Diff
Modified: trunk/LayoutTests/ChangeLog (230790 => 230791)
--- trunk/LayoutTests/ChangeLog 2018-04-18 23:40:36 UTC (rev 230790)
+++ trunk/LayoutTests/ChangeLog 2018-04-19 00:47:20 UTC (rev 230791)
@@ -1,3 +1,24 @@
+2018-04-18 Youenn Fablet <[email protected]>
+
+ Allow SameOrigin credentials handling for synchronous XHR
+ https://bugs.webkit.org/show_bug.cgi?id=184723
+
+ Reviewed by Alex Christensen.
+
+ * http/tests/xmlhttprequest/access-control-and-redirects-expected.txt:
+ * http/tests/xmlhttprequest/access-control-and-redirects.html:
+ * http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt:
+ * http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt:
+ * http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt:
+ * platform/mac-wk1/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt:
+ * platform/mac-wk1/http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt: Copied from LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt.
+ * platform/mac-wk1/http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt: Copied from LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt.
+ * platform/mac-wk1/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt: Copied from LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt.
+ * platform/win/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt:
+ * platform/win/http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt: Copied from LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt.
+ * platform/win/http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt: Copied from LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt.
+ * platform/win/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt: Copied from LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt.
+
2018-04-18 Chris Dumez <[email protected]>
Set RemoteDOMWindow's initial opener
Modified: trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt (230790 => 230791)
--- trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt 2018-04-18 23:40:36 UTC (rev 230790)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt 2018-04-19 00:47:20 UTC (rev 230791)
@@ -7,8 +7,9 @@
Per the spec, these test cases should be allowed, but cross-origin redirects are currently unsupported in WebCore.
Testing /resources/redirect.php?url="" (sync)
-Expecting success: false
-PASS: NetworkError: A network error occurred.
+Expecting success: true
+PASS: PASS: Cross-domain access allowed.
+
Testing /resources/redirect.php?url=""
Expecting success: true
PASS: PASS: Cross-domain access allowed.
Modified: trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects.html (230790 => 230791)
--- trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects.html 2018-04-18 23:40:36 UTC (rev 230790)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/access-control-and-redirects.html 2018-04-19 00:47:20 UTC (rev 230791)
@@ -45,7 +45,7 @@
}
var tests = [
- ["/resources/redirect.php?url="" false, true],
+ ["/resources/redirect.php?url="" true, true],
["http://localhost:8000/resources/redirect.php?url="" false, false],
["http://localhost:8000/resources/redirect.php?url="" false, false]
]
Modified: trunk/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt (230790 => 230791)
--- trunk/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt 2018-04-18 23:40:36 UTC (rev 230790)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt 2018-04-19 00:47:20 UTC (rev 230791)
@@ -1,3 +1,4 @@
+CONSOLE MESSAGE: line 31: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
Test that a cross-origin redirect to a server that responds is indistinguishable from one that does not. Should say PASS:
PASS
Modified: trunk/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt (230790 => 230791)
--- trunk/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt 2018-04-18 23:40:36 UTC (rev 230790)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt 2018-04-19 00:47:20 UTC (rev 230791)
@@ -1,3 +1,4 @@
+CONSOLE MESSAGE: line 26: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
Test that a cross-origin redirect to a server that responds is indistinguishable from one that does not. Should say PASS:
PASS
Modified: trunk/LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt (230790 => 230791)
--- trunk/LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt 2018-04-18 23:40:36 UTC (rev 230790)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt 2018-04-19 00:47:20 UTC (rev 230791)
@@ -1,3 +1,4 @@
+CONSOLE MESSAGE: line 54: XMLHttpRequest cannot load http://localhost:8080/xmlhttprequest/resources/forbidden.txt. Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8080/xmlhttprequest/resources/forbidden.txt due to access control checks.
This tests that unsafe redirects won't be allowed when making an XMLHttpRequest.
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (230790 => 230791)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2018-04-18 23:40:36 UTC (rev 230790)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2018-04-19 00:47:20 UTC (rev 230791)
@@ -1,5 +1,14 @@
2018-04-18 Youenn Fablet <[email protected]>
+ Allow cross-origin redirections for synchronous XHR
+ https://bugs.webkit.org/show_bug.cgi?id=184723
+
+ Reviewed by Alex Christensen.
+
+ * web-platform-tests/XMLHttpRequest/access-control-and-redirects-expected.txt:
+
+2018-04-18 Youenn Fablet <[email protected]>
+
MediaResourceLoader should set its fetch destination
https://bugs.webkit.org/show_bug.cgi?id=184746
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/access-control-and-redirects-expected.txt (230790 => 230791)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/access-control-and-redirects-expected.txt 2018-04-18 23:40:36 UTC (rev 230790)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/XMLHttpRequest/access-control-and-redirects-expected.txt 2018-04-19 00:47:20 UTC (rev 230791)
@@ -1,5 +1,5 @@
-FAIL Local sync redirect to remote origin A network error occurred.
+PASS Local sync redirect to remote origin
PASS Local async redirect to remote origin
PASS Remote sync redirect to local origin
PASS Remote async redirect to local origin
Modified: trunk/LayoutTests/platform/mac-wk1/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt (230790 => 230791)
--- trunk/LayoutTests/platform/mac-wk1/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt 2018-04-18 23:40:36 UTC (rev 230790)
+++ trunk/LayoutTests/platform/mac-wk1/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt 2018-04-19 00:47:20 UTC (rev 230791)
@@ -8,8 +8,8 @@
Per the spec, these test cases should be allowed, but cross-origin redirects are currently unsupported in WebCore.
Testing /resources/redirect.php?url="" (sync)
-Expecting success: false
-PASS: NetworkError: A network error occurred.
+Expecting success: true
+FAIL: NetworkError: A network error occurred.
Testing /resources/redirect.php?url=""
Expecting success: true
PASS: PASS: Cross-domain access allowed.
Copied: trunk/LayoutTests/platform/mac-wk1/http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt (from rev 230790, trunk/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt) (0 => 230791)
--- trunk/LayoutTests/platform/mac-wk1/http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/mac-wk1/http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt 2018-04-19 00:47:20 UTC (rev 230791)
@@ -0,0 +1,4 @@
+Test that a cross-origin redirect to a server that responds is indistinguishable from one that does not. Should say PASS:
+
+PASS
+
Copied: trunk/LayoutTests/platform/mac-wk1/http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt (from rev 230790, trunk/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt) (0 => 230791)
--- trunk/LayoutTests/platform/mac-wk1/http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/mac-wk1/http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt 2018-04-19 00:47:20 UTC (rev 230791)
@@ -0,0 +1,4 @@
+Test that a cross-origin redirect to a server that responds is indistinguishable from one that does not. Should say PASS:
+
+PASS
+
Copied: trunk/LayoutTests/platform/mac-wk1/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt (from rev 230790, trunk/LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt) (0 => 230791)
--- trunk/LayoutTests/platform/mac-wk1/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/mac-wk1/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt 2018-04-19 00:47:20 UTC (rev 230791)
@@ -0,0 +1,12 @@
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8080/xmlhttprequest/resources/forbidden.txt due to access control checks.
+This tests that unsafe redirects won't be allowed when making an XMLHttpRequest.
+Sync XHR started.
+readyState change 1
+readyState change 4
+Error event.
+Exception: NetworkError: A network error occurred.
+Async XHR started.
+readyState change 1
+readyState change 4
+SUCCESS: Error handler was called with readyState 4
Modified: trunk/LayoutTests/platform/win/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt (230790 => 230791)
--- trunk/LayoutTests/platform/win/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt 2018-04-18 23:40:36 UTC (rev 230790)
+++ trunk/LayoutTests/platform/win/http/tests/xmlhttprequest/access-control-and-redirects-expected.txt 2018-04-19 00:47:20 UTC (rev 230791)
@@ -8,8 +8,8 @@
Per the spec, these test cases should be allowed, but cross-origin redirects are currently unsupported in WebCore.
Testing /resources/redirect.php?url="" (sync)
-Expecting success: false
-PASS: NetworkError: A network error occurred.
+Expecting success: true
+FAIL: NetworkError: A network error occurred.
Testing /resources/redirect.php?url=""
Expecting success: true
PASS: PASS: Cross-domain access allowed.
Copied: trunk/LayoutTests/platform/win/http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt (from rev 230790, trunk/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt) (0 => 230791)
--- trunk/LayoutTests/platform/win/http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/win/http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt 2018-04-19 00:47:20 UTC (rev 230791)
@@ -0,0 +1,4 @@
+Test that a cross-origin redirect to a server that responds is indistinguishable from one that does not. Should say PASS:
+
+PASS
+
Copied: trunk/LayoutTests/platform/win/http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt (from rev 230790, trunk/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt) (0 => 230791)
--- trunk/LayoutTests/platform/win/http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/win/http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt 2018-04-19 00:47:20 UTC (rev 230791)
@@ -0,0 +1,4 @@
+Test that a cross-origin redirect to a server that responds is indistinguishable from one that does not. Should say PASS:
+
+PASS
+
Copied: trunk/LayoutTests/platform/win/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt (from rev 230790, trunk/LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt) (0 => 230791)
--- trunk/LayoutTests/platform/win/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/win/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt 2018-04-19 00:47:20 UTC (rev 230791)
@@ -0,0 +1,12 @@
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8080/xmlhttprequest/resources/forbidden.txt due to access control checks.
+This tests that unsafe redirects won't be allowed when making an XMLHttpRequest.
+Sync XHR started.
+readyState change 1
+readyState change 4
+Error event.
+Exception: NetworkError: A network error occurred.
+Async XHR started.
+readyState change 1
+readyState change 4
+SUCCESS: Error handler was called with readyState 4
Modified: trunk/Source/WebKit/ChangeLog (230790 => 230791)
--- trunk/Source/WebKit/ChangeLog 2018-04-18 23:40:36 UTC (rev 230790)
+++ trunk/Source/WebKit/ChangeLog 2018-04-19 00:47:20 UTC (rev 230791)
@@ -1,3 +1,20 @@
+2018-04-18 Youenn Fablet <[email protected]>
+
+ Allow SameOrigin credentials handling for synchronous XHR
+ https://bugs.webkit.org/show_bug.cgi?id=184723
+
+ Reviewed by Alex Christensen.
+
+ In case of SameOrigin credentials, we need to stop the current load
+ in case of cross origin redirection to restart a load with a different session.
+ Covered by updated WK2 tests.
+ Rebased WK1 tests since this is Wk1 only.
+
+ * NetworkProcess/NetworkResourceLoader.cpp:
+ (WebKit::NetworkResourceLoader::startNetworkLoad):
+ (WebKit::NetworkResourceLoader::willSendRedirectedRequest):
+ * NetworkProcess/NetworkResourceLoader.h:
+
2018-04-18 Chris Dumez <[email protected]>
Set RemoteDOMWindow's initial opener
Modified: trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp (230790 => 230791)
--- trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp 2018-04-18 23:40:36 UTC (rev 230790)
+++ trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp 2018-04-19 00:47:20 UTC (rev 230791)
@@ -177,7 +177,7 @@
return;
}
- this->startNetworkLoad(WTFMove(result.value()));
+ this->startNetworkLoad(WTFMove(result.value()), FirstLoad::Yes);
});
return;
}
@@ -188,7 +188,7 @@
return;
}
- startNetworkLoad(ResourceRequest { originalRequest() });
+ startNetworkLoad(ResourceRequest { originalRequest() }, FirstLoad::Yes);
}
void NetworkResourceLoader::retrieveCacheEntry(const ResourceRequest& request)
@@ -206,7 +206,7 @@
}
if (!entry) {
RELEASE_LOG_IF_ALLOWED("retrieveCacheEntry: Resource not in cache (pageID = %" PRIu64 ", frameID = %" PRIu64 ", resourceID = %" PRIu64 ", isMainResource = %d, isSynchronous = %d)", m_parameters.webPageID, m_parameters.webFrameID, m_parameters.identifier, isMainResource(), isSynchronous());
- loader->startNetworkLoad(WTFMove(request));
+ loader->startNetworkLoad(WTFMove(request), FirstLoad::Yes);
return;
}
if (entry->redirectRequest()) {
@@ -216,7 +216,7 @@
}
if (loader->m_parameters.needsCertificateInfo && !entry->response().certificateInfo()) {
RELEASE_LOG_IF_ALLOWED("retrieveCacheEntry: Resource does not have required certificate (pageID = %" PRIu64 ", frameID = %" PRIu64 ", resourceID = %" PRIu64 ", isMainResource = %d, isSynchronous = %d)", m_parameters.webPageID, m_parameters.webFrameID, m_parameters.identifier, isMainResource(), isSynchronous());
- loader->startNetworkLoad(WTFMove(request));
+ loader->startNetworkLoad(WTFMove(request), FirstLoad::Yes);
return;
}
if (entry->needsValidation() || request.cachePolicy() == WebCore::RefreshAnyCacheData) {
@@ -229,17 +229,19 @@
});
}
-void NetworkResourceLoader::startNetworkLoad(ResourceRequest&& request)
+void NetworkResourceLoader::startNetworkLoad(ResourceRequest&& request, FirstLoad load)
{
- RELEASE_LOG_IF_ALLOWED("startNetworkLoad: (pageID = %" PRIu64 ", frameID = %" PRIu64 ", resourceID = %" PRIu64 ", isMainResource = %d, isSynchronous = %d)", m_parameters.webPageID, m_parameters.webFrameID, m_parameters.identifier, isMainResource(), isSynchronous());
+ if (load == FirstLoad::Yes) {
+ RELEASE_LOG_IF_ALLOWED("startNetworkLoad: (pageID = %" PRIu64 ", frameID = %" PRIu64 ", resourceID = %" PRIu64 ", isMainResource = %d, isSynchronous = %d)", m_parameters.webPageID, m_parameters.webFrameID, m_parameters.identifier, isMainResource(), isSynchronous());
- consumeSandboxExtensions();
+ consumeSandboxExtensions();
- if (isSynchronous() || m_parameters.maximumBufferingTime > 0_s)
- m_bufferedData = SharedBuffer::create();
+ if (isSynchronous() || m_parameters.maximumBufferingTime > 0_s)
+ m_bufferedData = SharedBuffer::create();
- if (canUseCache(request))
- m_bufferedDataForCache = SharedBuffer::create();
+ if (canUseCache(request))
+ m_bufferedDataForCache = SharedBuffer::create();
+ }
NetworkLoadParameters parameters = m_parameters;
parameters.defersLoading = m_defersLoading;
@@ -488,11 +490,10 @@
return;
}
- // FIXME: We need to handle SameOrigin credentials properly, for now we bail out.
if (storedCredentialsPolicy != m_networkLoadChecker->storedCredentialsPolicy()) {
- m_synchronousLoadData->error = SynchronousLoaderClient::platformBadResponseError();
- m_networkLoad->clearCurrentRequest();
- this->continueWillSendRequest(ResourceRequest { }, false);
+ // We need to restart the load to update the session according the new credential policy.
+ m_networkLoad->cancel();
+ this->startNetworkLoad(WTFMove(result.value()), FirstLoad::No);
return;
}
@@ -541,7 +542,7 @@
if (canUseCachedRedirect(newRequest))
retrieveCacheEntry(newRequest);
else
- startNetworkLoad(WTFMove(newRequest));
+ startNetworkLoad(WTFMove(newRequest), FirstLoad::Yes);
return;
}
@@ -726,7 +727,7 @@
m_cacheEntryForValidation = WTFMove(entry);
- startNetworkLoad(WTFMove(revalidationRequest));
+ startNetworkLoad(WTFMove(revalidationRequest), FirstLoad::Yes);
}
void NetworkResourceLoader::dispatchWillSendRequestForCacheEntry(std::unique_ptr<NetworkCache::Entry> entry)
Modified: trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.h (230790 => 230791)
--- trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.h 2018-04-18 23:40:36 UTC (rev 230790)
+++ trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.h 2018-04-19 00:47:20 UTC (rev 230791)
@@ -130,7 +130,8 @@
void dispatchWillSendRequestForCacheEntry(std::unique_ptr<NetworkCache::Entry>);
void continueProcessingCachedEntryAfterDidReceiveResponse(std::unique_ptr<NetworkCache::Entry>);
- void startNetworkLoad(WebCore::ResourceRequest&&);
+ enum class FirstLoad { No, Yes };
+ void startNetworkLoad(WebCore::ResourceRequest&&, FirstLoad);
void continueDidReceiveResponse();
void cleanup();
