Diff
Modified: trunk/LayoutTests/ChangeLog (224024 => 224025)
--- trunk/LayoutTests/ChangeLog 2017-10-26 17:26:21 UTC (rev 224024)
+++ trunk/LayoutTests/ChangeLog 2017-10-26 17:45:19 UTC (rev 224025)
@@ -1,5 +1,18 @@
2017-10-26 Ryan Haddad <[email protected]>
+ Unreviewed, rolling out r224019.
+
+ This change caused API test WebKit.MSEIsPlayingAudio to time
+ out.
+
+ Reverted changeset:
+
+ "XMLHttpRequest should not treat file URLs as same origin"
+ https://bugs.webkit.org/show_bug.cgi?id=178565
+ https://trac.webkit.org/changeset/224019
+
+2017-10-26 Ryan Haddad <[email protected]>
+
Unreviewed, rolling out r223994.
The LayoutTest for this change is failing.
Deleted: trunk/LayoutTests/fast/xmlhttprequest/resources/xmlhttprequest-access-self-as-blob-real.html (224024 => 224025)
--- trunk/LayoutTests/fast/xmlhttprequest/resources/xmlhttprequest-access-self-as-blob-real.html 2017-10-26 17:26:21 UTC (rev 224024)
+++ trunk/LayoutTests/fast/xmlhttprequest/resources/xmlhttprequest-access-self-as-blob-real.html 2017-10-26 17:45:19 UTC (rev 224025)
@@ -1,41 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<script src=""
-</head>
-<body>
-<div id="console"/>
-<script>
-description("We're checking we can't read from a file-origin Blob.");
-
-window.addEventListener('message', function(event) {
- testPassed('Got the BURL message data');
- if ("BURL" in event.data)
- runTest(event.data.BURL);
-});
-
-testPassed('Added a message handler.');
-
-function runTest(fileBlob) {
- testPassed('Executing Blob URL test.');
-
- var xhr = new XMLHttpRequest();
- try {
- xhr.open("GET", fileBlob, false);
- xhr.send("");
- } catch (e) {
- testFailed("Exception: " + e.message);
- }
-
- debug("Response length: " + xhr.responseText.length);
- if (xhr.responseText == "")
- testPassed('Access was not permitted.');
- else
- testFailed('We should not have gotten a response.');
-
- window.parent.postMessage('done', '*');
-}
-</script>
-<script src=""
-</body>
-</html>
\ No newline at end of file
Deleted: trunk/LayoutTests/fast/xmlhttprequest/resources/xmlhttprequest-access-self-as-file-real.html (224024 => 224025)
--- trunk/LayoutTests/fast/xmlhttprequest/resources/xmlhttprequest-access-self-as-file-real.html 2017-10-26 17:26:21 UTC (rev 224024)
+++ trunk/LayoutTests/fast/xmlhttprequest/resources/xmlhttprequest-access-self-as-file-real.html 2017-10-26 17:45:19 UTC (rev 224025)
@@ -1,39 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<script>
-if (window.testRunner)
- testRunner.waitUntilDone();
-
-function log(message)
-{
- var console = document.getElementById('console');
- console.appendChild(document.createTextNode(message));
- console.appendChild(document.createElement('br'));
-}
-
-function runTest() {
- var xhr = new XMLHttpRequest();
- try {
- xhr.open("GET", "", false);
- xhr.send("");
- } catch (e) {
- log("Exception: " + e.message);
- }
-
- log("Response length: " + xhr.responseText.length);
- if (xhr.responseText == "")
- log('PASSED: Access was not permitted.');
- else
- log('FAILED: We should not have gotten a response.');
-
- if (window.testRunner)
- testRunner.notifyDone();
-}
-</script>
-</head>
-<body _onload_="runTest()">
- <p> We're checking we can't read the current file. </p>
- <div id="console"/>
-</body>
-</html>
\ No newline at end of file
Deleted: trunk/LayoutTests/fast/xmlhttprequest/xmlhttprequest-access-self-as-blob-expected.txt (224024 => 224025)
--- trunk/LayoutTests/fast/xmlhttprequest/xmlhttprequest-access-self-as-blob-expected.txt 2017-10-26 17:26:21 UTC (rev 224024)
+++ trunk/LayoutTests/fast/xmlhttprequest/xmlhttprequest-access-self-as-blob-expected.txt 2017-10-26 17:45:19 UTC (rev 224025)
@@ -1,40 +0,0 @@
-CONSOLE MESSAGE: line 25: XMLHttpRequest cannot load [object%20File]. Cross origin requests are only supported for HTTP.
