Title: [230681] trunk
Revision
230681
Author
you...@apple.com
Date
2018-04-16 14:50:26 -0700 (Mon, 16 Apr 2018)

Log Message

Use NetworkLoadChecker to handle synchronous HTTP loads
https://bugs.webkit.org/show_bug.cgi?id=184240

Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

* web-platform-tests/cors/request-headers-expected.txt:
* web-platform-tests/XMLHttpRequest/access-control-and-redirects-expected.txt:
* web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt:
* web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt:

Source/WebCore:

Update LoaderStrategy::loadResourceSynchronously to pass FetchOptions directly.
Update various call sites accordingly. This allows NetworkProcess to do all necessary checks.
Add an option to disable security checks if NetworkProcess does it for WebProcess.
This option will be also used for regular asynchronous loads in future patches.

Update DocumentThreadableLoader to bypass preflighting and response validation checks in case they are done in NetworkProcess.

Covered by existing and rebased tests.

* loader/CrossOriginPreflightChecker.cpp:
(WebCore::CrossOriginPreflightChecker::doPreflight):
* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::DocumentThreadableLoader):
(WebCore::DocumentThreadableLoader::loadRequest):
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::loadResourceSynchronously):
* loader/FrameLoader.h:
* loader/LoaderStrategy.h:
* xml/XSLTProcessorLibxslt.cpp:
(WebCore::docLoaderFunc):
* xml/parser/XMLDocumentParserLibxml2.cpp:
(WebCore::openFunc):

Source/WebKit:

For every NetworkResourceLoader synchronous load, we create a NetworkLoadChecker.
NetworkLoadChecker handles all security checks in that case.
This allows supporting cross-origin loads for synchronous XHR.

Updated NetworkCORSPreflightChecker to return the result as a ResourceError.
This is used to convey any error message from NetworkProcess to the JS console.
Ensure NetworkCORSPreflightChecker computes correctly Access-Control-Request-Headers value
by providing the headers set by the application plus Referrer/Origin.

* NetworkProcess/NetworkCORSPreflightChecker.cpp:
(WebKit::NetworkCORSPreflightChecker::~NetworkCORSPreflightChecker):
(WebKit::NetworkCORSPreflightChecker::willPerformHTTPRedirection):
(WebKit::NetworkCORSPreflightChecker::didReceiveChallenge):
(WebKit::NetworkCORSPreflightChecker::didCompleteWithError):
(WebKit::NetworkCORSPreflightChecker::wasBlocked):
(WebKit::NetworkCORSPreflightChecker::cannotShowURL):
* NetworkProcess/NetworkLoadChecker.cpp:
(WebKit::NetworkLoadChecker::checkCORSRequestWithPreflight):
* NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::NetworkResourceLoader):
(WebKit::NetworkResourceLoader::retrieveCacheEntry):
(WebKit::NetworkResourceLoader::didReceiveResponse):
(WebKit::NetworkResourceLoader::willSendRedirectedRequest):
(WebKit::NetworkResourceLoader::continueWillSendRequest):
(WebKit::NetworkResourceLoader::didRetrieveCacheEntry):
(WebKit::NetworkResourceLoader::validateCacheEntry):
* NetworkProcess/NetworkResourceLoader.h:
* WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::WebLoaderStrategy::loadResourceSynchronously):
* WebProcess/Network/WebLoaderStrategy.h:

Source/WebKitLegacy:

* WebCoreSupport/WebResourceLoadScheduler.cpp:
(WebResourceLoadScheduler::loadResourceSynchronously):
* WebCoreSupport/WebResourceLoadScheduler.h:

LayoutTests:

* http/tests/xmlhttprequest/access-control-preflight-not-successful-expected.txt:
* http/wpt/beacon/cors/cors-preflight-blob-failure.html: Fix buggy assertion.
Test should check for actual request header and not header name in Access-Control-Request-Headers.
* http/wpt/beacon/cors/cors-preflight-blob-success.html: Ditto.
* platform/mac-wk1/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt: Added.
* platform/mac-wk1/http/tests/xmlhttprequest/access-control-preflight-not-successful-expected.txt: Added.
* platform/mac-wk1/http/tests/xmlhttprequest/cross-origin-no-authorization-expected.txt: Added.
* platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/access-control-and-redirects-expected.txt: Added.
* platform/win/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt: Added.
* platform/win/http/tests/xmlhttprequest/access-control-preflight-not-successful-expected.txt: Added.
* platform/win/http/tests/xmlhttprequest/cross-origin-no-authorization-expected.txt: Added.
* platform/mac-highsierra-wk2/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt.
* platform/mac-highsierra-wk2/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt.
* platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt.
* platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt.
* platform/mac-wk1/imported/w3c/web-platform-tests/cors/request-headers-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/cors/request-headers-expected.txt.
* platform/win/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt:
* platform/win/http/tests/xmlhttprequest/access-control-preflight-not-successful-expected.txt:
* platform/win/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt.
* platform/win/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt.
* platform/win/imported/w3c/web-platform-tests/cors/request-headers-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/cors/request-headers-expected.txt.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (230680 => 230681)


--- trunk/LayoutTests/ChangeLog	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/LayoutTests/ChangeLog	2018-04-16 21:50:26 UTC (rev 230681)
@@ -1,3 +1,32 @@
+2018-04-16  Youenn Fablet  <you...@apple.com>
+
+        Use NetworkLoadChecker to handle synchronous HTTP loads
+        https://bugs.webkit.org/show_bug.cgi?id=184240
+
+        Reviewed by Chris Dumez.
+
+        * http/tests/xmlhttprequest/access-control-preflight-not-successful-expected.txt:
+        * http/wpt/beacon/cors/cors-preflight-blob-failure.html: Fix buggy assertion.
+        Test should check for actual request header and not header name in Access-Control-Request-Headers.
+        * http/wpt/beacon/cors/cors-preflight-blob-success.html: Ditto.
+        * platform/mac-wk1/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt: Added.
+        * platform/mac-wk1/http/tests/xmlhttprequest/access-control-preflight-not-successful-expected.txt: Added.
+        * platform/mac-wk1/http/tests/xmlhttprequest/cross-origin-no-authorization-expected.txt: Added.
+        * platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/access-control-and-redirects-expected.txt: Added.
+        * platform/win/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt: Added.
+        * platform/win/http/tests/xmlhttprequest/access-control-preflight-not-successful-expected.txt: Added.
+        * platform/win/http/tests/xmlhttprequest/cross-origin-no-authorization-expected.txt: Added.
+        * platform/mac-highsierra-wk2/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt.
+        * platform/mac-highsierra-wk2/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt.
+        * platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt.
+        * platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt.
+        * platform/mac-wk1/imported/w3c/web-platform-tests/cors/request-headers-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/cors/request-headers-expected.txt.
+        * platform/win/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt:
+        * platform/win/http/tests/xmlhttprequest/access-control-preflight-not-successful-expected.txt:
+        * platform/win/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt.
+        * platform/win/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt.
+        * platform/win/imported/w3c/web-platform-tests/cors/request-headers-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/cors/request-headers-expected.txt.
+
 2018-04-16  Per Arne Vollan  <pvol...@apple.com>
 
         Mark css3/filters/blur-various-radii.html as a crash on Windows.

Modified: trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt (230680 => 230681)


--- trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt	2018-04-16 21:50:26 UTC (rev 230681)
@@ -1,6 +1,5 @@
 CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8000/xmlhttprequest/resources/access-control-basic-allow.cgi denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/resources/redirect.php?url="" due to access control checks.
-CONSOLE MESSAGE: line 25: XMLHttpRequest cannot load http://localhost:8000/resources/redirect.php?url="" Cross-origin redirection denied by Cross-Origin Resource Sharing policy.
 CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/resources/redirect.php?url="" due to access control checks.
 Tests that redirects between origins are never allowed, even when access control is involved.

Modified: trunk/LayoutTests/http/tests/xmlhttprequest/access-control-preflight-not-successful-expected.txt (230680 => 230681)


--- trunk/LayoutTests/http/tests/xmlhttprequest/access-control-preflight-not-successful-expected.txt	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/access-control-preflight-not-successful-expected.txt	2018-04-16 21:50:26 UTC (rev 230681)
@@ -1,4 +1,3 @@
-CONSOLE MESSAGE: line 26: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=true&access-control-allow-headers=x-webkit&access-control-allow-origin=*&url="" Cross-origin redirection denied by Cross-Origin Resource Sharing policy.
 CONSOLE MESSAGE: line 26: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=true&access-control-allow-headers=x-webkit&access-control-allow-origin=*&url="" Preflight response is not successful
 CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=true&access-control-allow-headers=x-webkit&access-control-allow-origin=*&url="" Preflight response is not successful
 CONSOLE MESSAGE: line 26: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/status-404-without-body.php. Preflight response is not successful
@@ -7,7 +6,8 @@
 
 Testing http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=true&access-control-allow-headers=x-webkit&access-control-allow-origin=*&url="" (sync)
 Expecting success: true
-FAIL: NetworkError:  A network error occurred.
+PASS: PASS: Cross-domain access allowed.
+
 Testing http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=true&access-control-allow-headers=x-webkit&access-control-allow-origin=*&url=""
 Expecting success: true
 PASS: PASS: Cross-domain access allowed.

