[webkit-changes] [226090] trunk

[commit-queue]

Title: [226090] trunk

Revision

226090

Author

commit-qu...@webkit.org

Date

2017-12-18 17:55:40 -0800 (Mon, 18 Dec 2017)

Log Message

Service worker served response tainting should keep its tainting
https://bugs.webkit.org/show_bug.cgi?id=180952

Patch by Youenn Fablet <you...@apple.com> on 2017-12-18
Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

* web-platform-tests/service-workers/service-worker/fetch-event-redirect.https-expected.txt:
* web-platform-tests/service-workers/service-worker/fetch-response-taint.https-expected.txt:

Source/WebCore:

Covered by rebased tests.

* loader/cache/CachedResource.cpp:
(WebCore::CachedResource::setResponse):

LayoutTests:

* http/tests/workers/service/resources/tainted-image-fetch.js:
(async.test): Updated erroneous test. This test is laoding a cross origin image.
through a service worker which instead provides a synthetic response which
should be considered as same origin.
* http/tests/workers/service/tainted-image-fetch-expected.txt:

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/LayoutTests/http/tests/workers/service/resources/tainted-image-fetch.js
• trunk/LayoutTests/http/tests/workers/service/tainted-image-fetch-expected.txt
• trunk/LayoutTests/imported/w3c/ChangeLog
• trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-event-redirect.https-expected.txt
• trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-response-taint.https-expected.txt
• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/loader/cache/CachedResource.cpp

Diff

Modified: trunk/LayoutTests/ChangeLog (226089 => 226090)

--- trunk/LayoutTests/ChangeLog	2017-12-19 01:39:22 UTC (rev 226089)
+++ trunk/LayoutTests/ChangeLog	2017-12-19 01:55:40 UTC (rev 226090)
@@ -1,3 +1,16 @@
+2017-12-18  Youenn Fablet  <you...@apple.com>
+
+        Service worker served response tainting should keep its tainting
+        https://bugs.webkit.org/show_bug.cgi?id=180952
+
+        Reviewed by Chris Dumez.
+
+        * http/tests/workers/service/resources/tainted-image-fetch.js:
+        (async.test): Updated erroneous test. This test is laoding a cross origin image.
+        through a service worker which instead provides a synthetic response which
+        should be considered as same origin.
+        * http/tests/workers/service/tainted-image-fetch-expected.txt:
+
 2017-12-18  Matt Lewis  <jlew...@apple.com>
 
         Marked http/tests/resourceLoadStatistics/telemetry-generation.html as flaky.

Modified: trunk/LayoutTests/http/tests/workers/service/resources/tainted-image-fetch.js (226089 => 226090)

--- trunk/LayoutTests/http/tests/workers/service/resources/tainted-image-fetch.js	2017-12-19 01:39:22 UTC (rev 226089)
+++ trunk/LayoutTests/http/tests/workers/service/resources/tainted-image-fetch.js	2017-12-19 01:55:40 UTC (rev 226090)
@@ -8,9 +8,9 @@
             canvas.getContext("2d").drawImage(frame.contentWindow.image, 0, 0);
             try {
                 canvas.toDataURL("image/jpeg");
-                log("FAIL: Image is not tainted");
+                log("PASS: Image is not tainted");
             } catch (e) {
-                log("PASS: canvas toDataURL fails with " + e);
+                log("FAIL: canvas toDataURL fails with " + e);
             }
             finishSWTest();
             return;

Modified: trunk/LayoutTests/http/tests/workers/service/tainted-image-fetch-expected.txt (226089 => 226090)

--- trunk/LayoutTests/http/tests/workers/service/tainted-image-fetch-expected.txt	2017-12-19 01:39:22 UTC (rev 226089)
+++ trunk/LayoutTests/http/tests/workers/service/tainted-image-fetch-expected.txt	2017-12-19 01:55:40 UTC (rev 226090)
@@ -6,5 +6,5 @@
 PASS: Loaded image
 Status is Got response for http://localhost:8000/resources/square100.png, status code is 200
 Image size: 100x100
-PASS: canvas toDataURL fails with SecurityError: The operation is insecure.
+PASS: Image is not tainted
 

Modified: trunk/LayoutTests/imported/w3c/ChangeLog (226089 => 226090)

--- trunk/LayoutTests/imported/w3c/ChangeLog	2017-12-19 01:39:22 UTC (rev 226089)
+++ trunk/LayoutTests/imported/w3c/ChangeLog	2017-12-19 01:55:40 UTC (rev 226090)
@@ -1,3 +1,13 @@
+2017-12-18  Youenn Fablet  <you...@apple.com>
+
+        Service worker served response tainting should keep its tainting
+        https://bugs.webkit.org/show_bug.cgi?id=180952
+
+        Reviewed by Chris Dumez.
+
+        * web-platform-tests/service-workers/service-worker/fetch-event-redirect.https-expected.txt:
+        * web-platform-tests/service-workers/service-worker/fetch-response-taint.https-expected.txt:
+
 2017-12-18  Chris Dumez  <cdu...@apple.com>
 
         We should use "error" redirect mode for fetching service worker scripts

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-event-redirect.https-expected.txt (226089 => 226090)

--- trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-event-redirect.https-expected.txt	2017-12-19 01:39:22 UTC (rev 226089)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-event-redirect.https-expected.txt	2017-12-19 01:55:40 UTC (rev 226090)
@@ -18,22 +18,22 @@
 PASS Non-navigation, manual redirect, no-cors mode Request redirected to same-origin with credentials should succeed opaqueredirect interception and response should not be redirected 
 PASS Non-navigation, manual redirect, no-cors mode Request redirected to no-cors with credentials should succeed interception and response should not be redirected 
 PASS Non-navigation, manual redirect, no-cors mode Request redirected to cors with credentials should succeed interception and response should not be redirected 
-FAIL Non-navigation, follow redirect, cors mode Request redirected to same-origin without credentials should succeed interception and response should be redirected assert_equals: response.redirected expected true but got false
+PASS Non-navigation, follow redirect, cors mode Request redirected to same-origin without credentials should succeed interception and response should be redirected 
 PASS Non-navigation, follow redirect, cors mode Request redirected to no-cors without credentials should fail interception and response should not be redirected 
-FAIL Non-navigation, follow redirect, cors mode Request redirected to cors without credentials should succeed interception and response should be redirected assert_equals: response.type expected "cors" but got "basic"
-FAIL Non-navigation, follow redirect, same-origin mode Request redirected to same-origin without credentials should succeed interception and response should be redirected assert_equals: response.redirected expected true but got false
+PASS Non-navigation, follow redirect, cors mode Request redirected to cors without credentials should succeed interception and response should be redirected 
+PASS Non-navigation, follow redirect, same-origin mode Request redirected to same-origin without credentials should succeed interception and response should be redirected 
 PASS Non-navigation, follow redirect, same-origin mode Request redirected to no-cors without credentials should fail interception and response should not be redirected 
 PASS Non-navigation, follow redirect, same-origin mode Request redirected to cors without credentials should fail interception and response should not be redirected 
-FAIL Non-navigation, follow redirect, no-cors mode Request redirected to same-origin without credentials should succeed interception and response should be redirected assert_equals: response.redirected expected true but got false
+PASS Non-navigation, follow redirect, no-cors mode Request redirected to same-origin without credentials should succeed interception and response should be redirected 
 PASS Non-navigation, follow redirect, no-cors mode Request redirected to no-cors without credentials should succeed interception and response should not be redirected 
 PASS Non-navigation, follow redirect, no-cors mode Request redirected to cors without credentials should succeed interception and response should not be redirected 
-FAIL Non-navigation, follow redirect, cors mode Request redirected to same-origin with credentials should succeed interception and response should be redirected assert_equals: response.redirected expected true but got false
+PASS Non-navigation, follow redirect, cors mode Request redirected to same-origin with credentials should succeed interception and response should be redirected 
 PASS Non-navigation, follow redirect, cors mode Request redirected to no-cors with credentials should fail interception and response should not be redirected 
 FAIL Non-navigation, follow redirect, cors mode Request redirected to cors with credentials should fail interception and response should be redirected promise_test: Unhandled rejection with value: "assert_promise_rejects: Must fail to fetch: url="" Promise did not reject."
-FAIL Non-navigation, follow redirect, same-origin mode Request redirected to same-origin with credentials should succeed interception and response should be redirected assert_equals: response.redirected expected true but got false
+PASS Non-navigation, follow redirect, same-origin mode Request redirected to same-origin with credentials should succeed interception and response should be redirected 
 PASS Non-navigation, follow redirect, same-origin mode Request redirected to no-cors with credentials should fail interception and response should not be redirected 
 PASS Non-navigation, follow redirect, same-origin mode Request redirected to cors with credentials should fail interception and response should not be redirected 
-FAIL Non-navigation, follow redirect, no-cors mode Request redirected to same-origin with credentials should succeed interception and response should be redirected assert_equals: response.redirected expected true but got false
+PASS Non-navigation, follow redirect, no-cors mode Request redirected to same-origin with credentials should succeed interception and response should be redirected 
 PASS Non-navigation, follow redirect, no-cors mode Request redirected to no-cors with credentials should succeed interception and response should not be redirected 
 PASS Non-navigation, follow redirect, no-cors mode Request redirected to cors with credentials should succeed interception and response should not be redirected 
 PASS Non-navigation, error redirect, cors mode Request redirected to same-origin without credentials should fail interception and response should not be redirected 

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-response-taint.https-expected.txt (226089 => 226090)

--- trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-response-taint.https-expected.txt	2017-12-19 01:39:22 UTC (rev 226089)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-response-taint.https-expected.txt	2017-12-19 01:55:40 UTC (rev 226090)
@@ -34,12 +34,12 @@
 PASS url:"https://127.0.0.1:9443/?url="" mode:"same-origin" credentials:"omit" should fail. 
 PASS url:"https://127.0.0.1:9443/?url="" mode:"same-origin" credentials:"same-origin" should fail. 
 PASS url:"https://127.0.0.1:9443/?url="" mode:"same-origin" credentials:"include" should fail. 
-FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"no-cors" credentials:"omit" should succeed. assert_equals: response type expected "basic" but got "opaque"
-FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"no-cors" credentials:"same-origin" should succeed. assert_equals: response type expected "basic" but got "opaque"
-FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"no-cors" credentials:"include" should succeed. assert_equals: response type expected "basic" but got "opaque"
-FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"cors" credentials:"omit" should succeed. assert_equals: response type expected "basic" but got "cors"
-FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"cors" credentials:"same-origin" should succeed. assert_equals: response type expected "basic" but got "cors"
-FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"cors" credentials:"include" should succeed. assert_equals: response type expected "basic" but got "cors"
+PASS fetching url:"https://127.0.0.1:9443/?url="" mode:"no-cors" credentials:"omit" should succeed. 
+PASS fetching url:"https://127.0.0.1:9443/?url="" mode:"no-cors" credentials:"same-origin" should succeed. 
+PASS fetching url:"https://127.0.0.1:9443/?url="" mode:"no-cors" credentials:"include" should succeed. 
+PASS fetching url:"https://127.0.0.1:9443/?url="" mode:"cors" credentials:"omit" should succeed. 
+PASS fetching url:"https://127.0.0.1:9443/?url="" mode:"cors" credentials:"same-origin" should succeed. 
+PASS fetching url:"https://127.0.0.1:9443/?url="" mode:"cors" credentials:"include" should succeed. 
 FAIL fetching url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"omit" should succeed. assert_equals: expected "username2s" but got "undefined"
 FAIL fetching url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"same-origin" should succeed. assert_equals: expected "username2s" but got "undefined"
 FAIL fetching url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"include" should succeed. assert_equals: expected "username2s" but got "undefined"
@@ -52,12 +52,12 @@
 PASS url:"https://127.0.0.1:9443/?url="" mode:"same-origin" credentials:"omit" should fail. 
 PASS url:"https://127.0.0.1:9443/?url="" mode:"same-origin" credentials:"same-origin" should fail. 
 PASS url:"https://127.0.0.1:9443/?url="" mode:"same-origin" credentials:"include" should fail. 
-FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"no-cors" credentials:"omit" should succeed. assert_equals: response type expected "basic" but got "opaque"
-FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"no-cors" credentials:"same-origin" should succeed. assert_equals: response type expected "basic" but got "opaque"
-FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"no-cors" credentials:"include" should succeed. assert_equals: response type expected "basic" but got "opaque"
-FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"cors" credentials:"omit" should succeed. assert_equals: response type expected "basic" but got "cors"
-FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"cors" credentials:"same-origin" should succeed. assert_equals: response type expected "basic" but got "cors"
-FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"cors" credentials:"include" should succeed. assert_equals: response type expected "basic" but got "cors"
+FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"no-cors" credentials:"omit" should succeed. assert_equals: expected "username2s" but got "undefined"
+FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"no-cors" credentials:"same-origin" should succeed. assert_equals: expected "username2s" but got "undefined"
+FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"no-cors" credentials:"include" should succeed. assert_equals: expected "username2s" but got "undefined"
+FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"cors" credentials:"omit" should succeed. assert_equals: expected "username2s" but got "undefined"
+FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"cors" credentials:"same-origin" should succeed. assert_equals: expected "username2s" but got "undefined"
+FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"cors" credentials:"include" should succeed. assert_equals: expected "username2s" but got "undefined"
 PASS url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"omit" should fail. 
 PASS url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"same-origin" should fail. 
 PASS url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"include" should fail. 
@@ -94,39 +94,39 @@
 PASS url:"https://127.0.0.1:9443/?url="" mode:"cors" credentials:"omit" should fail. 
 PASS url:"https://127.0.0.1:9443/?url="" mode:"cors" credentials:"same-origin" should fail. 
 PASS url:"https://127.0.0.1:9443/?url="" mode:"cors" credentials:"include" should fail. 
-FAIL fetching url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"omit" should succeed. assert_equals: response type expected "cors" but got "basic"
-FAIL fetching url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"same-origin" should succeed. assert_equals: response type expected "cors" but got "basic"
-FAIL fetching url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"include" should succeed. assert_equals: response type expected "cors" but got "basic"
-FAIL fetching url:"https://localhost:9443/?url="" mode:"no-cors" credentials:"omit" should succeed. assert_equals: response type expected "cors" but got "basic"
-FAIL fetching url:"https://localhost:9443/?url="" mode:"no-cors" credentials:"same-origin" should succeed. assert_equals: response type expected "cors" but got "basic"
-FAIL fetching url:"https://localhost:9443/?url="" mode:"no-cors" credentials:"include" should succeed. assert_equals: response type expected "cors" but got "basic"
-FAIL fetching url:"https://localhost:9443/?url="" mode:"cors" credentials:"omit" should succeed. assert_equals: response type expected "cors" but got "basic"
-FAIL fetching url:"https://localhost:9443/?url="" mode:"cors" credentials:"same-origin" should succeed. assert_equals: response type expected "cors" but got "basic"
-FAIL fetching url:"https://localhost:9443/?url="" mode:"cors" credentials:"include" should succeed. assert_equals: response type expected "cors" but got "basic"
+PASS fetching url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"omit" should succeed. 
+PASS fetching url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"same-origin" should succeed. 
+PASS fetching url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"include" should succeed. 
+PASS fetching url:"https://localhost:9443/?url="" mode:"no-cors" credentials:"omit" should succeed. 
+PASS fetching url:"https://localhost:9443/?url="" mode:"no-cors" credentials:"same-origin" should succeed. 
+PASS fetching url:"https://localhost:9443/?url="" mode:"no-cors" credentials:"include" should succeed. 
+PASS fetching url:"https://localhost:9443/?url="" mode:"cors" credentials:"omit" should succeed. 
+PASS fetching url:"https://localhost:9443/?url="" mode:"cors" credentials:"same-origin" should succeed. 
+PASS fetching url:"https://localhost:9443/?url="" mode:"cors" credentials:"include" should succeed. 
 PASS url:"https://127.0.0.1:9443/?url="" mode:"same-origin" credentials:"omit" should fail. 
 PASS url:"https://127.0.0.1:9443/?url="" mode:"same-origin" credentials:"same-origin" should fail. 
 PASS url:"https://127.0.0.1:9443/?url="" mode:"same-origin" credentials:"include" should fail. 
-FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"no-cors" credentials:"omit" should succeed. assert_equals: response type expected "cors" but got "opaque"
-FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"no-cors" credentials:"same-origin" should succeed. assert_equals: response type expected "cors" but got "opaque"
-FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"no-cors" credentials:"include" should succeed. assert_equals: response type expected "cors" but got "opaque"
+PASS fetching url:"https://127.0.0.1:9443/?url="" mode:"no-cors" credentials:"omit" should succeed. 
+PASS fetching url:"https://127.0.0.1:9443/?url="" mode:"no-cors" credentials:"same-origin" should succeed. 
+PASS fetching url:"https://127.0.0.1:9443/?url="" mode:"no-cors" credentials:"include" should succeed. 
 PASS fetching url:"https://127.0.0.1:9443/?url="" mode:"cors" credentials:"omit" should succeed. 
 PASS fetching url:"https://127.0.0.1:9443/?url="" mode:"cors" credentials:"same-origin" should succeed. 
 PASS fetching url:"https://127.0.0.1:9443/?url="" mode:"cors" credentials:"include" should succeed. 
-FAIL fetching url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"omit" should succeed. assert_equals: response type expected "cors" but got "basic"
-FAIL fetching url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"same-origin" should succeed. assert_equals: response type expected "cors" but got "basic"
-FAIL fetching url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"include" should succeed. assert_equals: response type expected "cors" but got "basic"
-FAIL fetching url:"https://localhost:9443/?url="" mode:"no-cors" credentials:"omit" should succeed. assert_equals: response type expected "cors" but got "basic"
-FAIL fetching url:"https://localhost:9443/?url="" mode:"no-cors" credentials:"same-origin" should succeed. assert_equals: response type expected "cors" but got "basic"
-FAIL fetching url:"https://localhost:9443/?url="" mode:"no-cors" credentials:"include" should succeed. assert_equals: response type expected "cors" but got "basic"
-FAIL fetching url:"https://localhost:9443/?url="" mode:"cors" credentials:"omit" should succeed. assert_equals: response type expected "cors" but got "basic"
-FAIL fetching url:"https://localhost:9443/?url="" mode:"cors" credentials:"same-origin" should succeed. assert_equals: response type expected "cors" but got "basic"
-FAIL fetching url:"https://localhost:9443/?url="" mode:"cors" credentials:"include" should succeed. assert_equals: response type expected "cors" but got "basic"
+FAIL fetching url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"omit" should succeed. assert_equals: expected "username1s" but got "undefined"
+FAIL fetching url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"same-origin" should succeed. assert_equals: expected "username1s" but got "undefined"
+FAIL fetching url:"https://localhost:9443/?url="" mode:"same-origin" credentials:"include" should succeed. assert_equals: expected "username1s" but got "undefined"
+FAIL fetching url:"https://localhost:9443/?url="" mode:"no-cors" credentials:"omit" should succeed. assert_equals: expected "username1s" but got "undefined"
+FAIL fetching url:"https://localhost:9443/?url="" mode:"no-cors" credentials:"same-origin" should succeed. assert_equals: expected "username1s" but got "undefined"
+FAIL fetching url:"https://localhost:9443/?url="" mode:"no-cors" credentials:"include" should succeed. assert_equals: expected "username1s" but got "undefined"
+FAIL fetching url:"https://localhost:9443/?url="" mode:"cors" credentials:"omit" should succeed. assert_equals: expected "username1s" but got "undefined"
+FAIL fetching url:"https://localhost:9443/?url="" mode:"cors" credentials:"same-origin" should succeed. assert_equals: expected "username1s" but got "undefined"
+FAIL fetching url:"https://localhost:9443/?url="" mode:"cors" credentials:"include" should succeed. assert_equals: expected "username1s" but got "undefined"
 PASS url:"https://127.0.0.1:9443/?url="" mode:"same-origin" credentials:"omit" should fail. 
 PASS url:"https://127.0.0.1:9443/?url="" mode:"same-origin" credentials:"same-origin" should fail. 
 PASS url:"https://127.0.0.1:9443/?url="" mode:"same-origin" credentials:"include" should fail. 
-FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"no-cors" credentials:"omit" should succeed. assert_equals: response type expected "cors" but got "opaque"
-FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"no-cors" credentials:"same-origin" should succeed. assert_equals: response type expected "cors" but got "opaque"
-FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"no-cors" credentials:"include" should succeed. assert_equals: response type expected "cors" but got "opaque"
+FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"no-cors" credentials:"omit" should succeed. assert_equals: expected "username1s" but got "undefined"
+FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"no-cors" credentials:"same-origin" should succeed. assert_equals: expected "username1s" but got "undefined"
+FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"no-cors" credentials:"include" should succeed. assert_equals: expected "username1s" but got "undefined"
 FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"cors" credentials:"omit" should succeed. assert_equals: expected "username1s" but got "undefined"
 FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"cors" credentials:"same-origin" should succeed. assert_equals: expected "username1s" but got "undefined"
 FAIL fetching url:"https://127.0.0.1:9443/?url="" mode:"cors" credentials:"include" should succeed. assert_equals: expected "username1s" but got "undefined"

