Diff
Modified: trunk/LayoutTests/ChangeLog (231054 => 231055)
--- trunk/LayoutTests/ChangeLog 2018-04-26 18:05:20 UTC (rev 231054)
+++ trunk/LayoutTests/ChangeLog 2018-04-26 18:16:55 UTC (rev 231055)
@@ -1,3 +1,20 @@
+2018-04-26 Youenn Fablet <[email protected]>
+
+ Make cross origin redirection error messages consistent between SubresourceLoader and NetworkLoadChecker
+ https://bugs.webkit.org/show_bug.cgi?id=185023
+
+ Reviewed by Chris Dumez.
+
+ * http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt:
+ * http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt:
+ * http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt:
+ * platform/mac-wk1/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt: Removed.
+ * platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt: Removed.
+ * platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt: Removed.
+ * platform/win/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt: Removed.
+ * platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt: Removed.
+ * platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt: Removed.
+
2018-04-25 Megan Gardner <[email protected]>
Activate selection when interacting with editable content
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt (231054 => 231055)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt 2018-04-26 18:05:20 UTC (rev 231054)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt 2018-04-26 18:16:55 UTC (rev 231055)
@@ -1,3 +1,3 @@
-CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8000/security/contentSecurityPolicy/resources/alert-pass.js denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
CONSOLE MESSAGE: line 1: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
This tests whether a deferred script load caused by a redirect is properly allowed by a nonce.
Modified: trunk/LayoutTests/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt (231054 => 231055)
--- trunk/LayoutTests/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt 2018-04-26 18:05:20 UTC (rev 231054)
+++ trunk/LayoutTests/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt 2018-04-26 18:16:55 UTC (rev 231055)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8080/security/resources/image-access-control.php?file=../../resources/square100.png&allow=false denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
Verify the error message in console in case of CORS failing checks.
Modified: trunk/LayoutTests/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt (231054 => 231055)
--- trunk/LayoutTests/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt 2018-04-26 18:05:20 UTC (rev 231054)
+++ trunk/LayoutTests/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt 2018-04-26 18:16:55 UTC (rev 231055)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Cross-origin redirection to http://localhost:8080/security/resources/image-access-control.php?file=../../resources/square100.png&allow=false denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
Verify the error message in console in case of CORS failing checks.
Modified: trunk/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt (231054 => 231055)
--- trunk/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt 2018-04-26 18:05:20 UTC (rev 231054)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-post-sync-expected.txt 2018-04-26 18:16:55 UTC (rev 231055)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: line 31: Cross-origin redirection to http://localhost:8000/xmlhttprequest/resources/reply.xml denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: line 31: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
CONSOLE MESSAGE: line 31: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml due to access control checks.
Test that a cross-origin redirect to a server that responds is indistinguishable from one that does not. Should say PASS:
Modified: trunk/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt (231054 => 231055)
--- trunk/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt 2018-04-26 18:05:20 UTC (rev 231054)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/redirect-cross-origin-sync-expected.txt 2018-04-26 18:16:55 UTC (rev 231055)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: line 26: Cross-origin redirection to http://localhost:8000/xmlhttprequest/resources/reply.xml denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: line 26: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
CONSOLE MESSAGE: line 26: XMLHttpRequest cannot load http://localhost:8000/xmlhttprequest/resources/reply.xml due to access control checks.
Test that a cross-origin redirect to a server that responds is indistinguishable from one that does not. Should say PASS:
Modified: trunk/LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt (231054 => 231055)
--- trunk/LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt 2018-04-26 18:05:20 UTC (rev 231054)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect-expected.txt 2018-04-26 18:16:55 UTC (rev 231055)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: line 54: Cross-origin redirection to http://localhost:8080/xmlhttprequest/resources/forbidden.txt denied by Cross-Origin Resource Sharing policy: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: line 54: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
CONSOLE MESSAGE: line 54: XMLHttpRequest cannot load http://localhost:8080/xmlhttprequest/resources/forbidden.txt due to access control checks.
CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
CONSOLE MESSAGE: XMLHttpRequest cannot load http://localhost:8080/xmlhttprequest/resources/forbidden.txt due to access control checks.