Modified: trunk/LayoutTests/http/wpt/beacon/cors/cors-preflight-blob-failure.html (230680 => 230681)


--- trunk/LayoutTests/http/wpt/beacon/cors/cors-preflight-blob-failure.html	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/LayoutTests/http/wpt/beacon/cors/cors-preflight-blob-failure.html	2018-04-16 21:50:26 UTC (rev 230681)
@@ -39,8 +39,8 @@
       assert_equals(result['preflight_requested_method'], "POST", "Preflight requested method")
       let requested_headers = result['preflight_requested_headers'].toLowerCase()
       assert_true(requested_headers.includes("content-type"), "Content-Type header is requested")
-      assert_true(requested_headers.includes("referer"), "Referer header is requested")
-      assert_true(requested_headers.includes("origin"), "Origin header is requested")
+      assert_false(requested_headers.includes("referer"), "Referer header is requested")
+      assert_false(requested_headers.includes("origin"), "Origin header is requested")
       assert_equals(result['beacon'], 0, "Did not receive beacon")
     });
   }, "CORS preflight failure test");

Modified: trunk/LayoutTests/http/wpt/beacon/cors/cors-preflight-blob-success.html (230680 => 230681)


--- trunk/LayoutTests/http/wpt/beacon/cors/cors-preflight-blob-success.html	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/LayoutTests/http/wpt/beacon/cors/cors-preflight-blob-success.html	2018-04-16 21:50:26 UTC (rev 230681)
@@ -36,11 +36,12 @@
     return pollResult(test, id) .then(result => {
       assert_equals(result['preflight'], 1, "Received preflight")
       assert_equals(result['preflight_referer'], document.URL, "Preflight referer header")
+      assert_equals(result['preflight_origin'], 'http://localhost:8800', "Preflight origin header")
       assert_equals(result['preflight_requested_method'], "POST", "Preflight requested method")
       let requested_headers = result['preflight_requested_headers'].toLowerCase()
       assert_true(requested_headers.includes("content-type"), "Content-Type header is requested")
-      assert_true(requested_headers.includes("referer"), "Referer header is requested")
-      assert_true(requested_headers.includes("origin"), "Origin header is requested")
+      assert_false(requested_headers.includes("referer"), "Referer header is requested")
+      assert_false(requested_headers.includes("origin"), "Origin header is requested")
       assert_equals(result['beacon'], 1, "Received beacon")
     });
   }, "CORS preflight success test");

Modified: trunk/LayoutTests/imported/w3c/ChangeLog (230680 => 230681)


--- trunk/LayoutTests/imported/w3c/ChangeLog	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/LayoutTests/imported/w3c/ChangeLog	2018-04-16 21:50:26 UTC (rev 230681)
@@ -1,3 +1,15 @@
+2018-04-16  Youenn Fablet  <you...@apple.com>
+
+        Use NetworkLoadChecker to handle synchronous HTTP loads
+        https://bugs.webkit.org/show_bug.cgi?id=184240
+
+        Reviewed by Chris Dumez.
+
+        * web-platform-tests/cors/request-headers-expected.txt:
+        * web-platform-tests/XMLHttpRequest/access-control-and-redirects-expected.txt:
+        * web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt:
+        * web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt:
+
 2018-04-16  Antoine Quint  <grao...@apple.com>
 
         [Web Animations] Ensure we never return -0 through the API

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/access-control-and-redirects-expected.txt (230680 => 230681)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/access-control-and-redirects-expected.txt	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/access-control-and-redirects-expected.txt	2018-04-16 21:50:26 UTC (rev 230681)
@@ -1,9 +1,8 @@
-CONSOLE MESSAGE: line 15: XMLHttpRequest cannot load http://127.0.0.1:8800/XMLHttpRequest/resources/redirect-cors.py?location=http://127.0.0.1:8800/XMLHttpRequest/resources/access-control-basic-allow.py&allow_origin=true. Cross-origin redirection denied by Cross-Origin Resource Sharing policy.
 
 FAIL Local sync redirect to remote origin  A network error occurred.
 PASS Local async redirect to remote origin 
-FAIL Remote sync redirect to local origin  A network error occurred.
+PASS Remote sync redirect to local origin 
 PASS Remote async redirect to local origin 
-FAIL Remote sync redirect to same remote origin  A network error occurred.
+PASS Remote sync redirect to same remote origin 
 PASS Remote async redirect to same remote origin 
 

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt (230680 => 230681)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt	2018-04-16 21:50:26 UTC (rev 230681)
@@ -1,5 +1,4 @@
 Blocked access to external URL http://www1.localhost:8800/XMLHttpRequest/resources/auth2/corsenabled.py
-CONSOLE MESSAGE: line 26: XMLHttpRequest cannot load http://www1.localhost:8800/XMLHttpRequest/resources/auth2/corsenabled.py due to access control checks.
 
 FAIL XMLHttpRequest: send() - "Basic" authenticated CORS request using setRequestHeader() (expects to succeed)  A network error occurred.
 

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt (230680 => 230681)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt	2018-04-16 21:50:26 UTC (rev 230681)
@@ -1,7 +1,5 @@
 Blocked access to external URL http://www1.localhost:8800/XMLHttpRequest/resources/auth7/corsenabled.py
-CONSOLE MESSAGE: line 33: XMLHttpRequest cannot load http://www1.localhost:8800/XMLHttpRequest/resources/auth7/corsenabled.py due to access control checks.
 Blocked access to external URL http://www1.localhost:8800/XMLHttpRequest/resources/auth8/corsenabled-no-authorize.py
-CONSOLE MESSAGE: line 33: XMLHttpRequest cannot load http://www1.localhost:8800/XMLHttpRequest/resources/auth8/corsenabled-no-authorize.py due to access control checks.
 
 FAIL CORS request with setRequestHeader auth to URL accepting Authorization header assert_true: responseText should contain the right user and password expected true got false
 PASS CORS request with setRequestHeader auth to URL NOT accepting Authorization header 

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/cors/request-headers-expected.txt (230680 => 230681)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/cors/request-headers-expected.txt	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/cors/request-headers-expected.txt	2018-04-16 21:50:26 UTC (rev 230681)
@@ -1,11 +1,7 @@
 Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print
-CONSOLE MESSAGE: line 22: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print due to access control checks.
 Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print,
-CONSOLE MESSAGE: line 36: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print, due to access control checks.
 Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print
-CONSOLE MESSAGE: line 51: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print due to access control checks.
 Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT
-CONSOLE MESSAGE: line 59: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT due to access control checks.
 Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT
 Request headers
 

Copied: trunk/LayoutTests/platform/mac-wk1/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt (from rev 230680, trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt) (0 => 230681)


--- trunk/LayoutTests/platform/mac-wk1/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/platform/mac-wk1/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt	2018-04-16 21:50:26 UTC (rev 230681)
@@ -0,0 +1,29 @@
+CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8000/xmlhttprequest/resources/access-control-basic-allow.cgi denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/resources/redirect.php?url="" due to access control checks.
+CONSOLE MESSAGE: line 25: XMLHttpRequest cannot load http://localhost:8000/resources/redirect.php?url="" Cross-origin redirection denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/resources/redirect.php?url="" due to access control checks.
+Tests that redirects between origins are never allowed, even when access control is involved.
+
+Per the spec, these test cases should be allowed, but cross-origin redirects are currently unsupported in WebCore.
+
+Testing /resources/redirect.php?url="" (sync)
+Expecting success: false
+PASS: NetworkError:  A network error occurred.
+Testing /resources/redirect.php?url=""
+Expecting success: true
+PASS: PASS: Cross-domain access allowed.
+
+Testing http://localhost:8000/resources/redirect.php?url="" (sync)
+Expecting success: false
+PASS: NetworkError:  A network error occurred.
+Testing http://localhost:8000/resources/redirect.php?url=""
+Expecting success: false
+PASS: 0
+Testing http://localhost:8000/resources/redirect.php?url="" (sync)
+Expecting success: false
+PASS: NetworkError:  A network error occurred.
+Testing http://localhost:8000/resources/redirect.php?url=""
+Expecting success: false
+PASS: 0
+

Copied: trunk/LayoutTests/platform/mac-wk1/http/tests/xmlhttprequest/access-control-preflight-not-successful-expected.txt (from rev 230680, trunk/LayoutTests/http/tests/xmlhttprequest/access-control-preflight-not-successful-expected.txt) (0 => 230681)


--- trunk/LayoutTests/platform/mac-wk1/http/tests/xmlhttprequest/access-control-preflight-not-successful-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/platform/mac-wk1/http/tests/xmlhttprequest/access-control-preflight-not-successful-expected.txt	2018-04-16 21:50:26 UTC (rev 230681)
@@ -0,0 +1,33 @@
+CONSOLE MESSAGE: line 26: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=true&access-control-allow-headers=x-webkit&access-control-allow-origin=*&url="" Cross-origin redirection denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: line 26: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=true&access-control-allow-headers=x-webkit&access-control-allow-origin=*&url="" Preflight response is not successful
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=true&access-control-allow-headers=x-webkit&access-control-allow-origin=*&url="" Preflight response is not successful
+CONSOLE MESSAGE: line 26: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/status-404-without-body.php. Preflight response is not successful
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/status-404-without-body.php. Preflight response is not successful
+Tests that not successful preflight responses make preflight failing
+
+Testing http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=true&access-control-allow-headers=x-webkit&access-control-allow-origin=*&url="" (sync)
+Expecting success: true
+FAIL: NetworkError:  A network error occurred.
+Testing http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=true&access-control-allow-headers=x-webkit&access-control-allow-origin=*&url=""
+Expecting success: true
+PASS: PASS: Cross-domain access allowed.
+
+Testing http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=true&access-control-allow-headers=x-webkit&access-control-allow-origin=*&url="" (sync)
+Expecting success: false
+PASS: NetworkError:  A network error occurred.
+Testing http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=true&access-control-allow-headers=x-webkit&access-control-allow-origin=*&url=""
+Expecting success: false
+PASS: 0
+Testing http://localhost:8000/xmlhttprequest/resources/status-404-without-body.php (sync)
+Expecting success: true
+PASS: 
+Testing http://localhost:8000/xmlhttprequest/resources/status-404-without-body.php(async)
+Expecting success: true
+PASS: 
+Testing http://localhost:8000/xmlhttprequest/resources/status-404-without-body.php (sync)
+Expecting success: false
+PASS: NetworkError:  A network error occurred.
+Testing http://localhost:8000/xmlhttprequest/resources/status-404-without-body.php(async)
+Expecting success: false
+PASS: 0
+

Added: trunk/LayoutTests/platform/mac-wk1/http/tests/xmlhttprequest/cross-origin-no-authorization-expected.txt (0 => 230681)


