Skip to site navigation (Press enter)

[webkit-changes] [234840] trunk

commit-queue Tue, 14 Aug 2018 01:30:16 -0700

Title: [234840] trunk

Revision: 234840
Author: [email protected]
Date: 2018-08-14 01:29:15 -0700 (Tue, 14 Aug 2018)

Log Message

Fetch: content-length header is being added to the safe-list
https://bugs.webkit.org/show_bug.cgi?id=185473


Patch by Rob Buis <[email protected]> on 2018-08-14
Reviewed by Youenn Fablet.

LayoutTests/imported/w3c:

Sync with wpt change:
https://github.com/web-platform-tests/wpt/commit/407ecdff87af8aeceaa07cbc71aac9ec355d4334

* web-platform-tests/fetch/api/cors/cors-filtering-expected.txt:
* web-platform-tests/fetch/api/cors/cors-filtering-worker-expected.txt:
* web-platform-tests/fetch/api/cors/cors-filtering.js:

Source/WebCore:

Content-Length is a CORS-safelisted reponse header:
https://fetch.spec.whatwg.org/#cors-safelisted-response-header-name

Tests: web-platform-tests/fetch/api/cors/cors-filtering.html
       web-platform-tests/fetch/api/cors/cors-filtering-worker.html

* platform/network/HTTPParsers.cpp:
(WebCore::isCrossOriginSafeHeader):

Modified Paths

trunk/LayoutTests/imported/w3c/ChangeLog
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-filtering-expected.txt
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-filtering-worker-expected.txt
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-filtering.js
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/platform/network/HTTPParsers.cpp

Diff

Modified: trunk/LayoutTests/imported/w3c/ChangeLog (234839 => 234840)


--- trunk/LayoutTests/imported/w3c/ChangeLog	2018-08-14 07:08:15 UTC (rev 234839)
+++ trunk/LayoutTests/imported/w3c/ChangeLog	2018-08-14 08:29:15 UTC (rev 234840)
@@ -1,3 +1,17 @@
+2018-08-14  Rob Buis  <[email protected]>
+
+        Fetch: content-length header is being added to the safe-list
+        https://bugs.webkit.org/show_bug.cgi?id=185473
+
+        Reviewed by Youenn Fablet.
+
+        Sync with wpt change:
+        https://github.com/web-platform-tests/wpt/commit/407ecdff87af8aeceaa07cbc71aac9ec355d4334
+
+        * web-platform-tests/fetch/api/cors/cors-filtering-expected.txt:
+        * web-platform-tests/fetch/api/cors/cors-filtering-worker-expected.txt:
+        * web-platform-tests/fetch/api/cors/cors-filtering.js:
+
 2018-08-13  Youenn Fablet  <[email protected]>
 
         [WPT] Ensure templated tests do set a Content-Type: text/html HTTP header

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-filtering-expected.txt (234839 => 234840)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-filtering-expected.txt	2018-08-14 07:08:15 UTC (rev 234839)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-filtering-expected.txt	2018-08-14 08:29:15 UTC (rev 234840)
@@ -5,16 +5,15 @@
 PASS CORS filter on Expires header 
 PASS CORS filter on Last-Modified header 
 PASS CORS filter on Pragma header 
+PASS CORS filter on Content-Length header 
 PASS CORS filter on Age header 
 PASS CORS filter on Server header 
 PASS CORS filter on Warning header 
-PASS CORS filter on Content-Length header 
 PASS CORS filter on Set-Cookie header 
 PASS CORS filter on Set-Cookie2 header 
 PASS CORS filter on Age header, header is exposed 
 PASS CORS filter on Server header, header is exposed 
 PASS CORS filter on Warning header, header is exposed 
-PASS CORS filter on Content-Length header, header is exposed 
 PASS CORS filter on Set-Cookie header, header is forbidden 
 PASS CORS filter on Set-Cookie2 header, header is forbidden 
 PASS CORS filter on Set-Cookie header, header is forbidden(credentials = include)

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-filtering-worker-expected.txt (234839 => 234840)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-filtering-worker-expected.txt	2018-08-14 07:08:15 UTC (rev 234839)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-filtering-worker-expected.txt	2018-08-14 08:29:15 UTC (rev 234840)
@@ -5,16 +5,15 @@
 PASS CORS filter on Expires header 
 PASS CORS filter on Last-Modified header 
 PASS CORS filter on Pragma header 
+PASS CORS filter on Content-Length header 
 PASS CORS filter on Age header 
 PASS CORS filter on Server header 
 PASS CORS filter on Warning header 
-PASS CORS filter on Content-Length header 
 PASS CORS filter on Set-Cookie header 
 PASS CORS filter on Set-Cookie2 header 
 PASS CORS filter on Age header, header is exposed 
 PASS CORS filter on Server header, header is exposed 
 PASS CORS filter on Warning header, header is exposed 
-PASS CORS filter on Content-Length header, header is exposed 
 PASS CORS filter on Set-Cookie header, header is forbidden 
 PASS CORS filter on Set-Cookie2 header, header is forbidden 
 PASS CORS filter on Set-Cookie header, header is forbidden(credentials = include)

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-filtering.js (234839 => 234840)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-filtering.js	2018-08-14 07:08:15 UTC (rev 234839)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/cors/cors-filtering.js	2018-08-14 08:29:15 UTC (rev 234840)
@@ -52,11 +52,11 @@
 corsFilter(url, "Expires","04 May 1988 22:22:22 GMT" , false);
 corsFilter(url, "Last-Modified", "04 May 1988 22:22:22 GMT", false);
 corsFilter(url, "Pragma", "no-cache", false);
+corsFilter(url, "Content-Length", "3" , false); // top.txt contains "top"
 
 corsFilter(url, "Age", "27", true);
 corsFilter(url, "Server", "wptServe" , true);
 corsFilter(url, "Warning", "Mind the gap" , true);
-corsFilter(url, "Content-Length", "3" , true); // top.txt contains "top"
 corsFilter(url, "Set-Cookie", "name=value" , true);
 corsFilter(url, "Set-Cookie2", "name=value" , true);
 
@@ -63,7 +63,6 @@
 corsExposeFilter(url, "Age", "27", false);
 corsExposeFilter(url, "Server", "wptServe" , false);
 corsExposeFilter(url, "Warning", "Mind the gap" , false);
-corsExposeFilter(url, "Content-Length", "3" , false);
 
 corsExposeFilter(url, "Set-Cookie", "name=value" , true);
 corsExposeFilter(url, "Set-Cookie2", "name=value" , true);

Modified: trunk/Source/WebCore/ChangeLog (234839 => 234840)


--- trunk/Source/WebCore/ChangeLog	2018-08-14 07:08:15 UTC (rev 234839)
+++ trunk/Source/WebCore/ChangeLog	2018-08-14 08:29:15 UTC (rev 234840)
@@ -1,3 +1,19 @@
+2018-08-14  Rob Buis  <[email protected]>
+
+        Fetch: content-length header is being added to the safe-list
+        https://bugs.webkit.org/show_bug.cgi?id=185473
+
+        Reviewed by Youenn Fablet.
+
+        Content-Length is a CORS-safelisted reponse header:
+        https://fetch.spec.whatwg.org/#cors-safelisted-response-header-name
+
+        Tests: web-platform-tests/fetch/api/cors/cors-filtering.html
+               web-platform-tests/fetch/api/cors/cors-filtering-worker.html
+
+        * platform/network/HTTPParsers.cpp:
+        (WebCore::isCrossOriginSafeHeader):
+
 2018-08-13  Zalan Bujtas  <[email protected]>
 
         [LFC][Floating] Do not confuse clear with clearance.

Modified: trunk/Source/WebCore/platform/network/HTTPParsers.cpp (234839 => 234840)


--- trunk/Source/WebCore/platform/network/HTTPParsers.cpp	2018-08-14 07:08:15 UTC (rev 234839)
+++ trunk/Source/WebCore/platform/network/HTTPParsers.cpp	2018-08-14 08:29:15 UTC (rev 234840)
@@ -836,6 +836,7 @@
     switch (name) {
     case HTTPHeaderName::CacheControl:
     case HTTPHeaderName::ContentLanguage:
+    case HTTPHeaderName::ContentLength:
     case HTTPHeaderName::ContentType:
     case HTTPHeaderName::Expires:
     case HTTPHeaderName::LastModified:

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes