebCore:

Covered by updated test.

* loader/CrossOriginAccessControl.cpp:
(WebCore::createAccessControlPreflightRequest): Not adding "Access-Control-Request-Headers" to
request header if value is empty.

Modified Paths

Diff

Modified: releases/WebKitGTK/webkit-2.16/LayoutTests/imported/w3c/ChangeLog (214778 => 214779)


--- releases/WebKitGTK/webkit-2.16/LayoutTests/imported/w3c/ChangeLog	2017-04-03 12:39:18 UTC (rev 214778)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/imported/w3c/ChangeLog	2017-04-03 12:56:35 UTC (rev 214779)
@@ -1,3 +1,13 @@
+2017-03-22  Youenn Fablet  <you...@apple.com>
+
+        Safari sends empty "Access-Control-Request-Headers" in preflight request
+        https://bugs.webkit.org/show_bug.cgi?id=169851
+
+        Reviewed by Chris Dumez.
+
+        * web-platform-tests/fetch/api/cors/cors-preflight-expected.txt:
+        * web-platform-tests/fetch/api/cors/cors-preflight.js:
+
 2017-03-10  Antti Koivisto  <an...@apple.com>
 
         imported/w3c/web-platform-tests/html/semantics/embedded-content/the-img-element/sizes/parse-a-sizes-attribute.html is unreliable

Modified: releases/WebKitGTK/webkit-2.16/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-expected.txt (214778 => 214779)


--- releases/WebKitGTK/webkit-2.16/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-expected.txt	2017-04-03 12:39:18 UTC (rev 214778)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-expected.txt	2017-04-03 12:56:35 UTC (rev 214779)
@@ -13,4 +13,5 @@
 PASS CORS [GET] [several headers], server refuses 
 PASS CORS [PUT] [several headers], server allows 
 PASS CORS [PUT] [several headers], server refuses 
+PASS CORS [PUT] [only safe headers], server allows

Modified: releases/WebKitGTK/webkit-2.16/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-worker-expected.txt (214778 => 214779)


--- releases/WebKitGTK/webkit-2.16/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-worker-expected.txt	2017-04-03 12:39:18 UTC (rev 214778)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-worker-expected.txt	2017-04-03 12:56:35 UTC (rev 214779)
@@ -13,4 +13,5 @@
 PASS CORS [GET] [several headers], server refuses 
 PASS CORS [PUT] [several headers], server allows 
 PASS CORS [PUT] [several headers], server refuses 
+PASS CORS [PUT] [only safe headers], server allows

Modified: releases/WebKitGTK/webkit-2.16/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight.js (214778 => 214779)


--- releases/WebKitGTK/webkit-2.16/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight.js	2017-04-03 12:39:18 UTC (rev 214778)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight.js	2017-04-03 12:56:35 UTC (rev 214779)
@@ -99,4 +99,6 @@
 corsPreflight("CORS [PUT] [several headers], server allows", corsUrl, "PUT", true, headers, safeHeaders);
 corsPreflight("CORS [PUT] [several headers], server refuses", corsUrl, "PUT", false, headers, safeHeaders);
 
+corsPreflight("CORS [PUT] [only safe headers], server allows", corsUrl, "PUT", true, null, safeHeaders);
+
 done();

Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog (214778 => 214779)


--- releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-04-03 12:39:18 UTC (rev 214778)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-04-03 12:56:35 UTC (rev 214779)
@@ -1,3 +1,16 @@
+2017-03-22  Youenn Fablet  <you...@apple.com>
+
+        Safari sends empty "Access-Control-Request-Headers" in preflight request
+        https://bugs.webkit.org/show_bug.cgi?id=169851
+
+        Reviewed by Chris Dumez.
+
+        Covered by updated test.
+
+        * loader/CrossOriginAccessControl.cpp:
+        (WebCore::createAccessControlPreflightRequest): Not adding "Access-Control-Request-Headers" to
+        request header if value is empty.
+
 2017-03-21  Sergio Villar Senin  <svil...@igalia.com>
 
         [Soup] "Only from websites I visit" cookie policy is broken

Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/loader/CrossOriginAccessControl.cpp (214778 => 214779)


--- releases/WebKitGTK/webkit-2.16/Source/WebCore/loader/CrossOriginAccessControl.cpp	2017-04-03 12:39:18 UTC (rev 214778)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/loader/CrossOriginAccessControl.cpp	2017-04-03 12:56:35 UTC (rev 214779)
@@ -120,7 +120,8 @@
 
             headerBuffer.append(headerField);
         }
-        preflightRequest.setHTTPHeaderField(HTTPHeaderName::AccessControlRequestHeaders, headerBuffer.toString());
+        if (!headerBuffer.isEmpty())
+            preflightRequest.setHTTPHeaderField(HTTPHeaderName::AccessControlRequestHeaders, headerBuffer.toString());
     }
 
     return preflightRequest;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to