Diff
Modified: trunk/Source/WebCore/ChangeLog (238952 => 238953)
--- trunk/Source/WebCore/ChangeLog 2018-12-07 18:08:24 UTC (rev 238952)
+++ trunk/Source/WebCore/ChangeLog 2018-12-07 18:33:43 UTC (rev 238953)
@@ -1,3 +1,28 @@
+2018-12-07 Rob Buis <[email protected]>
+
+ Merge parseAccessControlExposeHeadersAllowList into parseAccessControlAllowList
+ https://bugs.webkit.org/show_bug.cgi?id=192288
+
+ Reviewed by Frédéric Wang.
+
+ Merge parseAccessControlExposeHeadersAllowList into parseAccessControlAllowList
+ as they do the same thing. Also remove std::optional from parseAccessControlAllowList
+ since the function can't fail.
+
+ * WebCore.order:
+ * loader/CrossOriginAccessControl.cpp:
+ (WebCore::validatePreflightResponse):
+ * loader/CrossOriginPreflightResultCache.cpp:
+ (WebCore::CrossOriginPreflightResultCacheItem::parse):
+ * loader/CrossOriginPreflightResultCache.h:
+ * platform/network/HTTPParsers.cpp:
+ (WebCore::parseAccessControlExposeHeadersAllowList): Deleted.
+ * platform/network/HTTPParsers.h:
+ (WebCore::parseAccessControlAllowList):
+ * platform/network/ResourceResponseBase.cpp:
+ (WebCore::ResourceResponseBase::filter):
+ (WebCore::ResourceResponseBase::sanitizeHTTPHeaderFieldsAccordingToTainting):
+
2018-12-07 Eric Carlson <[email protected]>
[iOS] Don't update AVPlayerViewController currentTime while scrubbing
Modified: trunk/Source/WebCore/WebCore.order (238952 => 238953)
--- trunk/Source/WebCore/WebCore.order 2018-12-07 18:08:24 UTC (rev 238952)
+++ trunk/Source/WebCore/WebCore.order 2018-12-07 18:33:43 UTC (rev 238953)
@@ -7313,7 +7313,6 @@
__ZNK7WebCore14XMLHttpRequest6statusERi
__ZN7WebCore54jsXMLHttpRequestPrototypeFunctionGetAllResponseHeadersEPN3JSC9ExecStateE
__ZNK7WebCore14XMLHttpRequest21getAllResponseHeadersERi
-__ZN7WebCore40parseAccessControlExposeHeadersAllowListERKN3WTF6StringERNS0_7HashSetIS1_NS0_15CaseFoldingHashENS0_10HashTraitsIS1_EEEE
__ZN7WebCore27jsXMLHttpRequestResponseXMLEPN3JSC9ExecStateENS0_7JSValueENS0_12PropertyNameE
__ZN7WebCore14XMLHttpRequest11responseXMLERi
__ZNK7WebCore14XMLHttpRequest16responseMIMETypeEv
Modified: trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp (238952 => 238953)
--- trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp 2018-12-07 18:08:24 UTC (rev 238952)
+++ trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp 2018-12-07 18:33:43 UTC (rev 238953)
@@ -206,7 +206,7 @@
return false;
auto result = std::make_unique<CrossOriginPreflightResultCacheItem>(storedCredentialsPolicy);
- if (!result->parse(response, errorDescription)
+ if (!result->parse(response)
|| !result->allowsCrossOriginMethod(request.httpMethod(), errorDescription)
|| !result->allowsCrossOriginHeaders(request.httpHeaderFields(), errorDescription)) {
return false;
Modified: trunk/Source/WebCore/loader/CrossOriginPreflightResultCache.cpp (238952 => 238953)
--- trunk/Source/WebCore/loader/CrossOriginPreflightResultCache.cpp 2018-12-07 18:08:24 UTC (rev 238952)
+++ trunk/Source/WebCore/loader/CrossOriginPreflightResultCache.cpp 2018-12-07 18:33:43 UTC (rev 238953)
@@ -52,23 +52,13 @@
return ok;
}
-bool CrossOriginPreflightResultCacheItem::parse(const ResourceResponse& response, String& errorDescription)
+bool CrossOriginPreflightResultCacheItem::parse(const ResourceResponse& response)
{
m_methods.clear();
- auto methods = parseAccessControlAllowList(response.httpHeaderField(HTTPHeaderName::AccessControlAllowMethods));
- if (!methods) {
- errorDescription = "Cannot parse Access-Control-Allow-Methods response header field.";
- return false;
- }
- m_methods = WTFMove(methods.value());
+ parseAccessControlAllowList(response.httpHeaderField(HTTPHeaderName::AccessControlAllowMethods), m_methods);
m_headers.clear();
- auto headers = parseAccessControlAllowList<ASCIICaseInsensitiveHash>(response.httpHeaderField(HTTPHeaderName::AccessControlAllowHeaders));
- if (!headers) {
- errorDescription = "Cannot parse Access-Control-Allow-Headers response header field.";
- return false;
- }
- m_headers = WTFMove(headers.value());
+ parseAccessControlAllowList<ASCIICaseInsensitiveHash>(response.httpHeaderField(HTTPHeaderName::AccessControlAllowHeaders), m_headers);
Seconds expiryDelta = 0_s;
if (parseAccessControlMaxAge(response.httpHeaderField(HTTPHeaderName::AccessControlMaxAge), expiryDelta)) {
Modified: trunk/Source/WebCore/loader/CrossOriginPreflightResultCache.h (238952 => 238953)
--- trunk/Source/WebCore/loader/CrossOriginPreflightResultCache.h 2018-12-07 18:08:24 UTC (rev 238952)
+++ trunk/Source/WebCore/loader/CrossOriginPreflightResultCache.h 2018-12-07 18:33:43 UTC (rev 238953)
@@ -45,7 +45,7 @@
{
}
- WEBCORE_EXPORT bool parse(const ResourceResponse&, String& errorDescription);
+ WEBCORE_EXPORT bool parse(const ResourceResponse&);
WEBCORE_EXPORT bool allowsCrossOriginMethod(const String&, String& errorDescription) const;
WEBCORE_EXPORT bool allowsCrossOriginHeaders(const HTTPHeaderMap&, String& errorDescription) const;
bool allowsRequest(StoredCredentialsPolicy, const String& method, const HTTPHeaderMap& requestHeaders) const;
Modified: trunk/Source/WebCore/platform/network/HTTPParsers.cpp (238952 => 238953)
--- trunk/Source/WebCore/platform/network/HTTPParsers.cpp 2018-12-07 18:08:24 UTC (rev 238952)
+++ trunk/Source/WebCore/platform/network/HTTPParsers.cpp 2018-12-07 18:33:43 UTC (rev 238953)
@@ -769,15 +769,6 @@
return length;
}
-void parseAccessControlExposeHeadersAllowList(const String& headerValue, HTTPHeaderSet& headerSet)
-{
- for (auto& header : headerValue.split(',')) {
- String strippedHeader = header.stripWhiteSpace();
- if (!strippedHeader.isEmpty())
- headerSet.add(strippedHeader);
- }
-}
-
// Implements <https://fetch.spec.whatwg.org/#forbidden-header-name>.
bool isForbiddenHeaderName(const String& name)
{
Modified: trunk/Source/WebCore/platform/network/HTTPParsers.h (238952 => 238953)
--- trunk/Source/WebCore/platform/network/HTTPParsers.h 2018-12-07 18:08:24 UTC (rev 238952)
+++ trunk/Source/WebCore/platform/network/HTTPParsers.h 2018-12-07 18:33:43 UTC (rev 238953)
@@ -97,8 +97,6 @@
size_t parseHTTPHeader(const char* data, size_t length, String& failureReason, StringView& nameStr, String& valueStr, bool strict = true);
size_t parseHTTPRequestBody(const char* data, size_t length, Vector<unsigned char>& body);
-void parseAccessControlExposeHeadersAllowList(const String& headerValue, HTTPHeaderSet&);
-
// HTTP Header routine as per https://fetch.spec.whatwg.org/#terminology-headers
bool isForbiddenHeaderName(const String&);
bool isForbiddenResponseHeaderName(const String&);
@@ -151,9 +149,8 @@
}
template<class HashType = DefaultHash<String>::Hash>
-std::optional<HashSet<String, HashType>> parseAccessControlAllowList(const String& string)
+void parseAccessControlAllowList(const String& string, HashSet<String, HashType>& set)
{
- HashSet<String, HashType> set;
unsigned start = 0;
size_t end;
while ((end = string.find(',', start)) != notFound) {
@@ -163,8 +160,6 @@
}
if (start != string.length())
addToAccessControlAllowList(string, start, string.length() - 1, set);
-
- return set;
}
}
Modified: trunk/Source/WebCore/platform/network/ResourceResponseBase.cpp (238952 => 238953)
--- trunk/Source/WebCore/platform/network/ResourceResponseBase.cpp 2018-12-07 18:08:24 UTC (rev 238952)
+++ trunk/Source/WebCore/platform/network/ResourceResponseBase.cpp 2018-12-07 18:33:43 UTC (rev 238953)
@@ -152,7 +152,7 @@
filteredResponse.setType(Type::Cors);
HTTPHeaderSet accessControlExposeHeaderSet;
- parseAccessControlExposeHeadersAllowList(response.httpHeaderField(HTTPHeaderName::AccessControlExposeHeaders), accessControlExposeHeaderSet);
+ parseAccessControlAllowList(response.httpHeaderField(HTTPHeaderName::AccessControlExposeHeaders), accessControlExposeHeaderSet);
filteredResponse.m_httpHeaderFields.uncommonHeaders().removeAllMatching([&](auto& entry) {
return !isCrossOriginSafeHeader(entry.key, accessControlExposeHeaderSet);
});
@@ -419,13 +419,13 @@
if (isSafeCrossOriginResponseHeader(header.key))
filteredHeaders.add(header.key, WTFMove(header.value));
}
- if (auto corsSafeHeaderSet = parseAccessControlAllowList(httpHeaderField(HTTPHeaderName::AccessControlExposeHeaders))) {
- for (auto& headerName : *corsSafeHeaderSet) {
- if (!filteredHeaders.contains(headerName)) {
- auto value = m_httpHeaderFields.get(headerName);
- if (!value.isNull())
- filteredHeaders.add(headerName, value);
- }
+ HTTPHeaderSet corsSafeHeaderSet;
+ parseAccessControlAllowList(httpHeaderField(HTTPHeaderName::AccessControlExposeHeaders), corsSafeHeaderSet);
+ for (auto& headerName : corsSafeHeaderSet) {
+ if (!filteredHeaders.contains(headerName)) {
+ auto value = m_httpHeaderFields.get(headerName);
+ if (!value.isNull())
+ filteredHeaders.add(headerName, value);
}
}
m_httpHeaderFields = WTFMove(filteredHeaders);