Modified: trunk/Source/WebCore/ChangeLog (226089 => 226090)

--- trunk/Source/WebCore/ChangeLog	2017-12-19 01:39:22 UTC (rev 226089)
+++ trunk/Source/WebCore/ChangeLog	2017-12-19 01:55:40 UTC (rev 226090)
@@ -1,3 +1,15 @@
+2017-12-18  Youenn Fablet  <you...@apple.com>
+
+        Service worker served response tainting should keep its tainting
+        https://bugs.webkit.org/show_bug.cgi?id=180952
+
+        Reviewed by Chris Dumez.
+
+        Covered by rebased tests.
+
+        * loader/cache/CachedResource.cpp:
+        (WebCore::CachedResource::setResponse):
+
 2017-12-18  Wenson Hsieh  <wenson_hs...@apple.com>
 
         Unreviewed, attempt to fix watch and TV builds after r226085

Modified: trunk/Source/WebCore/loader/cache/CachedResource.cpp (226089 => 226090)

--- trunk/Source/WebCore/loader/cache/CachedResource.cpp	2017-12-19 01:39:22 UTC (rev 226089)
+++ trunk/Source/WebCore/loader/cache/CachedResource.cpp	2017-12-19 01:55:40 UTC (rev 226090)
@@ -471,11 +471,17 @@
 {
     ASSERT(m_response.type() == ResourceResponse::Type::Default);
     m_response = response;
+    m_varyingHeaderValues = collectVaryingRequestHeaders(m_resourceRequest, m_response, m_sessionID);
+
+#if ENABLE(SERVICE_WORKER)
+    if (m_response.source() == ResourceResponse::Source::ServiceWorker) {
+        m_responseTainting = m_response.tainting();
+        return;
+    }
+#endif
     m_response.setRedirected(m_redirectChainCacheStatus.status != RedirectChainCacheStatus::NoRedirection);
     if (m_response.tainting() == ResourceResponse::Tainting::Basic || m_response.tainting() == ResourceResponse::Tainting::Cors)
         m_response.setTainting(m_responseTainting);
-
-    m_varyingHeaderValues = collectVaryingRequestHeaders(m_resourceRequest, m_response, m_sessionID);
 }
 
 void CachedResource::responseReceived(const ResourceResponse& response)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes