Diff
Modified: trunk/LayoutTests/ChangeLog (224368 => 224369)
--- trunk/LayoutTests/ChangeLog 2017-11-03 01:30:01 UTC (rev 224368)
+++ trunk/LayoutTests/ChangeLog 2017-11-03 01:36:37 UTC (rev 224369)
@@ -1,3 +1,18 @@
+2017-11-02 Youenn Fablet <[email protected]>
+
+ Do not check for CORS in case response is coming from a service worker
+ https://bugs.webkit.org/show_bug.cgi?id=179177
+
+ Reviewed by Chris Dumez.
+
+ * http/tests/workers/service/cors-image-fetch-expected.txt: Added.
+ * http/tests/workers/service/cors-image-fetch.html: Added.
+ * http/tests/workers/service/resources/cors-image-fetch-worker.js: Added.
+ * http/tests/workers/service/resources/cors-image-fetch.js: Added.
+ * http/tests/workers/service/resources/tainted-image-fetch.js: Added.
+ * http/tests/workers/service/tainted-image-fetch-expected.txt: Added.
+ * http/tests/workers/service/tainted-image-fetch.html: Added.
+
2017-11-02 Ryan Haddad <[email protected]>
Skip editing/selection/move-by-word-visually-multi-space.html on iOS debug bots.
Added: trunk/LayoutTests/http/tests/workers/service/cors-image-fetch-expected.txt (0 => 224369)
--- trunk/LayoutTests/http/tests/workers/service/cors-image-fetch-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/workers/service/cors-image-fetch-expected.txt 2017-11-03 01:36:37 UTC (rev 224369)
@@ -0,0 +1,9 @@
+
+Registering service worker
+Service worker registered
+Status is no status
+Loading image
+PASS: Loaded image
+Status is Got response for http://localhost:8000/resources/square100.png, status code is 200
+Image size: 100x100
+
Added: trunk/LayoutTests/http/tests/workers/service/cors-image-fetch.html (0 => 224369)
--- trunk/LayoutTests/http/tests/workers/service/cors-image-fetch.html (rev 0)
+++ trunk/LayoutTests/http/tests/workers/service/cors-image-fetch.html 2017-11-03 01:36:37 UTC (rev 224369)
@@ -0,0 +1,9 @@
+<html>
+<head>
+<script src=""
+</head>
+<body>
+ <img id="image" _onload_="loadedImage()" _onerror_="erroredImage()"></img>
+ <script src=""
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/workers/service/resources/cors-image-fetch-worker.js (0 => 224369)
--- trunk/LayoutTests/http/tests/workers/service/resources/cors-image-fetch-worker.js (rev 0)
+++ trunk/LayoutTests/http/tests/workers/service/resources/cors-image-fetch-worker.js 2017-11-03 01:36:37 UTC (rev 224369)
@@ -0,0 +1,24 @@
+var response;
+var status = "no status";
+self.addEventListener("fetch", (event) => {
+ if (event.request.url.indexOf("status") !== -1) {
+ event.respondWith(new Response(null, {status: 200, statusText: status}));
+ return;
+ }
+ if (!event.request.url.endsWith(".fromserviceworker")) {
+ status = "unknown url";
+ event.respondWith(new Response(null, {status: 404, statusText: "Not Found"}));
+ return;
+ }
+ url = "" event.request.url.length - 18).substring(21);
+ status = "Fetching " + url;
+ event.respondWith(fetch(url).then((r) => {
+ response = r;
+ status = "Got response for " + event.request.url.substring(0, event.request.url.length - 18) + ", status code is " + response.status;
+ return response.arrayBuffer();
+ }).then((buffer) => {
+ var headers = new Headers(response.headers);
+ headers.set("cache-control", "no-cache");
+ return new Response(buffer, {headers: headers});
+ }));
+});
Added: trunk/LayoutTests/http/tests/workers/service/resources/cors-image-fetch.js (0 => 224369)
--- trunk/LayoutTests/http/tests/workers/service/resources/cors-image-fetch.js (rev 0)
+++ trunk/LayoutTests/http/tests/workers/service/resources/cors-image-fetch.js 2017-11-03 01:36:37 UTC (rev 224369)
@@ -0,0 +1,39 @@
+async function loadedImage()
+{
+ log("PASS: Loaded image");
+ await logStatus();
+ log("Image size: " + image.width + "x" + image.height);
+ finishSWTest();
+}
+
+async function erroredImage()
+{
+ log("FAIL: image loading failed");
+ await logStatus();
+ finishSWTest();
+}
+
+async function logStatus()
+{
+ var response = await fetch("status");
+ log("Status is " + response.statusText);
+}
+
+async function test()
+{
+ try {
+ log("Registering service worker");
+ await navigator.serviceWorker.register("resources/cors-image-fetch-worker.js", { });
+ log("Service worker registered");
+
+ await logStatus();
+ log("Loading image");
+ image.crossOrigin = "anonymous";
+ image.src = ""
+ } catch(e) {
+ log("Got exception: " + e);
+ await logStatus();
+ }
+}
+
+test();
Added: trunk/LayoutTests/http/tests/workers/service/resources/tainted-image-fetch.js (0 => 224369)
--- trunk/LayoutTests/http/tests/workers/service/resources/tainted-image-fetch.js (rev 0)
+++ trunk/LayoutTests/http/tests/workers/service/resources/tainted-image-fetch.js 2017-11-03 01:36:37 UTC (rev 224369)
@@ -0,0 +1,46 @@
+async function loadedImage()
+{
+ log("PASS: Loaded image");
+ await logStatus();
+ log("Image size: " + image.width + "x" + image.height);
+
+ canvas.getContext("2d").drawImage(image, 0, 0);
+ try {
+ canvas.toDataURL("image/jpeg");
+ log("FAIL: Image is not tainted");
+ } catch (e) {
+ log("PASS: canvas toDataURL fails with " + e);
+ }
+ finishSWTest();
+}
+
+async function erroredImage()
+{
+ log("FAIL: image loading failed");
+ await logStatus();
+ finishSWTest();
+}
+
+async function logStatus()
+{
+ var response = await fetch("status");
+ log("Status is " + response.statusText);
+}
+
+async function test()
+{
+ try {
+ log("Registering service worker");
+ await navigator.serviceWorker.register("resources/cors-image-fetch-worker.js", { });
+ log("Service worker registered");
+
+ await logStatus();
+ log("Loading image");
+ image.src = ""
+ } catch(e) {
+ log("Got exception: " + e);
+ await logStatus();
+ }
+}
+
+test();
Added: trunk/LayoutTests/http/tests/workers/service/tainted-image-fetch-expected.txt (0 => 224369)
--- trunk/LayoutTests/http/tests/workers/service/tainted-image-fetch-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/workers/service/tainted-image-fetch-expected.txt 2017-11-03 01:36:37 UTC (rev 224369)
@@ -0,0 +1,10 @@
+
+Registering service worker
+Service worker registered
+Status is no status
+Loading image
+PASS: Loaded image
+Status is Got response for http://localhost:8000/resources/square100.png, status code is 200
+Image size: 100x100
+PASS: canvas toDataURL fails with SecurityError: The operation is insecure.
+
Added: trunk/LayoutTests/http/tests/workers/service/tainted-image-fetch.html (0 => 224369)
--- trunk/LayoutTests/http/tests/workers/service/tainted-image-fetch.html (rev 0)
+++ trunk/LayoutTests/http/tests/workers/service/tainted-image-fetch.html 2017-11-03 01:36:37 UTC (rev 224369)
@@ -0,0 +1,10 @@
+<html>
+<head>
+<script src=""
+</head>
+<body>
+ <img id="image" _onload_="loadedImage()" _onerror_="erroredImage()"></img>
+ <canvas id="canvas"></canvas>
+ <script src=""
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (224368 => 224369)
--- trunk/Source/WebCore/ChangeLog 2017-11-03 01:30:01 UTC (rev 224368)
+++ trunk/Source/WebCore/ChangeLog 2017-11-03 01:36:37 UTC (rev 224369)
@@ -1,3 +1,19 @@
+2017-11-02 Youenn Fablet <[email protected]>
+
+ Do not check for CORS in case response is coming from a service worker
+ https://bugs.webkit.org/show_bug.cgi?id=179177
+
+ Reviewed by Chris Dumez.
+
+ Test: http/tests/workers/service/cors-image-fetch.html
+
+ As per fetch spec, CORS check (https://fetch.spec.whatwg.org/#cors-check) is done
+ within HTTP fetch (https://fetch.spec.whatwg.org/#http-fetch).
+ It does not apply to fetches handled by service workers.
+
+ * loader/SubresourceLoader.cpp:
+ (WebCore::SubresourceLoader::checkResponseCrossOriginAccessControl):
+
2017-11-02 Joseph Pecoraro <[email protected]>
Make ServiceWorker a Remote Inspector debuggable target
Modified: trunk/Source/WebCore/loader/SubresourceLoader.cpp (224368 => 224369)
--- trunk/Source/WebCore/loader/SubresourceLoader.cpp 2017-11-03 01:30:01 UTC (rev 224368)
+++ trunk/Source/WebCore/loader/SubresourceLoader.cpp 2017-11-03 01:36:37 UTC (rev 224369)
@@ -478,6 +478,11 @@
if (!m_resource->isCrossOrigin() || options().mode != FetchOptions::Mode::Cors)
return true;
+#if ENABLE(SERVICE_WORKER)
+ if (response.source() == ResourceResponse::Source::ServiceWorker)
+ return true;
+#endif
+
ASSERT(m_origin);
return passesAccessControlCheck(response, options().storedCredentialsPolicy, *m_origin, errorDescription);
}
