[webkit-changes] [246087] trunk

Tue, 04 Jun 2019 16:35:42 -0700

Title: [246087] trunk
Revision
246087
Author
[email protected]
Date
2019-06-04 16:31:34 -0700 (Tue, 04 Jun 2019)

Log Message

Crash when calling XMLHttpRequest.setRequestHeader() in a worker
https://bugs.webkit.org/show_bug.cgi?id=198534
<rdar://problem/51393912>

Reviewed by Alex Christensen.

Source/WebCore:

Make sure the script execution context is a Document because calling document()
to get the settings.

Test: fast/workers/worker-xhr-setRequestHeader.html

* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::setRequestHeader):

LayoutTests:

Add layout test coverage.

* fast/workers/resources/worker-xhr-setRequestHeader.js: Added.
* fast/workers/worker-xhr-setRequestHeader-expected.txt: Added.
* fast/workers/worker-xhr-setRequestHeader.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (246086 => 246087)


--- trunk/LayoutTests/ChangeLog	2019-06-04 23:27:30 UTC (rev 246086)
+++ trunk/LayoutTests/ChangeLog	2019-06-04 23:31:34 UTC (rev 246087)
@@ -1,3 +1,17 @@
+2019-06-04  Chris Dumez  <[email protected]>
+
+        Crash when calling XMLHttpRequest.setRequestHeader() in a worker
+        https://bugs.webkit.org/show_bug.cgi?id=198534
+        <rdar://problem/51393912>
+
+        Reviewed by Alex Christensen.
+
+        Add layout test coverage.
+
+        * fast/workers/resources/worker-xhr-setRequestHeader.js: Added.
+        * fast/workers/worker-xhr-setRequestHeader-expected.txt: Added.
+        * fast/workers/worker-xhr-setRequestHeader.html: Added.
+
 2019-06-04  Antti Koivisto  <[email protected]>
 
         Sticky positioning is jumpy in many overflow cases

Added: trunk/LayoutTests/fast/workers/resources/worker-xhr-setRequestHeader.js (0 => 246087)


--- trunk/LayoutTests/fast/workers/resources/worker-xhr-setRequestHeader.js	                        (rev 0)
+++ trunk/LayoutTests/fast/workers/resources/worker-xhr-setRequestHeader.js	2019-06-04 23:31:34 UTC (rev 246087)
@@ -0,0 +1,14 @@
+importScripts('../../../resources/js-test-pre.js');
+
+var global = this;
+global.jsTestIsAsync = true;
+
+description("Tests XMLHttpRequest.setRequestHeader() in workers");
+
+var xhr = new XMLHttpRequest;
+xhr.open("GET", "empty-worker.js", false);
+xhr.setRequestHeader("Accept", "*/*");
+xhr.send(null);
+
+finishJSTest();
+

Added: trunk/LayoutTests/fast/workers/worker-xhr-setRequestHeader-expected.txt (0 => 246087)


--- trunk/LayoutTests/fast/workers/worker-xhr-setRequestHeader-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/workers/worker-xhr-setRequestHeader-expected.txt	2019-06-04 23:31:34 UTC (rev 246087)
@@ -0,0 +1,10 @@
+[Worker] Tests XMLHttpRequest.setRequestHeader() in workers
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+Starting worker: resources/worker-xhr-setRequestHeader.js
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Added: trunk/LayoutTests/fast/workers/worker-xhr-setRequestHeader.html (0 => 246087)


--- trunk/LayoutTests/fast/workers/worker-xhr-setRequestHeader.html	                        (rev 0)
+++ trunk/LayoutTests/fast/workers/worker-xhr-setRequestHeader.html	2019-06-04 23:31:34 UTC (rev 246087)
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=""
+</head>
+<body>
+<script>
+worker = startWorker('resources/worker-xhr-setRequestHeader.js');
+</script>
+<script src=""
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (246086 => 246087)


--- trunk/Source/WebCore/ChangeLog	2019-06-04 23:27:30 UTC (rev 246086)
+++ trunk/Source/WebCore/ChangeLog	2019-06-04 23:31:34 UTC (rev 246087)
@@ -1,3 +1,19 @@
+2019-06-04  Chris Dumez  <[email protected]>
+
+        Crash when calling XMLHttpRequest.setRequestHeader() in a worker
+        https://bugs.webkit.org/show_bug.cgi?id=198534
+        <rdar://problem/51393912>
+
+        Reviewed by Alex Christensen.
+
+        Make sure the script execution context is a Document because calling document()
+        to get the settings.
+
+        Test: fast/workers/worker-xhr-setRequestHeader.html
+
+        * xml/XMLHttpRequest.cpp:
+        (WebCore::XMLHttpRequest::setRequestHeader):
+
 2019-06-04  Antti Koivisto  <[email protected]>
 
         Sticky positioning is jumpy in many overflow cases

Modified: trunk/Source/WebCore/xml/XMLHttpRequest.cpp (246086 => 246087)


--- trunk/Source/WebCore/xml/XMLHttpRequest.cpp	2019-06-04 23:27:30 UTC (rev 246086)
+++ trunk/Source/WebCore/xml/XMLHttpRequest.cpp	2019-06-04 23:31:34 UTC (rev 246087)
@@ -817,7 +817,9 @@
 #if ENABLE(DASHBOARD_SUPPORT)
     allowUnsafeHeaderField = usesDashboardBackwardCompatibilityMode();
 #endif
-    if (securityOrigin()->canLoadLocalResources() && document()->settings().allowSettingAnyXHRHeaderFromFileURLs())
+
+    // FIXME: The allowSettingAnyXHRHeaderFromFileURLs setting currently only applies to Documents, not workers.
+    if (securityOrigin()->canLoadLocalResources() && scriptExecutionContext()->isDocument() && document()->settings().allowSettingAnyXHRHeaderFromFileURLs())
         allowUnsafeHeaderField = true;
     if (!allowUnsafeHeaderField && isForbiddenHeaderName(name)) {
         logConsoleError(scriptExecutionContext(), "Refused to set unsafe header \"" + name + "\"");

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to