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (231054 => 231055)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2018-04-26 18:05:20 UTC (rev 231054)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2018-04-26 18:16:55 UTC (rev 231055)
@@ -1,3 +1,14 @@
+2018-04-26 Youenn Fablet <[email protected]>
+
+ Mak cross origin redirection error messages consistent between SubresourceLoader and NetworkLoadChecker
+ https://bugs.webkit.org/show_bug.cgi?id=185023
+
+ Reviewed by Chris Dumez.
+
+ Fix message cross origin check failed in case of redirection
+
+ * web-platform-tests/service-workers/service-worker/fetch-request-fallback.https-expected.txt:
+
2018-04-25 Youenn Fablet <[email protected]>
Use NetworkLoadChecker for all subresource loads except fetch/XHR
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-fallback.https-expected.txt (231054 => 231055)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-fallback.https-expected.txt 2018-04-26 18:05:20 UTC (rev 231054)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-fallback.https-expected.txt 2018-04-26 18:16:55 UTC (rev 231055)
@@ -4,7 +4,7 @@
CONSOLE MESSAGE: XMLHttpRequest cannot load https://127.0.0.1:9443/service-workers/service-worker/resources/fetch-access-control.py? due to access control checks.
CONSOLE MESSAGE: Origin https://localhost:9443 is not allowed by Access-Control-Allow-Origin.
CONSOLE MESSAGE: Cannot load image https://127.0.0.1:9443/service-workers/service-worker/resources/fetch-access-control.py?PNGIMAGE& due to access control checks.
-CONSOLE MESSAGE: Cross-origin redirection to https://127.0.0.1:9443/service-workers/service-worker/resources/fetch-access-control.py?PNGIMAGE& denied by Cross-Origin Resource Sharing policy: Origin https://localhost:9443 is not allowed by Access-Control-Allow-Origin.
+CONSOLE MESSAGE: Origin https://localhost:9443 is not allowed by Access-Control-Allow-Origin.
CONSOLE MESSAGE: Cannot load image https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=https%3A%2F%2F127.0.0.1%3A9443%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FPNGIMAGE%26 due to access control checks.
PASS initialize global state
Deleted: trunk/LayoutTests/platform/mac-wk1/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt (231054 => 231055)
--- trunk/LayoutTests/platform/mac-wk1/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt 2018-04-26 18:05:20 UTC (rev 231054)
+++ trunk/LayoutTests/platform/mac-wk1/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt 2018-04-26 18:16:55 UTC (rev 231055)
@@ -1,3 +0,0 @@
-CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
-CONSOLE MESSAGE: line 1: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
-This tests whether a deferred script load caused by a redirect is properly allowed by a nonce.
Deleted: trunk/LayoutTests/platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt (231054 => 231055)
--- trunk/LayoutTests/platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt 2018-04-26 18:05:20 UTC (rev 231054)
+++ trunk/LayoutTests/platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt 2018-04-26 18:16:55 UTC (rev 231055)
@@ -1,4 +0,0 @@
-CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
-Verify the error message in console in case of CORS failing checks.
-
-
Deleted: trunk/LayoutTests/platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt (231054 => 231055)
--- trunk/LayoutTests/platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt 2018-04-26 18:05:20 UTC (rev 231054)
+++ trunk/LayoutTests/platform/mac-wk1/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt 2018-04-26 18:16:55 UTC (rev 231055)
@@ -1,4 +0,0 @@
-CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
-Verify the error message in console in case of CORS failing checks.
-
-
Deleted: trunk/LayoutTests/platform/win/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt (231054 => 231055)
--- trunk/LayoutTests/platform/win/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt 2018-04-26 18:05:20 UTC (rev 231054)
+++ trunk/LayoutTests/platform/win/http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-redirect-expected.txt 2018-04-26 18:16:55 UTC (rev 231055)
@@ -1,3 +0,0 @@
-CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
-CONSOLE MESSAGE: line 1: TypeError: Cross-origin script load denied by Cross-Origin Resource Sharing policy.
-This tests whether a deferred script load caused by a redirect is properly allowed by a nonce.
Deleted: trunk/LayoutTests/platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt (231054 => 231055)
--- trunk/LayoutTests/platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt 2018-04-26 18:05:20 UTC (rev 231054)
+++ trunk/LayoutTests/platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-1-expected.txt 2018-04-26 18:16:55 UTC (rev 231055)
@@ -1,4 +0,0 @@
-CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
-Verify the error message in console in case of CORS failing checks.
-
-
Deleted: trunk/LayoutTests/platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt (231054 => 231055)
--- trunk/LayoutTests/platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt 2018-04-26 18:05:20 UTC (rev 231054)
+++ trunk/LayoutTests/platform/win/http/tests/security/shape-image-cors-redirect-error-message-logging-2-expected.txt 2018-04-26 18:16:55 UTC (rev 231055)
@@ -1,4 +0,0 @@
-CONSOLE MESSAGE: Origin http://127.0.0.1:8000 is not allowed by Access-Control-Allow-Origin.
-Verify the error message in console in case of CORS failing checks.
-
-
Modified: trunk/Source/WebKit/ChangeLog (231054 => 231055)
--- trunk/Source/WebKit/ChangeLog 2018-04-26 18:05:20 UTC (rev 231054)
+++ trunk/Source/WebKit/ChangeLog 2018-04-26 18:16:55 UTC (rev 231055)
@@ -1,3 +1,16 @@
+2018-04-26 Youenn Fablet <[email protected]>
+
+ Make cross origin redirection error messages consistent between SubresourceLoader and NetworkLoadChecker
+ https://bugs.webkit.org/show_bug.cgi?id=185023
+
+ Reviewed by Chris Dumez.
+
+ Align NetworkLoadChecker with what SubresourceLoader is doing so that we can keep WK1 and WK2 error messages as consistent as possible.
+
+ * NetworkProcess/NetworkLoadChecker.cpp:
+ (WebKit::NetworkLoadChecker::checkRedirection):
+ (WebKit::NetworkLoadChecker::validateResponse):
+
2018-04-25 Megan Gardner <[email protected]>
Activate selection when interacting with editable content
Modified: trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp (231054 => 231055)
--- trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp 2018-04-26 18:05:20 UTC (rev 231054)
+++ trunk/Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp 2018-04-26 18:16:55 UTC (rev 231055)
@@ -91,6 +91,13 @@
{
ASSERT(!isChecking());
+ auto error = validateResponse(redirectResponse);
+ if (!error.isNull()) {
+ auto errorMessage = makeString("Cross-origin redirection to ", request.url().string(), " denied by Cross-Origin Resource Sharing policy: ", error.localizedDescription());
+ handler(makeUnexpected(ResourceError { String { }, 0, request.url(), WTFMove(errorMessage), ResourceError::Type::AccessControl }));
+ return;
+ }
+
if (m_options.redirect != FetchOptions::Redirect::Follow) {
handler(returnError(ASCIILiteral("Redirections are not allowed")));
return;
@@ -107,12 +114,6 @@
m_previousURL = WTFMove(m_url);
m_url = request.url();
- auto error = validateResponse(redirectResponse);
- if (!error.isNull()) {
- handler(makeUnexpected(WTFMove(error)));
- return;
- }
-
checkRequest(WTFMove(request), WTFMove(handler));
}
@@ -134,11 +135,8 @@
ASSERT(m_options.mode == FetchOptions::Mode::Cors);
String errorMessage;
- if (!WebCore::passesAccessControlCheck(response, m_storedCredentialsPolicy, *m_origin, errorMessage)) {
- if (m_redirectCount)
- errorMessage = makeString("Cross-origin redirection to ", m_url.string(), " denied by Cross-Origin Resource Sharing policy: ", errorMessage);
- return ResourceError { errorDomainWebKitInternal, 0, m_url, WTFMove(errorMessage), ResourceError::Type::AccessControl };
- }
+ if (!WebCore::passesAccessControlCheck(response, m_storedCredentialsPolicy, *m_origin, errorMessage))
+ return ResourceError { String { }, 0, m_url, WTFMove(errorMessage), ResourceError::Type::AccessControl };
response.setTainting(ResourceResponse::Tainting::Cors);
return { };