-
-Tests that you cannot XHR to the current file as a file-origin Blob.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-Got files: resources/xmlhttprequest-access-self-as-blob-real.html
-PASS Moved to center of file input.
-PASS Drag event received.
-PASS Generated file-origin blob successfully.
-PASS Sent Blob URL to frame.
-PASS Recvied message
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
-
---------
-Frame: '<!--framePath //<!--frame0-->-->'
---------
-We're checking we can't read from a file-origin Blob.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-
-PASS Added a message handler.
-
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
-
-PASS Got the BURL message data
-PASS Executing Blob URL test.
-FAIL Exception: A network error occurred.
-Response length: 0
-PASS Access was not permitted.
-
Deleted: trunk/LayoutTests/fast/xmlhttprequest/xmlhttprequest-access-self-as-blob.html (224024 => 224025)
--- trunk/LayoutTests/fast/xmlhttprequest/xmlhttprequest-access-self-as-blob.html 2017-10-26 17:26:21 UTC (rev 224024)
+++ trunk/LayoutTests/fast/xmlhttprequest/xmlhttprequest-access-self-as-blob.html 2017-10-26 17:45:19 UTC (rev 224025)
@@ -1,64 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<script src=""
-</head>
-<body>
-<input type="file" id="singleFile" name="upfile" _onchange_="onFileChanged()" />
-<div id="console"></div>
-<script>
-description("Tests that you cannot XHR to the current file as a file-origin Blob.");
-
-window.jsTestIsAsync = true;
-
-const sourcePath = "resources/xmlhttprequest-access-self-as-blob-real.html";
-var fileUrl;
-
-window.addEventListener('message', function(event) {
- testPassed('Recvied message');
- if (event.data ="" 'done')
- finishJSTest();
-});
-
-if (window.testRunner) {
- testRunner.dumpAsText();
- testRunner.dumpChildFramesAsText();
- testRunner.setAllowUniversalAccessFromFileURLs(false);
-
- var singleFileInput = document.getElementById("singleFile");
- dragFilesOntoInput(singleFileInput, [sourcePath]);
-}
-
-function onFileChanged() {
- testPassed("Drag event received.");
- var file = document.getElementById("singleFile").files[0];
- testPassed("Generated file-origin blob successfully.");
-
- var frameTarget = document.createElement('iframe');
- frameTarget.src = ""
- document.body.appendChild(frameTarget);
-
- setTimeout(function() {
- window.frames[0].postMessage( { BURL: file }, '*');
- testPassed('Sent Blob URL to frame.');
- }, 0);
-}
-
-function moveMouseToCenterOfElement(element)
-{
- var centerX = element.offsetLeft + element.offsetWidth / 2;
- var centerY = element.offsetTop + element.offsetHeight / 2;
- eventSender.mouseMoveTo(centerX, centerY);
- testPassed("Moved to center of file input.");
-}
-
-function dragFilesOntoInput(input, files) {
- debug("Got files: " + files);
- eventSender.beginDragWithFiles(files);
- moveMouseToCenterOfElement(input);
- eventSender.mouseUp();
-}
-</script>
-<script src=""
-</body>
-</html>
Deleted: trunk/LayoutTests/fast/xmlhttprequest/xmlhttprequest-access-self-as-file-expected.txt (224024 => 224025)
--- trunk/LayoutTests/fast/xmlhttprequest/xmlhttprequest-access-self-as-file-expected.txt 2017-10-26 17:26:21 UTC (rev 224024)
+++ trunk/LayoutTests/fast/xmlhttprequest/xmlhttprequest-access-self-as-file-expected.txt 2017-10-26 17:45:19 UTC (rev 224025)
@@ -1,20 +0,0 @@
-CONSOLE MESSAGE: line 19: XMLHttpRequest cannot load xmlhttprequest-access-self-as-file-real.html. Cross origin requests are only supported for HTTP.
-Tests that you cannot XHR to the current file URL.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
-
---------
-Frame: '<!--framePath //<!--frame0-->-->'
---------
-We're checking we can't read the current file.
-
-Exception: A network error occurred.
-Response length: 0
-PASSED: Access was not permitted.
-
Deleted: trunk/LayoutTests/fast/xmlhttprequest/xmlhttprequest-access-self-as-file.html (224024 => 224025)
--- trunk/LayoutTests/fast/xmlhttprequest/xmlhttprequest-access-self-as-file.html 2017-10-26 17:26:21 UTC (rev 224024)
+++ trunk/LayoutTests/fast/xmlhttprequest/xmlhttprequest-access-self-as-file.html 2017-10-26 17:45:19 UTC (rev 224025)
@@ -1,18 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<script src=""
-<script>
-description("Tests that you cannot XHR to the current file URL.");
-
-if (window.testRunner) {
- testRunner.dumpAsText();
- testRunner.dumpChildFramesAsText();
- testRunner.setAllowUniversalAccessFromFileURLs(false);
-}
-</script>
-</head>
-<body>
-<iframe src=""
-</body>
-</html>
Modified: trunk/LayoutTests/fast/xmlhttprequest/xmlhttprequest-nonexistent-file-expected.txt (224024 => 224025)
--- trunk/LayoutTests/fast/xmlhttprequest/xmlhttprequest-nonexistent-file-expected.txt 2017-10-26 17:26:21 UTC (rev 224024)
+++ trunk/LayoutTests/fast/xmlhttprequest/xmlhttprequest-nonexistent-file-expected.txt 2017-10-26 17:45:19 UTC (rev 224025)
@@ -1,5 +1,5 @@
-CONSOLE MESSAGE: line 64: XMLHttpRequest cannot load nonexistent.html. Cross origin requests are only supported for HTTP.
-CONSOLE MESSAGE: line 42: XMLHttpRequest cannot load . Cross origin requests are only supported for HTTP.
+CONSOLE MESSAGE: line 64: Not allowed to load local resource: nonexistent.html
+CONSOLE MESSAGE: line 64: XMLHttpRequest cannot load nonexistent.html. Not allowed to request resource
Bug 22475: REGRESSION: Async XMLHttpRequest never finishes on nonexistent files anymore
@@ -13,5 +13,4 @@
Doing an XHR to a directory.
ReadyState handler: readyState = 1
ReadyState handler: readyState = 4
-Error handler: readyState = 4
Modified: trunk/LayoutTests/platform/ios/fast/xmlhttprequest/xmlhttprequest-nonexistent-file-expected.txt (224024 => 224025)
--- trunk/LayoutTests/platform/ios/fast/xmlhttprequest/xmlhttprequest-nonexistent-file-expected.txt 2017-10-26 17:26:21 UTC (rev 224024)
+++ trunk/LayoutTests/platform/ios/fast/xmlhttprequest/xmlhttprequest-nonexistent-file-expected.txt 2017-10-26 17:45:19 UTC (rev 224025)
@@ -1,5 +1,3 @@
-CONSOLE MESSAGE: line 64: XMLHttpRequest cannot load nonexistent.html. Cross origin requests are only supported for HTTP.
-CONSOLE MESSAGE: line 42: XMLHttpRequest cannot load . Cross origin requests are only supported for HTTP.
Bug 22475: REGRESSION: Async XMLHttpRequest never finishes on nonexistent files anymore
@@ -13,5 +11,4 @@
Doing an XHR to a directory.
ReadyState handler: readyState = 1
ReadyState handler: readyState = 4
-Error handler: readyState = 4
Modified: trunk/LayoutTests/platform/wk2/TestExpectations (224024 => 224025)
--- trunk/LayoutTests/platform/wk2/TestExpectations 2017-10-26 17:26:21 UTC (rev 224024)
+++ trunk/LayoutTests/platform/wk2/TestExpectations 2017-10-26 17:45:19 UTC (rev 224025)
@@ -196,7 +196,6 @@
fast/events/moving-text-should-fire-drop-and-dragend-events-2.html
fast/events/ondrop-text-html.html
editing/pasteboard/drag-drop-url-with-style.html
-fast/xmlhttprequest/xmlhttprequest-access-self-as-blob.html
# WTR needs an implementation for eventSender.continuousMouseScrollBy
# https://bugs.webkit.org/show_bug.cgi?id=69417
Modified: trunk/Source/WebCore/ChangeLog (224024 => 224025)
--- trunk/Source/WebCore/ChangeLog 2017-10-26 17:26:21 UTC (rev 224024)
+++ trunk/Source/WebCore/ChangeLog 2017-10-26 17:45:19 UTC (rev 224025)
@@ -1,5 +1,18 @@
2017-10-26 Ryan Haddad <[email protected]>
+ Unreviewed, rolling out r224019.
+
+ This change caused API test WebKit.MSEIsPlayingAudio to time
+ out.
+
+ Reverted changeset:
+
+ "XMLHttpRequest should not treat file URLs as same origin"
+ https://bugs.webkit.org/show_bug.cgi?id=178565
+ https://trac.webkit.org/changeset/224019
+
+2017-10-26 Ryan Haddad <[email protected]>
+
Unreviewed, rolling out r223994.
The LayoutTest for this change is failing.
Modified: trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp (224024 => 224025)
--- trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp 2017-10-26 17:26:21 UTC (rev 224024)
+++ trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp 2017-10-26 17:45:19 UTC (rev 224025)
@@ -94,7 +94,7 @@
, m_options(options)
, m_origin(WTFMove(origin))
, m_referrer(WTFMove(referrer))
- , m_sameOriginRequest(securityOrigin().requestIsSameOrigin(request))
+ , m_sameOriginRequest(securityOrigin().canRequest(request.url()))
, m_simpleRequest(true)
, m_async(blockingBehavior == LoadAsynchronously)
, m_delayCallbacksForIntegrityCheck(!m_options.integrity.isEmpty())
Modified: trunk/Source/WebCore/page/SecurityOrigin.cpp (224024 => 224025)
--- trunk/Source/WebCore/page/SecurityOrigin.cpp 2017-10-26 17:26:21 UTC (rev 224024)
+++ trunk/Source/WebCore/page/SecurityOrigin.cpp 2017-10-26 17:45:19 UTC (rev 224025)
@@ -31,7 +31,6 @@
#include "BlobURL.h"
#include "FileSystem.h"
-#include "ResourceRequest.h"
#include "URL.h"
#include "SchemeRegistry.h"
#include "SecurityPolicy.h"
@@ -317,27 +316,6 @@
return false;
}
-bool SecurityOrigin::requestIsSameOrigin(const ResourceRequest& request)
-{
- if (m_universalAccess)
- return true;
-
- if (!canRequest(request.url()))
- return false;
-
- if (request.requester() != ResourceRequest::Requester::XHR)
- return true;
-
- // XHR to a file URL should never be treated as same-origin.
- if (request.url().protocolIs("file"))
- return false;
-
- if (auto blobOrigin = getCachedOrigin(request.url()))
- return blobOrigin->protocol() != "file";
-
- return true;
-}
-
bool SecurityOrigin::canReceiveDragData(const SecurityOrigin& dragInitiator) const
{
if (this == &dragInitiator)
Modified: trunk/Source/WebCore/page/SecurityOrigin.h (224024 => 224025)
--- trunk/Source/WebCore/page/SecurityOrigin.h 2017-10-26 17:26:21 UTC (rev 224024)
+++ trunk/Source/WebCore/page/SecurityOrigin.h 2017-10-26 17:45:19 UTC (rev 224025)
@@ -33,7 +33,6 @@
namespace WebCore {
-class ResourceRequest;
class URL;
class SecurityOrigin : public ThreadSafeRefCounted<SecurityOrigin> {
@@ -150,8 +149,6 @@
bool canRequestGeolocation() const { return !isUnique(); }
Policy canShowNotifications() const;
- bool requestIsSameOrigin(const ResourceRequest&);
-
// The local SecurityOrigin is the most privileged SecurityOrigin.
// The local SecurityOrigin can script any document, navigate to local
// resources, and can set arbitrary headers on XMLHttpRequests.