--- trunk/LayoutTests/platform/mac-wk1/http/tests/xmlhttprequest/cross-origin-no-authorization-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/platform/mac-wk1/http/tests/xmlhttprequest/cross-origin-no-authorization-expected.txt	2018-04-16 21:50:26 UTC (rev 230681)
@@ -0,0 +1,28 @@
+CONSOLE MESSAGE: line 56: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/cross-origin-no-authorization.php. Credentials flag is true, but Access-Control-Allow-Credentials is not "true".
+CONSOLE MESSAGE: Credentials flag is true, but Access-Control-Allow-Credentials is not "true".
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/cross-origin-no-authorization.php due to access control checks.
+Start
+Trying different ways to access a password protected resource from another origin. The UA already has login and password for this protection space.
+
+You should see several PASS messages followed by a DONE
+
+SCRIPT SRC='' Should succeed, since authorization is sent for cross-origin subresource loads.
+PASS: Loaded, user test
+Cross-origin XMLHttpRequest (sync), authorization will not be sent, because withCredentials is false.
+FAIL: Loaded
+Cross-origin XMLHttpRequest (sync), testing authorization that's not allowed by the server (withCredentials is true, but access control headers are not set).
+PASS: Got an exception. NetworkError:  A network error occurred.
+Cross-origin XMLHttpRequest (sync), testing cookies.
+PASS
+Cross-origin XMLHttpRequest (async), authorization will not be sent, because withCredentials is false.
+PASS: 401 Authorization required
+Cross-origin XMLHttpRequest (async), testing authorization that's not allowed by the server (withCredentials is true, but access control headers are not set).
+PASS: Received error event.
+Cross-origin XMLHttpRequest (async), testing cookies.
+PASS
+Cross-origin XMLHttpRequest (sync), testing authorization with explicitly provided credentials that should be ignored.
+FAIL: Loaded
+Cross-origin XMLHttpRequest (async), testing authorization with explicitly provided credentials that should be ignored.
+PASS: 401 Authorization required
+DONE
+

Copied: trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/access-control-and-redirects-expected.txt (from rev 230680, trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/access-control-and-redirects-expected.txt) (0 => 230681)


--- trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/access-control-and-redirects-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/access-control-and-redirects-expected.txt	2018-04-16 21:50:26 UTC (rev 230681)
@@ -0,0 +1,9 @@
+CONSOLE MESSAGE: line 15: XMLHttpRequest cannot load http://127.0.0.1:8800/XMLHttpRequest/resources/redirect-cors.py?location=http://127.0.0.1:8800/XMLHttpRequest/resources/access-control-basic-allow.py&allow_origin=true. Cross-origin redirection denied by Cross-Origin Resource Sharing policy.
+
+FAIL Local sync redirect to remote origin  A network error occurred.
+PASS Local async redirect to remote origin 
+FAIL Remote sync redirect to local origin  A network error occurred.
+PASS Remote async redirect to local origin 
+FAIL Remote sync redirect to same remote origin  A network error occurred.
+PASS Remote async redirect to same remote origin 
+

Copied: trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt (from rev 230680, trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt) (0 => 230681)


--- trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt	2018-04-16 21:50:26 UTC (rev 230681)
@@ -0,0 +1,5 @@
+Blocked access to external URL http://www1.localhost:8800/XMLHttpRequest/resources/auth2/corsenabled.py
+CONSOLE MESSAGE: line 26: XMLHttpRequest cannot load http://www1.localhost:8800/XMLHttpRequest/resources/auth2/corsenabled.py due to access control checks.
+
+FAIL XMLHttpRequest: send() - "Basic" authenticated CORS request using setRequestHeader() (expects to succeed)  A network error occurred.
+

Copied: trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt (from rev 230680, trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt) (0 => 230681)


--- trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt	2018-04-16 21:50:26 UTC (rev 230681)
@@ -0,0 +1,8 @@
+Blocked access to external URL http://www1.localhost:8800/XMLHttpRequest/resources/auth7/corsenabled.py
+CONSOLE MESSAGE: line 33: XMLHttpRequest cannot load http://www1.localhost:8800/XMLHttpRequest/resources/auth7/corsenabled.py due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/XMLHttpRequest/resources/auth8/corsenabled-no-authorize.py
+CONSOLE MESSAGE: line 33: XMLHttpRequest cannot load http://www1.localhost:8800/XMLHttpRequest/resources/auth8/corsenabled-no-authorize.py due to access control checks.
+
+FAIL CORS request with setRequestHeader auth to URL accepting Authorization header assert_true: responseText should contain the right user and password expected true got false
+PASS CORS request with setRequestHeader auth to URL NOT accepting Authorization header 
+

Copied: trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/cors/request-headers-expected.txt (from rev 230680, trunk/LayoutTests/imported/w3c/web-platform-tests/cors/request-headers-expected.txt) (0 => 230681)


--- trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/cors/request-headers-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/cors/request-headers-expected.txt	2018-04-16 21:50:26 UTC (rev 230681)
@@ -0,0 +1,19 @@
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print
+CONSOLE MESSAGE: line 22: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print,
+CONSOLE MESSAGE: line 36: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print, due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print
+CONSOLE MESSAGE: line 51: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT
+CONSOLE MESSAGE: line 59: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT
+Request headers
+
+
+FAIL basic request header  A network error occurred.
+FAIL Simple request headers need not be in allow-headers  A network error occurred.
+PASS Unspecified request headers are disallowed 
+FAIL Strange allowheaders (case insensitive)  A network error occurred.
+PASS INVALID_STATE_ERR on setRequestHeader before open() 
+FAIL INVALID_STATE_ERR on setRequestHeader after send()  A network error occurred.
+

Copied: trunk/LayoutTests/platform/win/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt (from rev 230680, trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt) (0 => 230681)


--- trunk/LayoutTests/platform/win/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/platform/win/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt	2018-04-16 21:50:26 UTC (rev 230681)
@@ -0,0 +1,29 @@
+CONSOLE MESSAGE: Cross-origin redirection to http://127.0.0.1:8000/xmlhttprequest/resources/access-control-basic-allow.cgi denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/resources/redirect.php?url="" due to access control checks.
+CONSOLE MESSAGE: line 25: XMLHttpRequest cannot load http://localhost:8000/resources/redirect.php?url="" Cross-origin redirection denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8000/xmlhttprequest/resources/access-control-basic-allow.cgi denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/resources/redirect.php?url="" due to access control checks.
+Tests that redirects between origins are never allowed, even when access control is involved.
+
+Per the spec, these test cases should be allowed, but cross-origin redirects are currently unsupported in WebCore.
+
+Testing /resources/redirect.php?url="" (sync)
+Expecting success: false
+PASS: NetworkError:  A network error occurred.
+Testing /resources/redirect.php?url=""
+Expecting success: true
+PASS: PASS: Cross-domain access allowed.
+
+Testing http://localhost:8000/resources/redirect.php?url="" (sync)
+Expecting success: false
+PASS: NetworkError:  A network error occurred.
+Testing http://localhost:8000/resources/redirect.php?url=""
+Expecting success: false
+PASS: 0
+Testing http://localhost:8000/resources/redirect.php?url="" (sync)
+Expecting success: false
+PASS: NetworkError:  A network error occurred.
+Testing http://localhost:8000/resources/redirect.php?url=""
+Expecting success: false
+PASS: 0
+

Copied: trunk/LayoutTests/platform/win/http/tests/xmlhttprequest/access-control-preflight-not-successful-expected.txt (from rev 230680, trunk/LayoutTests/http/tests/xmlhttprequest/access-control-preflight-not-successful-expected.txt) (0 => 230681)


--- trunk/LayoutTests/platform/win/http/tests/xmlhttprequest/access-control-preflight-not-successful-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/platform/win/http/tests/xmlhttprequest/access-control-preflight-not-successful-expected.txt	2018-04-16 21:50:26 UTC (rev 230681)
@@ -0,0 +1,33 @@
+CONSOLE MESSAGE: line 26: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=true&access-control-allow-headers=x-webkit&access-control-allow-origin=*&url="" Cross-origin redirection denied by Cross-Origin Resource Sharing policy.
+CONSOLE MESSAGE: line 26: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=true&access-control-allow-headers=x-webkit&access-control-allow-origin=*&url="" Preflight response is not successful
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=true&access-control-allow-headers=x-webkit&access-control-allow-origin=*&url="" Preflight response is not successful
+CONSOLE MESSAGE: line 26: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/status-404-without-body.php. Preflight response is not successful
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/status-404-without-body.php. Preflight response is not successful
+Tests that not successful preflight responses make preflight failing
+
+Testing http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=true&access-control-allow-headers=x-webkit&access-control-allow-origin=*&url="" (sync)
+Expecting success: true
+FAIL: NetworkError:  A network error occurred.
+Testing http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=true&access-control-allow-headers=x-webkit&access-control-allow-origin=*&url=""
+Expecting success: true
+PASS: PASS: Cross-domain access allowed.
+
+Testing http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=true&access-control-allow-headers=x-webkit&access-control-allow-origin=*&url="" (sync)
+Expecting success: false
+PASS: NetworkError:  A network error occurred.
+Testing http://localhost:8000/xmlhttprequest/resources/redirect-cors.php?redirect-preflight=true&access-control-allow-headers=x-webkit&access-control-allow-origin=*&url=""
+Expecting success: false
+PASS: 0
+Testing http://localhost:8000/xmlhttprequest/resources/status-404-without-body.php (sync)
+Expecting success: true
+PASS: 
+Testing http://localhost:8000/xmlhttprequest/resources/status-404-without-body.php(async)
+Expecting success: true
+PASS: 
+Testing http://localhost:8000/xmlhttprequest/resources/status-404-without-body.php (sync)
+Expecting success: false
+PASS: NetworkError:  A network error occurred.
+Testing http://localhost:8000/xmlhttprequest/resources/status-404-without-body.php(async)
+Expecting success: false
+PASS: 0
+

Added: trunk/LayoutTests/platform/win/http/tests/xmlhttprequest/cross-origin-no-authorization-expected.txt (0 => 230681)


--- trunk/LayoutTests/platform/win/http/tests/xmlhttprequest/cross-origin-no-authorization-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/platform/win/http/tests/xmlhttprequest/cross-origin-no-authorization-expected.txt	2018-04-16 21:50:26 UTC (rev 230681)
@@ -0,0 +1,28 @@
+CONSOLE MESSAGE: line 56: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/cross-origin-no-authorization.php. Credentials flag is true, but Access-Control-Allow-Credentials is not "true".
+CONSOLE MESSAGE: Credentials flag is true, but Access-Control-Allow-Credentials is not "true".
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/cross-origin-no-authorization.php due to access control checks.
+Start
+Trying different ways to access a password protected resource from another origin. The UA already has login and password for this protection space.
+
+You should see several PASS messages followed by a DONE
+
+SCRIPT SRC='' Should succeed, since authorization is sent for cross-origin subresource loads.
+PASS: Loaded, user test
+Cross-origin XMLHttpRequest (sync), authorization will not be sent, because withCredentials is false.
+FAIL: Loaded
+Cross-origin XMLHttpRequest (sync), testing authorization that's not allowed by the server (withCredentials is true, but access control headers are not set).
+PASS: Got an exception. NetworkError:  A network error occurred.
+Cross-origin XMLHttpRequest (sync), testing cookies.
+PASS
+Cross-origin XMLHttpRequest (async), authorization will not be sent, because withCredentials is false.
+PASS: 401 Authorization required
+Cross-origin XMLHttpRequest (async), testing authorization that's not allowed by the server (withCredentials is true, but access control headers are not set).
+PASS: Received error event.
+Cross-origin XMLHttpRequest (async), testing cookies.
+PASS
+Cross-origin XMLHttpRequest (sync), testing authorization with explicitly provided credentials that should be ignored.
+FAIL: Loaded
+Cross-origin XMLHttpRequest (async), testing authorization with explicitly provided credentials that should be ignored.
+PASS: 401 Authorization required
+DONE
+

Copied: trunk/LayoutTests/platform/win/imported/w3c/web-platform-tests/XMLHttpRequest/access-control-and-redirects-expected.txt (from rev 230680, trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/access-control-and-redirects-expected.txt) (0 => 230681)


--- trunk/LayoutTests/platform/win/imported/w3c/web-platform-tests/XMLHttpRequest/access-control-and-redirects-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/platform/win/imported/w3c/web-platform-tests/XMLHttpRequest/access-control-and-redirects-expected.txt	2018-04-16 21:50:26 UTC (rev 230681)
@@ -0,0 +1,9 @@
+CONSOLE MESSAGE: line 15: XMLHttpRequest cannot load http://127.0.0.1:8800/XMLHttpRequest/resources/redirect-cors.py?location=http://127.0.0.1:8800/XMLHttpRequest/resources/access-control-basic-allow.py&allow_origin=true. Cross-origin redirection denied by Cross-Origin Resource Sharing policy.
+
+FAIL Local sync redirect to remote origin  A network error occurred.
+PASS Local async redirect to remote origin 
+FAIL Remote sync redirect to local origin  A network error occurred.
+PASS Remote async redirect to local origin 
+FAIL Remote sync redirect to same remote origin  A network error occurred.
+PASS Remote async redirect to same remote origin 
+

Copied: trunk/LayoutTests/platform/win/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt (from rev 230680, trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt) (0 => 230681)


--- trunk/LayoutTests/platform/win/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/platform/win/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-basic-setrequestheader-expected.txt	2018-04-16 21:50:26 UTC (rev 230681)
@@ -0,0 +1,5 @@
+Blocked access to external URL http://www1.localhost:8800/XMLHttpRequest/resources/auth2/corsenabled.py
+CONSOLE MESSAGE: line 26: XMLHttpRequest cannot load http://www1.localhost:8800/XMLHttpRequest/resources/auth2/corsenabled.py due to access control checks.
+
+FAIL XMLHttpRequest: send() - "Basic" authenticated CORS request using setRequestHeader() (expects to succeed)  A network error occurred.
+

Copied: trunk/LayoutTests/platform/win/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt (from rev 230680, trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt) (0 => 230681)


--- trunk/LayoutTests/platform/win/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/platform/win/imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred-expected.txt	2018-04-16 21:50:26 UTC (rev 230681)
@@ -0,0 +1,8 @@
+Blocked access to external URL http://www1.localhost:8800/XMLHttpRequest/resources/auth7/corsenabled.py
+CONSOLE MESSAGE: line 33: XMLHttpRequest cannot load http://www1.localhost:8800/XMLHttpRequest/resources/auth7/corsenabled.py due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/XMLHttpRequest/resources/auth8/corsenabled-no-authorize.py
+CONSOLE MESSAGE: line 33: XMLHttpRequest cannot load http://www1.localhost:8800/XMLHttpRequest/resources/auth8/corsenabled-no-authorize.py due to access control checks.
+
+FAIL CORS request with setRequestHeader auth to URL accepting Authorization header assert_true: responseText should contain the right user and password expected true got false
+PASS CORS request with setRequestHeader auth to URL NOT accepting Authorization header 
+

Copied: trunk/LayoutTests/platform/win/imported/w3c/web-platform-tests/cors/request-headers-expected.txt (from rev 230680, trunk/LayoutTests/imported/w3c/web-platform-tests/cors/request-headers-expected.txt) (0 => 230681)


--- trunk/LayoutTests/platform/win/imported/w3c/web-platform-tests/cors/request-headers-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/platform/win/imported/w3c/web-platform-tests/cors/request-headers-expected.txt	2018-04-16 21:50:26 UTC (rev 230681)
@@ -0,0 +1,19 @@
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print
+CONSOLE MESSAGE: line 22: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print,
+CONSOLE MESSAGE: line 36: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print, due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print
+CONSOLE MESSAGE: line 51: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=x-print due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT
+CONSOLE MESSAGE: line 59: XMLHttpRequest cannot load http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT due to access control checks.
+Blocked access to external URL http://www1.localhost:8800/cors/resources/cors-makeheader.py?headers=,y-lol,x-PriNT,%20,,,Y-PRINT
+Request headers
+
+
+FAIL basic request header  A network error occurred.
+FAIL Simple request headers need not be in allow-headers  A network error occurred.
+PASS Unspecified request headers are disallowed 
+FAIL Strange allowheaders (case insensitive)  A network error occurred.
+PASS INVALID_STATE_ERR on setRequestHeader before open() 
+FAIL INVALID_STATE_ERR on setRequestHeader after send()  A network error occurred.
+

Modified: trunk/Source/WebCore/ChangeLog (230680 => 230681)


--- trunk/Source/WebCore/ChangeLog	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/Source/WebCore/ChangeLog	2018-04-16 21:50:26 UTC (rev 230681)
@@ -1,3 +1,33 @@
+2018-04-16  Youenn Fablet  <you...@apple.com>
+
+        Use NetworkLoadChecker to handle synchronous HTTP loads
+        https://bugs.webkit.org/show_bug.cgi?id=184240
+
+        Reviewed by Chris Dumez.
+
+        Update LoaderStrategy::loadResourceSynchronously to pass FetchOptions directly.
+        Update various call sites accordingly. This allows NetworkProcess to do all necessary checks.
+        Add an option to disable security checks if NetworkProcess does it for WebProcess.
+        This option will be also used for regular asynchronous loads in future patches.
+
+        Update DocumentThreadableLoader to bypass preflighting and response validation checks in case they are done in NetworkProcess.
+
+        Covered by existing and rebased tests.
+
+        * loader/CrossOriginPreflightChecker.cpp:
+        (WebCore::CrossOriginPreflightChecker::doPreflight):
+        * loader/DocumentThreadableLoader.cpp:
+        (WebCore::DocumentThreadableLoader::DocumentThreadableLoader):
+        (WebCore::DocumentThreadableLoader::loadRequest):
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::loadResourceSynchronously):
+        * loader/FrameLoader.h:
+        * loader/LoaderStrategy.h:
+        * xml/XSLTProcessorLibxslt.cpp:
+        (WebCore::docLoaderFunc):
+        * xml/parser/XMLDocumentParserLibxml2.cpp:
+        (WebCore::openFunc):
+
 2018-04-16  Christopher Reid  <chris.r...@sony.com>
 
         [WinCairo] Media elements should be enabled by default

Modified: trunk/Source/WebCore/loader/CrossOriginPreflightChecker.cpp (230680 => 230681)


--- trunk/Source/WebCore/loader/CrossOriginPreflightChecker.cpp	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/Source/WebCore/loader/CrossOriginPreflightChecker.cpp	2018-04-16 21:50:26 UTC (rev 230681)
@@ -130,7 +130,7 @@
     ResourceResponse response;
     RefPtr<SharedBuffer> data;
 
-    unsigned identifier = loader.document().frame()->loader().loadResourceSynchronously(preflightRequest, StoredCredentialsPolicy::DoNotUse, ClientCredentialPolicy::CannotAskClientForCredentials, error, response, data);
+    unsigned identifier = loader.document().frame()->loader().loadResourceSynchronously(preflightRequest, ClientCredentialPolicy::CannotAskClientForCredentials, FetchOptions { }, { }, error, response, data);
 
     if (!error.isNull()) {
         // If the preflight was cancelled by underlying code, it probably means the request was blocked due to some access control policy.

Modified: trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp (230680 => 230681)


--- trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp	2018-04-16 21:50:26 UTC (rev 230681)
@@ -44,6 +44,7 @@
 #include "FrameLoader.h"
 #include "InspectorInstrumentation.h"
 #include "LoadTiming.h"
+#include "LoaderStrategy.h"
 #include "Performance.h"
 #include "ProgressTracker.h"
 #include "ResourceError.h"
@@ -106,6 +107,10 @@
     // Setting a referrer header is only supported in the async code path.
     ASSERT(m_async || m_referrer.isEmpty());
 
+    // No need to do preflight if the network stack will do it for us.
+    if (!m_async && platformStrategies()->loaderStrategy()->isDoingLoadingSecurityChecks())
+        m_options.preflightPolicy = PreventPreflight;
+
     // Referrer and Origin headers should be set after the preflight if any.
     ASSERT(!request.hasHTTPReferrer() && !request.hasHTTPOrigin());
 
@@ -116,7 +121,7 @@
     ASSERT(!request.httpHeaderFields().contains(HTTPHeaderName::Origin));
 
     // Copy headers if we need to replay the request after a redirection.
-    if (m_async && m_options.mode == FetchOptions::Mode::Cors)
+    if (!m_async || m_options.mode == FetchOptions::Mode::Cors)
         m_originalHeaders = request.httpHeaderFields();
 
 #if ENABLE(SERVICE_WORKER)
@@ -509,7 +514,7 @@
         auto& frameLoader = m_document.frame()->loader();
         if (!frameLoader.mixedContentChecker().canRunInsecureContent(m_document.securityOrigin(), requestURL))
             return;
-        identifier = frameLoader.loadResourceSynchronously(request, m_options.storedCredentialsPolicy, m_options.clientCredentialPolicy, error, response, data);
+        identifier = frameLoader.loadResourceSynchronously(request, m_options.clientCredentialPolicy, m_options, *m_originalHeaders, error, response, data);
     }
 
     loadTiming.setResponseEnd(MonotonicTime::now());
@@ -526,31 +531,33 @@
         return;
     }
 
-    // FIXME: FrameLoader::loadSynchronously() does not tell us whether a redirect happened or not, so we guess by comparing the
-    // request and response URLs. This isn't a perfect test though, since a server can serve a redirect to the same URL that was
-    // requested. Also comparing the request and response URLs as strings will fail if the requestURL still has its credentials.
-    bool didRedirect = requestURL != response.url();
-    if (didRedirect) {
-        if (!isAllowedByContentSecurityPolicy(response.url(), ContentSecurityPolicy::RedirectResponseReceived::Yes)) {
-            reportContentSecurityPolicyError(requestURL);
-            return;
+    if (!platformStrategies()->loaderStrategy()->isDoingLoadingSecurityChecks()) {
+        // FIXME: FrameLoader::loadSynchronously() does not tell us whether a redirect happened or not, so we guess by comparing the
+        // request and response URLs. This isn't a perfect test though, since a server can serve a redirect to the same URL that was
+        // requested. Also comparing the request and response URLs as strings will fail if the requestURL still has its credentials.
+        bool didRedirect = requestURL != response.url();
+        if (didRedirect) {
+            if (!isAllowedByContentSecurityPolicy(response.url(), ContentSecurityPolicy::RedirectResponseReceived::Yes)) {
+                reportContentSecurityPolicyError(requestURL);
+                return;
+            }
+            if (!isAllowedRedirect(response.url())) {
+                reportCrossOriginResourceSharingError(requestURL);
+                return;
+            }
         }
-        if (!isAllowedRedirect(response.url())) {
-            reportCrossOriginResourceSharingError(requestURL);
-            return;
-        }
-    }
 
-    if (!m_sameOriginRequest) {
-        if (m_options.mode == FetchOptions::Mode::NoCors)
-            response.setTainting(ResourceResponse::Tainting::Opaque);
-        else {
-            ASSERT(m_options.mode == FetchOptions::Mode::Cors);
-            response.setTainting(ResourceResponse::Tainting::Cors);
-            String accessControlErrorDescription;
-            if (!passesAccessControlCheck(response, m_options.storedCredentialsPolicy, securityOrigin(), accessControlErrorDescription)) {
-                logErrorAndFail(ResourceError(errorDomainWebKitInternal, 0, response.url(), accessControlErrorDescription, ResourceError::Type::AccessControl));
-                return;
+        if (!m_sameOriginRequest) {
+            if (m_options.mode == FetchOptions::Mode::NoCors)
+                response.setTainting(ResourceResponse::Tainting::Opaque);
+            else {
+                ASSERT(m_options.mode == FetchOptions::Mode::Cors);
+                response.setTainting(ResourceResponse::Tainting::Cors);
+                String accessControlErrorDescription;
+                if (!passesAccessControlCheck(response, m_options.storedCredentialsPolicy, securityOrigin(), accessControlErrorDescription)) {
+                    logErrorAndFail(ResourceError(errorDomainWebKitInternal, 0, response.url(), accessControlErrorDescription, ResourceError::Type::AccessControl));
+                    return;
+                }
             }
         }
     }

Modified: trunk/Source/WebCore/loader/FrameLoader.cpp (230680 => 230681)


--- trunk/Source/WebCore/loader/FrameLoader.cpp	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/Source/WebCore/loader/FrameLoader.cpp	2018-04-16 21:50:26 UTC (rev 230681)
@@ -2835,7 +2835,7 @@
     });
 }
 
-unsigned long FrameLoader::loadResourceSynchronously(const ResourceRequest& request, StoredCredentialsPolicy storedCredentialsPolicy, ClientCredentialPolicy clientCredentialPolicy, ResourceError& error, ResourceResponse& response, RefPtr<SharedBuffer>& data)
+unsigned long FrameLoader::loadResourceSynchronously(const ResourceRequest& request, ClientCredentialPolicy clientCredentialPolicy, const FetchOptions& options, const HTTPHeaderMap& originalRequestHeaders, ResourceError& error, ResourceResponse& response, RefPtr<SharedBuffer>& data)
 {
     ASSERT(m_frame.document());
     String referrer = SecurityPolicy::generateReferrerHeader(m_frame.document()->referrerPolicy(), request.url(), outgoingReferrer());
@@ -2879,7 +2879,7 @@
 
         if (!documentLoader()->applicationCacheHost().maybeLoadSynchronously(newRequest, error, response, data)) {
             Vector<char> buffer;
-            platformStrategies()->loaderStrategy()->loadResourceSynchronously(*this, identifier, newRequest, storedCredentialsPolicy, clientCredentialPolicy, error, response, buffer);
+            platformStrategies()->loaderStrategy()->loadResourceSynchronously(*this, identifier, newRequest, clientCredentialPolicy, options, originalRequestHeaders, error, response, buffer);
             data = ""
             documentLoader()->applicationCacheHost().maybeLoadFallbackSynchronously(newRequest, error, response, data);
             ResourceLoadObserver::shared().logSubresourceLoading(&m_frame, newRequest, response);

Modified: trunk/Source/WebCore/loader/FrameLoader.h (230680 => 230681)


--- trunk/Source/WebCore/loader/FrameLoader.h	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/Source/WebCore/loader/FrameLoader.h	2018-04-16 21:50:26 UTC (rev 230681)
@@ -118,7 +118,7 @@
 #if ENABLE(WEB_ARCHIVE) || ENABLE(MHTML)
     WEBCORE_EXPORT void loadArchive(Ref<Archive>&&);
 #endif
-    unsigned long loadResourceSynchronously(const ResourceRequest&, StoredCredentialsPolicy, ClientCredentialPolicy, ResourceError&, ResourceResponse&, RefPtr<SharedBuffer>& data);
+    unsigned long loadResourceSynchronously(const ResourceRequest&, ClientCredentialPolicy, const FetchOptions&, const HTTPHeaderMap&, ResourceError&, ResourceResponse&, RefPtr<SharedBuffer>& data);
 
     void changeLocation(FrameLoadRequest&&);
     WEBCORE_EXPORT void urlSelected(const URL&, const String& target, Event*, LockHistory, LockBackForwardList, ShouldSendReferrer, ShouldOpenExternalURLsPolicy, std::optional<NewFrameOpenerPolicy> = std::nullopt, const AtomicString& downloadAttribute = nullAtom());

Modified: trunk/Source/WebCore/loader/LoaderStrategy.h (230680 => 230681)


--- trunk/Source/WebCore/loader/LoaderStrategy.h	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/Source/WebCore/loader/LoaderStrategy.h	2018-04-16 21:50:26 UTC (rev 230681)
@@ -25,6 +25,7 @@
 
 #pragma once
 
+#include "FetchOptions.h"
 #include "ResourceLoadPriority.h"
 #include "ResourceLoaderOptions.h"
 #include "StoredCredentialsPolicy.h"
@@ -55,7 +56,7 @@
 class WEBCORE_EXPORT LoaderStrategy {
 public:
     virtual void loadResource(Frame&, CachedResource&, ResourceRequest&&, const ResourceLoaderOptions&, CompletionHandler<void(RefPtr<SubresourceLoader>&&)>&&) = 0;
-    virtual void loadResourceSynchronously(FrameLoader&, unsigned long identifier, const ResourceRequest&, StoredCredentialsPolicy, ClientCredentialPolicy, ResourceError&, ResourceResponse&, Vector<char>& data) = 0;
+    virtual void loadResourceSynchronously(FrameLoader&, unsigned long identifier, const ResourceRequest&, ClientCredentialPolicy, const FetchOptions&, const HTTPHeaderMap&, ResourceError&, ResourceResponse&, Vector<char>& data) = 0;
 
     virtual void remove(ResourceLoader*) = 0;
     virtual void setDefersLoading(ResourceLoader*, bool) = 0;
@@ -78,6 +79,8 @@
     virtual bool isOnLine() const = 0;
     virtual void addOnlineStateChangeListener(WTF::Function<void(bool)>&&) = 0;
 
+    virtual bool isDoingLoadingSecurityChecks() const { return false; }
+
 protected:
     virtual ~LoaderStrategy();
 };

Modified: trunk/Source/WebCore/xml/XSLTProcessorLibxslt.cpp (230680 => 230681)


--- trunk/Source/WebCore/xml/XSLTProcessorLibxslt.cpp	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/Source/WebCore/xml/XSLTProcessorLibxslt.cpp	2018-04-16 21:50:26 UTC (rev 230681)
@@ -111,7 +111,10 @@
 
         bool requestAllowed = globalCachedResourceLoader->frame() && globalCachedResourceLoader->document()->securityOrigin().canRequest(url);
         if (requestAllowed) {
-            globalCachedResourceLoader->frame()->loader().loadResourceSynchronously(url, StoredCredentialsPolicy::Use, ClientCredentialPolicy::MayAskClientForCredentials, error, response, data);
+            FetchOptions options;
+            options.mode = FetchOptions::Mode::SameOrigin;
+            options.credentials = FetchOptions::Credentials::Include;
+            globalCachedResourceLoader->frame()->loader().loadResourceSynchronously(url, ClientCredentialPolicy::MayAskClientForCredentials, options, { }, error, response, data);
             if (error.isNull())
                 requestAllowed = globalCachedResourceLoader->document()->securityOrigin().canRequest(response.url());
             else if (data)

Modified: trunk/Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp (230680 => 230681)


--- trunk/Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp	2018-04-16 21:50:26 UTC (rev 230681)
@@ -448,8 +448,12 @@
         XMLDocumentParserScope scope(nullptr);
         // FIXME: We should restore the original global error handler as well.
 
-        if (cachedResourceLoader->frame())
-            cachedResourceLoader->frame()->loader().loadResourceSynchronously(url, StoredCredentialsPolicy::Use, ClientCredentialPolicy::MayAskClientForCredentials, error, response, data);
+        if (cachedResourceLoader->frame()) {
+            FetchOptions options;
+            options.mode = FetchOptions::Mode::SameOrigin;
+            options.credentials = FetchOptions::Credentials::Include;
+            cachedResourceLoader->frame()->loader().loadResourceSynchronously(url, ClientCredentialPolicy::MayAskClientForCredentials, options, { }, error, response, data);
+        }
     }
 
     // We have to check the URL again after the load to catch redirects.

Modified: trunk/Source/WebKit/ChangeLog (230680 => 230681)


--- trunk/Source/WebKit/ChangeLog	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/Source/WebKit/ChangeLog	2018-04-16 21:50:26 UTC (rev 230681)
@@ -1,3 +1,41 @@
+2018-04-16  Youenn Fablet  <you...@apple.com>
+
+        Use NetworkLoadChecker to handle synchronous HTTP loads
+        https://bugs.webkit.org/show_bug.cgi?id=184240
+
+        Reviewed by Chris Dumez.
+
+        For every NetworkResourceLoader synchronous load, we create a NetworkLoadChecker.
+        NetworkLoadChecker handles all security checks in that case.
+        This allows supporting cross-origin loads for synchronous XHR.
+
+        Updated NetworkCORSPreflightChecker to return the result as a ResourceError.
+        This is used to convey any error message from NetworkProcess to the JS console.
+        Ensure NetworkCORSPreflightChecker computes correctly Access-Control-Request-Headers value
+        by providing the headers set by the application plus Referrer/Origin.
+
+        * NetworkProcess/NetworkCORSPreflightChecker.cpp:
+        (WebKit::NetworkCORSPreflightChecker::~NetworkCORSPreflightChecker):
+        (WebKit::NetworkCORSPreflightChecker::willPerformHTTPRedirection):
+        (WebKit::NetworkCORSPreflightChecker::didReceiveChallenge):
+        (WebKit::NetworkCORSPreflightChecker::didCompleteWithError):
+        (WebKit::NetworkCORSPreflightChecker::wasBlocked):
+        (WebKit::NetworkCORSPreflightChecker::cannotShowURL):
+        * NetworkProcess/NetworkLoadChecker.cpp:
+        (WebKit::NetworkLoadChecker::checkCORSRequestWithPreflight):
+        * NetworkProcess/NetworkResourceLoader.cpp:
+        (WebKit::NetworkResourceLoader::NetworkResourceLoader):
+        (WebKit::NetworkResourceLoader::retrieveCacheEntry):
+        (WebKit::NetworkResourceLoader::didReceiveResponse):
+        (WebKit::NetworkResourceLoader::willSendRedirectedRequest):
+        (WebKit::NetworkResourceLoader::continueWillSendRequest):
+        (WebKit::NetworkResourceLoader::didRetrieveCacheEntry):
+        (WebKit::NetworkResourceLoader::validateCacheEntry):
+        * NetworkProcess/NetworkResourceLoader.h:
+        * WebProcess/Network/WebLoaderStrategy.cpp:
+        (WebKit::WebLoaderStrategy::loadResourceSynchronously):
+        * WebProcess/Network/WebLoaderStrategy.h:
+
 2018-04-16  Brian Burg  <bb...@apple.com>
 
         [Cocoa] Web Automation: add SPI to terminate automation session and disconnect the remote end

Modified: trunk/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.cpp (230680 => 230681)


--- trunk/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.cpp	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.cpp	2018-04-16 21:50:26 UTC (rev 230681)
@@ -53,7 +53,7 @@
         m_task->cancel();
     }
     if (m_completionCallback)
-        m_completionCallback(Result::Canceled);
+        m_completionCallback(ResourceError { ResourceError::Type::Cancellation });
 }
 
 void NetworkCORSPreflightChecker::startPreflight()
@@ -62,7 +62,7 @@
 
     NetworkLoadParameters loadParameters;
     loadParameters.sessionID = m_parameters.sessionID;
-    loadParameters.request = createAccessControlPreflightRequest(m_parameters.originalRequest, m_parameters.sourceOrigin, m_parameters.originalRequest.httpReferrer());
+    loadParameters.request = createAccessControlPreflightRequest(m_parameters.originalRequest, m_parameters.sourceOrigin, m_parameters.referrer);
     loadParameters.shouldFollowRedirects = false;
     if (auto* networkSession = SessionTracker::networkSession(loadParameters.sessionID)) {
         m_task = NetworkDataTask::create(*networkSession, *this, WTFMove(loadParameters));
@@ -71,11 +71,11 @@
         ASSERT_NOT_REACHED();
 }
 
-void NetworkCORSPreflightChecker::willPerformHTTPRedirection(WebCore::ResourceResponse&&, WebCore::ResourceRequest&&, RedirectCompletionHandler&& completionHandler)
+void NetworkCORSPreflightChecker::willPerformHTTPRedirection(WebCore::ResourceResponse&& response, WebCore::ResourceRequest&&, RedirectCompletionHandler&& completionHandler)
 {
     RELEASE_LOG_IF_ALLOWED("willPerformHTTPRedirection");
     completionHandler({ });
-    m_completionCallback(Result::Failure);
+    m_completionCallback(ResourceError { errorDomainWebKitInternal, 0, m_parameters.originalRequest.url(), ASCIILiteral("Preflight response is not successful"), ResourceError::Type::AccessControl });
 }
 
 void NetworkCORSPreflightChecker::didReceiveChallenge(const WebCore::AuthenticationChallenge&, ChallengeCompletionHandler&& completionHandler)
@@ -82,7 +82,7 @@
 {
     RELEASE_LOG_IF_ALLOWED("didReceiveChallenge");
     completionHandler(AuthenticationChallengeDisposition::Cancel, { });
-    m_completionCallback(Result::Failure);
+    m_completionCallback(ResourceError { errorDomainWebKitInternal, 0, m_parameters.originalRequest.url(), ASCIILiteral("Preflight response is not successful"), ResourceError::Type::AccessControl });
 }
 
 void NetworkCORSPreflightChecker::didReceiveResponseNetworkSession(WebCore::ResourceResponse&& response, ResponseCompletionHandler&& completionHandler)
@@ -101,7 +101,7 @@
 {
     if (!error.isNull()) {
         RELEASE_LOG_IF_ALLOWED("didCompleteWithError");
-        m_completionCallback(Result::Failure);
+        m_completionCallback(ResourceError { errorDomainWebKitInternal, 0, m_parameters.originalRequest.url(), ASCIILiteral("Preflight response is not successful"), ResourceError::Type::AccessControl });
         return;
     }
 
@@ -110,10 +110,10 @@
     String errorDescription;
     if (!validatePreflightResponse(m_parameters.originalRequest, m_response, m_parameters.storedCredentialsPolicy, m_parameters.sourceOrigin, errorDescription)) {
         RELEASE_LOG_IF_ALLOWED("didComplete, AccessControl error: %s", errorDescription.utf8().data());
-        m_completionCallback(Result::Failure);
+        m_completionCallback(ResourceError { errorDomainWebKitInternal, 0, m_parameters.originalRequest.url(), errorDescription, ResourceError::Type::AccessControl });
         return;
     }
-    m_completionCallback(Result::Success);
+    m_completionCallback(ResourceError { });
 }
 
 void NetworkCORSPreflightChecker::didSendData(uint64_t totalBytesSent, uint64_t totalBytesExpectedToSend)
@@ -123,13 +123,13 @@
 void NetworkCORSPreflightChecker::wasBlocked()
 {
     RELEASE_LOG_IF_ALLOWED("wasBlocked");
-    m_completionCallback(Result::Failure);
+    m_completionCallback(ResourceError { errorDomainWebKitInternal, 0, m_parameters.originalRequest.url(), ASCIILiteral("Preflight request was blocked"), ResourceError::Type::AccessControl });
 }
 
 void NetworkCORSPreflightChecker::cannotShowURL()
 {
     RELEASE_LOG_IF_ALLOWED("cannotShowURL");
-    m_completionCallback(Result::Failure);
+    m_completionCallback(ResourceError { errorDomainWebKitInternal, 0, m_parameters.originalRequest.url(), ASCIILiteral("Preflight response was blocked"), ResourceError::Type::AccessControl });
 }
 
 } // Namespace WebKit

Modified: trunk/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.h (230680 => 230681)


--- trunk/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.h	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.h	2018-04-16 21:50:26 UTC (rev 230681)
@@ -33,6 +33,7 @@
 #include <wtf/CompletionHandler.h>
 
 namespace WebCore {
+class ResourceError;
 class SecurityOrigin;
 }
 
@@ -44,11 +45,11 @@
     struct Parameters {
         WebCore::ResourceRequest originalRequest;
         Ref<WebCore::SecurityOrigin> sourceOrigin;
+        String referrer;
         PAL::SessionID sessionID;
         WebCore::StoredCredentialsPolicy storedCredentialsPolicy;
     };
-    enum class Result { Success, Failure, Canceled };
-    using CompletionCallback = CompletionHandler<void(Result)>;
+    using CompletionCallback = CompletionHandler<void(WebCore::ResourceError&&)>;
 
     NetworkCORSPreflightChecker(Parameters&&, CompletionCallback&&);
     ~NetworkCORSPreflightChecker();

Modified: trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp (230680 => 230681)


--- trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp	2018-04-16 21:50:26 UTC (rev 230681)
@@ -238,26 +238,28 @@
         return;
     }
 
+    auto requestForPreflight = request;
+    // We need to set header fields to m_originalRequestHeaders to correctly compute Access-Control-Request-Headers header value.
+    requestForPreflight.setHTTPHeaderFields(m_originalRequestHeaders);
     NetworkCORSPreflightChecker::Parameters parameters = {
-        WTFMove(request),
+        WTFMove(requestForPreflight),
         *m_origin,
+        request.httpReferrer(),
         m_sessionID,
         m_storedCredentialsPolicy
     };
-    m_corsPreflightChecker = std::make_unique<NetworkCORSPreflightChecker>(WTFMove(parameters), [this, handler = WTFMove(handler)](auto result) {
-        if (result == NetworkCORSPreflightChecker::Result::Canceled) {
-            handler(makeUnexpected(ResourceError { String { }, 0, m_url, String { }, ResourceError::Type::Cancellation }));
+    m_corsPreflightChecker = std::make_unique<NetworkCORSPreflightChecker>(WTFMove(parameters), [this, request = WTFMove(request), handler = WTFMove(handler)](auto&& error) mutable {
+        if (error.isCancellation())
             return;
-        }
 
-        RELEASE_LOG_IF_ALLOWED("checkCORSRequestWithPreflight - makeCrossOriginAccessRequestWithPreflight preflight complete, success: %d forRedirect? %d", result == NetworkCORSPreflightChecker::Result::Success, isRedirected());
+        RELEASE_LOG_IF_ALLOWED("checkCORSRequestWithPreflight - makeCrossOriginAccessRequestWithPreflight preflight complete, success: %d forRedirect? %d", error.isNull(), isRedirected());
 
-        auto corsPreflightChecker = WTFMove(m_corsPreflightChecker);
-        if (result == NetworkCORSPreflightChecker::Result::Failure) {
-            handler(this->returnError("Load cannot proceed due to preflight failure"));
+        if (!error.isNull()) {
+            handler(makeUnexpected(WTFMove(error)));
             return;
         }
-        auto request = corsPreflightChecker->originalRequest();
+
+        auto corsPreflightChecker = WTFMove(m_corsPreflightChecker);
         updateRequestForAccessControl(request, *m_origin, m_storedCredentialsPolicy);
         handler(WTFMove(request));
     });

Modified: trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp (230680 => 230681)


--- trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp	2018-04-16 21:50:26 UTC (rev 230681)
@@ -32,6 +32,7 @@
 #include "NetworkCache.h"
 #include "NetworkConnectionToWebProcess.h"
 #include "NetworkLoad.h"
+#include "NetworkLoadChecker.h"
 #include "NetworkProcess.h"
 #include "NetworkProcessConnectionMessages.h"
 #include "SessionTracker.h"
@@ -106,8 +107,10 @@
         }
     }
 
-    if (synchronousReply)
+    if (synchronousReply) {
+        m_networkLoadChecker = NetworkLoadChecker::create(FetchOptions { m_parameters.options }, m_parameters.sessionID, HTTPHeaderMap { m_parameters.originalRequestHeaders }, URL { m_parameters.request.url() }, m_parameters.sourceOrigin.copyRef());
         m_synchronousLoadData = std::make_unique<SynchronousLoadData>(WTFMove(synchronousReply));
+    }
 }
 
 NetworkResourceLoader::~NetworkResourceLoader()
@@ -161,6 +164,24 @@
     ASSERT(!m_wasStarted);
     m_wasStarted = true;
 
+    if (m_networkLoadChecker) {
+        m_networkLoadChecker->check(ResourceRequest { originalRequest() }, [this] (auto&& result) {
+            if (!result.has_value()) {
+                if (!result.error().isCancellation())
+                    this->didFailLoading(result.error());
+                return;
+            }
+            if (this->canUseCache(this->originalRequest())) {
+                RELEASE_LOG_IF_ALLOWED("start: Checking cache for resource (pageID = %" PRIu64 ", frameID = %" PRIu64 ", resourceID = %" PRIu64 ", isMainResource = %d, isSynchronous = %d)", m_parameters.webPageID, m_parameters.webFrameID, m_parameters.identifier, this->isMainResource(), this->isSynchronous());
+                this->retrieveCacheEntry(this->originalRequest());
+                return;
+            }
+
+            this->startNetworkLoad(WTFMove(result.value()));
+        });
+        return;
+    }
+    // FIXME: Remove that code path once m_networkLoadChecker is used for all network loads.
     if (canUseCache(originalRequest())) {
         RELEASE_LOG_IF_ALLOWED("start: Checking cache for resource (pageID = %" PRIu64 ", frameID = %" PRIu64 ", resourceID = %" PRIu64 ", isMainResource = %d, isSynchronous = %d)", m_parameters.webPageID, m_parameters.webFrameID, m_parameters.identifier, isMainResource(), isSynchronous());
         retrieveCacheEntry(originalRequest());
@@ -222,6 +243,8 @@
 
     NetworkLoadParameters parameters = m_parameters;
     parameters.defersLoading = m_defersLoading;
+    if (m_networkLoadChecker)
+        parameters.storedCredentialsPolicy = m_networkLoadChecker->storedCredentialsPolicy();
 
     if (request.url().protocolIsBlob())
         parameters.blobFileReferences = NetworkBlobRegistry::singleton().filesInBlob(m_connection, originalRequest().url());
@@ -313,6 +336,16 @@
 {
     RELEASE_LOG_IF_ALLOWED("didReceiveResponse: (pageID = %" PRIu64 ", frameID = %" PRIu64 ", resourceID = %" PRIu64 ", httpStatusCode = %d, length = %" PRId64 ")", m_parameters.webPageID, m_parameters.webFrameID, m_parameters.identifier, receivedResponse.httpStatusCode(), receivedResponse.expectedContentLength());
 
+    if (isSynchronous()) {
+        auto error = m_networkLoadChecker->validateResponse(receivedResponse);
+        if (!error.isNull()) {
+            m_synchronousLoadData->error = WTFMove(error);
+            sendReplyToSynchronousRequest(*m_synchronousLoadData, nullptr);
+            cleanup();
+            return ShouldContinueDidReceiveResponse::No;
+        }
+    }
+
     m_response = WTFMove(receivedResponse);
 
     // For multipart/x-mixed-replace didReceiveResponseAsync gets called multiple times and buffering would require special handling.
@@ -445,18 +478,26 @@
     ++m_redirectCount;
 
     if (isSynchronous()) {
-        ResourceRequest overridenRequest = redirectRequest;
-        // FIXME: This needs to be fixed to follow the redirect correctly even for cross-domain requests.
-        // This includes at least updating host records, and comparing the current request instead of the original request here.
-        if (!protocolHostAndPortAreEqual(originalRequest().url(), redirectRequest.url())) {
-            ASSERT(m_synchronousLoadData->error.isNull());
-            m_synchronousLoadData->error = SynchronousLoaderClient::platformBadResponseError();
-            m_networkLoad->clearCurrentRequest();
-            overridenRequest = ResourceRequest();
-        }
-        // We do not support prompting for credentials for synchronous loads. If we ever change this policy then
-        // we need to take care to prompt if and only if request and redirectRequest are not mixed content.
-        continueWillSendRequest(WTFMove(overridenRequest), false);
+        m_networkLoadChecker->checkRedirection(redirectResponse, WTFMove(redirectRequest), [protectedThis = makeRef(*this), this, storedCredentialsPolicy = m_networkLoadChecker->storedCredentialsPolicy()](auto&& result) {
+            if (!result.has_value()) {
+                m_synchronousLoadData->error = SynchronousLoaderClient::platformBadResponseError();
+                m_networkLoad->clearCurrentRequest();
+                this->continueWillSendRequest(ResourceRequest { }, false);
+                return;
+            }
+
+            // FIXME: We need to handle SameOrigin credentials properly, for now we bail out.
+            if (storedCredentialsPolicy != m_networkLoadChecker->storedCredentialsPolicy()) {
+                m_synchronousLoadData->error = SynchronousLoaderClient::platformBadResponseError();
+                m_networkLoad->clearCurrentRequest();
+                this->continueWillSendRequest(ResourceRequest { }, false);
+                return;
+            }
+
+            // We do not support prompting for credentials for synchronous loads. If we ever change this policy then
+            // we need to take care to prompt if and only if request and redirectRequest are not mixed content.
+            this->continueWillSendRequest(WTFMove(result.value()), false);
+        });
         return;
     }
     if (canUseCachedRedirect(request))
@@ -579,14 +620,24 @@
 
 void NetworkResourceLoader::didRetrieveCacheEntry(std::unique_ptr<NetworkCache::Entry> entry)
 {
-    auto response = sanitizeResponseIfPossible(ResourceResponse { entry->response() }, ResourceResponse::SanitizationType::CrossOriginSafe);
     if (isSynchronous()) {
-        m_synchronousLoadData->response = WTFMove(response);
+        auto response = entry->response();
+        auto error = m_networkLoadChecker->validateResponse(response);
+        if (!error.isNull()) {
+            m_synchronousLoadData->error = WTFMove(error);
+            m_synchronousLoadData->response = { };
+            sendReplyToSynchronousRequest(*m_synchronousLoadData, nullptr);
+            cleanup();
+            return;
+        }
+
+        m_synchronousLoadData->response = sanitizeResponseIfPossible(WTFMove(response), ResourceResponse::SanitizationType::CrossOriginSafe);
         sendReplyToSynchronousRequest(*m_synchronousLoadData, entry->buffer());
         cleanup();
         return;
     }
 
+    auto response = sanitizeResponseIfPossible(ResourceResponse { entry->response() }, ResourceResponse::SanitizationType::CrossOriginSafe);
     bool needsContinueDidReceiveResponseMessage = isMainResource();
     send(Messages::WebResourceLoader::DidReceiveResponse { response, needsContinueDidReceiveResponseMessage });
 

Modified: trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.h (230680 => 230681)


--- trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.h	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.h	2018-04-16 21:50:26 UTC (rev 230681)
@@ -45,6 +45,7 @@
 
 class NetworkConnectionToWebProcess;
 class NetworkLoad;
+class NetworkLoadChecker;
 class SandboxExtension;
 
 namespace NetworkCache {
@@ -179,6 +180,7 @@
     std::unique_ptr<NetworkCache::Entry> m_cacheEntryForValidation;
     bool m_isWaitingContinueWillSendRequestForCachedRedirect { false };
     std::unique_ptr<NetworkCache::Entry> m_cacheEntryWaitingForContinueDidReceiveResponse;
+    RefPtr<NetworkLoadChecker> m_networkLoadChecker;
 };
 
 } // namespace WebKit

Modified: trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp (230680 => 230681)


--- trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp	2018-04-16 21:50:26 UTC (rev 230681)
@@ -415,8 +415,14 @@
     return true;
 }
 
-void WebLoaderStrategy::loadResourceSynchronously(FrameLoader& frameLoader, unsigned long resourceLoadIdentifier, const ResourceRequest& request, StoredCredentialsPolicy storedCredentialsPolicy, ClientCredentialPolicy clientCredentialPolicy, ResourceError& error, ResourceResponse& response, Vector<char>& data)
+void WebLoaderStrategy::loadResourceSynchronously(FrameLoader& frameLoader, unsigned long resourceLoadIdentifier, const ResourceRequest& request, ClientCredentialPolicy clientCredentialPolicy,  const FetchOptions& options, const HTTPHeaderMap& originalRequestHeaders, ResourceError& error, ResourceResponse& response, Vector<char>& data)
 {
+    auto* document = frameLoader.frame().document();
+    if (!document) {
+        error = internalError(request.url());
+        return;
+    }
+
     WebFrameLoaderClient* webFrameLoaderClient = toWebFrameLoaderClient(frameLoader.client());
     WebFrame* webFrame = webFrameLoaderClient ? webFrameLoaderClient->webFrame() : nullptr;
     WebPage* webPage = webFrame ? webFrame->page() : nullptr;
@@ -429,13 +435,19 @@
     loadParameters.request = request;
     loadParameters.contentSniffingPolicy = SniffContent;
     loadParameters.contentEncodingSniffingPolicy = ContentEncodingSniffingPolicy::Sniff;
-    loadParameters.storedCredentialsPolicy = storedCredentialsPolicy;
+    loadParameters.storedCredentialsPolicy = options.credentials == FetchOptions::Credentials::Omit ? StoredCredentialsPolicy::DoNotUse : StoredCredentialsPolicy::Use;
     loadParameters.clientCredentialPolicy = clientCredentialPolicy;
     loadParameters.shouldClearReferrerOnHTTPSToHTTPRedirect = shouldClearReferrerOnHTTPSToHTTPRedirect(webFrame ? webFrame->coreFrame() : nullptr);
     loadParameters.shouldRestrictHTTPResponseAccess = RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess();
-    // FIXME: Use the proper destination once all fetch options are passed.
-    loadParameters.options.destination = FetchOptions::Destination::EmptyString;
 
+    loadParameters.options = options;
+    loadParameters.sourceOrigin = &document->securityOrigin();
+    if (!document->shouldBypassMainWorldContentSecurityPolicy()) {
+        if (auto* contentSecurityPolicy = document->contentSecurityPolicy())
+            loadParameters.cspResponseHeaders = contentSecurityPolicy->responseHeaders();
+    }
+    loadParameters.originalRequestHeaders = originalRequestHeaders;
+
     data.shrink(0);
 
     HangDetectionDisabler hangDetectionDisabler;

Modified: trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.h (230680 => 230681)


--- trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.h	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/Source/WebKit/WebProcess/Network/WebLoaderStrategy.h	2018-04-16 21:50:26 UTC (rev 230681)
@@ -48,7 +48,7 @@
     ~WebLoaderStrategy() final;
     
     void loadResource(WebCore::Frame&, WebCore::CachedResource&, WebCore::ResourceRequest&&, const WebCore::ResourceLoaderOptions&, CompletionHandler<void(RefPtr<WebCore::SubresourceLoader>&&)>&&) final;
-    void loadResourceSynchronously(WebCore::FrameLoader&, unsigned long resourceLoadIdentifier, const WebCore::ResourceRequest&, WebCore::StoredCredentialsPolicy, WebCore::ClientCredentialPolicy, WebCore::ResourceError&, WebCore::ResourceResponse&, Vector<char>& data) final;
+    void loadResourceSynchronously(WebCore::FrameLoader&, unsigned long resourceLoadIdentifier, const WebCore::ResourceRequest&, WebCore::ClientCredentialPolicy, const WebCore::FetchOptions&, const WebCore::HTTPHeaderMap&, WebCore::ResourceError&, WebCore::ResourceResponse&, Vector<char>& data) final;
 
     void remove(WebCore::ResourceLoader*) final;
     void setDefersLoading(WebCore::ResourceLoader*, bool) final;
@@ -83,6 +83,8 @@
     void addOnlineStateChangeListener(Function<void(bool)>&&) final;
     void setOnLineState(bool);
 
+    bool isDoingLoadingSecurityChecks() const final { return true; }
+
 private:
     void scheduleLoad(WebCore::ResourceLoader&, WebCore::CachedResource*, bool shouldClearReferrerOnHTTPSToHTTPRedirect);
     void scheduleInternallyFailedLoad(WebCore::ResourceLoader&);

Modified: trunk/Source/WebKitLegacy/ChangeLog (230680 => 230681)


--- trunk/Source/WebKitLegacy/ChangeLog	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/Source/WebKitLegacy/ChangeLog	2018-04-16 21:50:26 UTC (rev 230681)
@@ -1,3 +1,14 @@
+2018-04-16  Youenn Fablet  <you...@apple.com>
+
+        Use NetworkLoadChecker to handle synchronous HTTP loads
+        https://bugs.webkit.org/show_bug.cgi?id=184240
+
+        Reviewed by Chris Dumez.
+
+        * WebCoreSupport/WebResourceLoadScheduler.cpp:
+        (WebResourceLoadScheduler::loadResourceSynchronously):
+        * WebCoreSupport/WebResourceLoadScheduler.h:
+
 2018-04-04  Alex Christensen  <achristen...@webkit.org>
 
         Move PingHandle to WebKitLegacy

Modified: trunk/Source/WebKitLegacy/WebCoreSupport/WebResourceLoadScheduler.cpp (230680 => 230681)


--- trunk/Source/WebKitLegacy/WebCoreSupport/WebResourceLoadScheduler.cpp	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/Source/WebKitLegacy/WebCoreSupport/WebResourceLoadScheduler.cpp	2018-04-16 21:50:26 UTC (rev 230681)
@@ -106,9 +106,9 @@
     });
 }
 
-void WebResourceLoadScheduler::loadResourceSynchronously(FrameLoader& frameLoader, unsigned long, const ResourceRequest& request, StoredCredentialsPolicy storedCredentialsPolicy, ClientCredentialPolicy, ResourceError& error, ResourceResponse& response, Vector<char>& data)
+void WebResourceLoadScheduler::loadResourceSynchronously(FrameLoader& frameLoader, unsigned long, const ResourceRequest& request, ClientCredentialPolicy, const FetchOptions& options, const HTTPHeaderMap&, ResourceError& error, ResourceResponse& response, Vector<char>& data)
 {
-    ResourceHandle::loadResourceSynchronously(frameLoader.networkingContext(), request, storedCredentialsPolicy, error, response, data);
+    ResourceHandle::loadResourceSynchronously(frameLoader.networkingContext(), request, options.credentials == FetchOptions::Credentials::Omit ? StoredCredentialsPolicy::DoNotUse : StoredCredentialsPolicy::Use, error, response, data);
 }
 
 void WebResourceLoadScheduler::schedulePluginStreamLoad(Frame& frame, NetscapePlugInStreamLoaderClient& client, ResourceRequest&& request, CompletionHandler<void(RefPtr<WebCore::NetscapePlugInStreamLoader>&&)>&& completionHandler)

Modified: trunk/Source/WebKitLegacy/WebCoreSupport/WebResourceLoadScheduler.h (230680 => 230681)


--- trunk/Source/WebKitLegacy/WebCoreSupport/WebResourceLoadScheduler.h	2018-04-16 21:03:59 UTC (rev 230680)
+++ trunk/Source/WebKitLegacy/WebCoreSupport/WebResourceLoadScheduler.h	2018-04-16 21:50:26 UTC (rev 230681)
@@ -50,7 +50,7 @@
     WebResourceLoadScheduler();
 
     void loadResource(WebCore::Frame&, WebCore::CachedResource&, WebCore::ResourceRequest&&, const WebCore::ResourceLoaderOptions&, CompletionHandler<void(RefPtr<WebCore::SubresourceLoader>&&)>&&) final;
-    void loadResourceSynchronously(WebCore::FrameLoader&, unsigned long, const WebCore::ResourceRequest&, WebCore::StoredCredentialsPolicy, WebCore::ClientCredentialPolicy, WebCore::ResourceError&, WebCore::ResourceResponse&, Vector<char>&) final;
+    void loadResourceSynchronously(WebCore::FrameLoader&, unsigned long, const WebCore::ResourceRequest&, WebCore::ClientCredentialPolicy, const WebCore::FetchOptions&, const WebCore::HTTPHeaderMap&, WebCore::ResourceError&, WebCore::ResourceResponse&, Vector<char>&) final;
     void remove(WebCore::ResourceLoader*) final;
     void setDefersLoading(WebCore::ResourceLoader*, bool) final;
     void crossOriginRedirectReceived(WebCore::ResourceLoader*, const WebCore::URL& redirectURL) final;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to