[webkit-changes] [250515] trunk

Mon, 30 Sep 2019 03:41:21 -0700

Title: [250515] trunk
Revision
250515
Author
[email protected]
Date
2019-09-30 03:40:02 -0700 (Mon, 30 Sep 2019)

Log Message

No-Cors check should take into account same-origin
https://bugs.webkit.org/show_bug.cgi?id=202353

Patch by Rob Buis <[email protected]> on 2019-09-30
Reviewed by Youenn Fablet.

LayoutTests/imported/w3c:

* web-platform-tests/fetch/api/redirect/redirect-mode-expected.txt: Removed.
* web-platform-tests/fetch/api/redirect/redirect-mode.any-expected.txt:
* web-platform-tests/fetch/api/redirect/redirect-mode.any.worker-expected.txt:
* web-platform-tests/service-workers/service-worker/fetch-event-redirect.https-expected.txt:

Source/WebCore:

No-Cors check should take into account same-origin, in that case the
check should bail out, since same-origin is already handled in
the first step of [1].

Test: imported/web-platform-tests/fetch/api/redirect/redirect-mode.any.html

[1] https://fetch.spec.whatwg.org/#main-fetch Step 5

* loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::canRequest):

Modified Paths

Removed Paths

Diff

Modified: trunk/LayoutTests/imported/w3c/ChangeLog (250514 => 250515)


--- trunk/LayoutTests/imported/w3c/ChangeLog	2019-09-30 09:06:38 UTC (rev 250514)
+++ trunk/LayoutTests/imported/w3c/ChangeLog	2019-09-30 10:40:02 UTC (rev 250515)
@@ -1,3 +1,15 @@
+2019-09-30  Rob Buis  <[email protected]>
+
+        No-Cors check should take into account same-origin
+        https://bugs.webkit.org/show_bug.cgi?id=202353
+
+        Reviewed by Youenn Fablet.
+
+        * web-platform-tests/fetch/api/redirect/redirect-mode-expected.txt: Removed.
+        * web-platform-tests/fetch/api/redirect/redirect-mode.any-expected.txt:
+        * web-platform-tests/fetch/api/redirect/redirect-mode.any.worker-expected.txt:
+        * web-platform-tests/service-workers/service-worker/fetch-event-redirect.https-expected.txt:
+
 2019-09-26  Truitt Savell  <[email protected]>
 
         Unreviewed, rolling out r250385.

Deleted: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-mode-expected.txt (250514 => 250515)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-mode-expected.txt	2019-09-30 09:06:38 UTC (rev 250514)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-mode-expected.txt	2019-09-30 10:40:02 UTC (rev 250515)
@@ -1,17 +0,0 @@
-
-PASS Redirect 301 in "error" mode  
-PASS Redirect 301 in "follow" mode  
-PASS Redirect 301 in "manual" mode  
-PASS Redirect 302 in "error" mode  
-PASS Redirect 302 in "follow" mode  
-PASS Redirect 302 in "manual" mode  
-PASS Redirect 303 in "error" mode  
-PASS Redirect 303 in "follow" mode  
-PASS Redirect 303 in "manual" mode  
-PASS Redirect 307 in "error" mode  
-PASS Redirect 307 in "follow" mode  
-PASS Redirect 307 in "manual" mode  
-PASS Redirect 308 in "error" mode  
-PASS Redirect 308 in "follow" mode  
-PASS Redirect 308 in "manual" mode  
-

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-mode.any-expected.txt (250514 => 250515)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-mode.any-expected.txt	2019-09-30 09:06:38 UTC (rev 250514)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-mode.any-expected.txt	2019-09-30 10:40:02 UTC (rev 250515)
@@ -1,45 +1,25 @@
 CONSOLE MESSAGE: Not allowed to follow a redirection while loading http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=301&location=cors-top.txt
 CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=301&location=cors-top.txt due to access control checks.
-CONSOLE MESSAGE: line 19: No-Cors mode requires follow redirect mode
-CONSOLE MESSAGE: line 19: Not allowed to request resource
-CONSOLE MESSAGE: line 19: Fetch API cannot load http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=301&location=cors-top.txt due to access control checks.
-CONSOLE MESSAGE: line 21: No-Cors mode requires follow redirect mode
-CONSOLE MESSAGE: line 21: Not allowed to request resource
-CONSOLE MESSAGE: line 21: Fetch API cannot load http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=301&location=cors-top.txt due to access control checks.
+CONSOLE MESSAGE: Not allowed to follow a redirection while loading http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=301&location=cors-top.txt
+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=301&location=cors-top.txt due to access control checks.
 CONSOLE MESSAGE: Not allowed to follow a redirection while loading http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=302&location=cors-top.txt
 CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=302&location=cors-top.txt due to access control checks.
-CONSOLE MESSAGE: line 19: No-Cors mode requires follow redirect mode
-CONSOLE MESSAGE: line 19: Not allowed to request resource
-CONSOLE MESSAGE: line 19: Fetch API cannot load http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=302&location=cors-top.txt due to access control checks.
-CONSOLE MESSAGE: line 21: No-Cors mode requires follow redirect mode
-CONSOLE MESSAGE: line 21: Not allowed to request resource
-CONSOLE MESSAGE: line 21: Fetch API cannot load http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=302&location=cors-top.txt due to access control checks.
+CONSOLE MESSAGE: Not allowed to follow a redirection while loading http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=302&location=cors-top.txt
+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=302&location=cors-top.txt due to access control checks.
 CONSOLE MESSAGE: Not allowed to follow a redirection while loading http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=303&location=cors-top.txt
 CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=303&location=cors-top.txt due to access control checks.
-CONSOLE MESSAGE: line 19: No-Cors mode requires follow redirect mode
-CONSOLE MESSAGE: line 19: Not allowed to request resource
-CONSOLE MESSAGE: line 19: Fetch API cannot load http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=303&location=cors-top.txt due to access control checks.
-CONSOLE MESSAGE: line 21: No-Cors mode requires follow redirect mode
-CONSOLE MESSAGE: line 21: Not allowed to request resource
-CONSOLE MESSAGE: line 21: Fetch API cannot load http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=303&location=cors-top.txt due to access control checks.
+CONSOLE MESSAGE: Not allowed to follow a redirection while loading http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=303&location=cors-top.txt
+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=303&location=cors-top.txt due to access control checks.
 CONSOLE MESSAGE: Not allowed to follow a redirection while loading http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=307&location=cors-top.txt
 CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=307&location=cors-top.txt due to access control checks.
-CONSOLE MESSAGE: line 19: No-Cors mode requires follow redirect mode
-CONSOLE MESSAGE: line 19: Not allowed to request resource
-CONSOLE MESSAGE: line 19: Fetch API cannot load http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=307&location=cors-top.txt due to access control checks.
-CONSOLE MESSAGE: line 21: No-Cors mode requires follow redirect mode
-CONSOLE MESSAGE: line 21: Not allowed to request resource
-CONSOLE MESSAGE: line 21: Fetch API cannot load http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=307&location=cors-top.txt due to access control checks.
+CONSOLE MESSAGE: Not allowed to follow a redirection while loading http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=307&location=cors-top.txt
+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=307&location=cors-top.txt due to access control checks.
 CONSOLE MESSAGE: Not allowed to follow a redirection while loading http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=308&location=cors-top.txt
 CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=308&location=cors-top.txt due to access control checks.
+CONSOLE MESSAGE: Not allowed to follow a redirection while loading http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=308&location=cors-top.txt
+CONSOLE MESSAGE: Fetch API cannot load http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=308&location=cors-top.txt due to access control checks.
 CONSOLE MESSAGE: line 19: No-Cors mode requires follow redirect mode
 CONSOLE MESSAGE: line 19: Not allowed to request resource
-CONSOLE MESSAGE: line 19: Fetch API cannot load http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=308&location=cors-top.txt due to access control checks.
-CONSOLE MESSAGE: line 21: No-Cors mode requires follow redirect mode
-CONSOLE MESSAGE: line 21: Not allowed to request resource
-CONSOLE MESSAGE: line 21: Fetch API cannot load http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=308&location=cors-top.txt due to access control checks.
-CONSOLE MESSAGE: line 19: No-Cors mode requires follow redirect mode
-CONSOLE MESSAGE: line 19: Not allowed to request resource
 CONSOLE MESSAGE: line 19: Fetch API cannot load http://127.0.0.1/fetch/api/resources/redirect.py?redirect_status=301&location=cors-top.txt due to access control checks.
 CONSOLE MESSAGE: line 19: No-Cors mode requires follow redirect mode
 CONSOLE MESSAGE: line 19: Not allowed to request resource
@@ -72,31 +52,31 @@
 PASS same-origin redirect 301 in error redirect and cors mode 
 PASS same-origin redirect 301 in error redirect and no-cors mode 
 PASS same-origin redirect 301 in manual redirect and cors mode 
-FAIL same-origin redirect 301 in manual redirect and no-cors mode promise_test: Unhandled rejection with value: object "TypeError: Not allowed to request resource"
+PASS same-origin redirect 301 in manual redirect and no-cors mode 
 PASS same-origin redirect 301 in follow redirect and cors mode 
 PASS same-origin redirect 301 in follow redirect and no-cors mode 
 PASS same-origin redirect 302 in error redirect and cors mode 
 PASS same-origin redirect 302 in error redirect and no-cors mode 
 PASS same-origin redirect 302 in manual redirect and cors mode 
-FAIL same-origin redirect 302 in manual redirect and no-cors mode promise_test: Unhandled rejection with value: object "TypeError: Not allowed to request resource"
+PASS same-origin redirect 302 in manual redirect and no-cors mode 
 PASS same-origin redirect 302 in follow redirect and cors mode 
 PASS same-origin redirect 302 in follow redirect and no-cors mode 
 PASS same-origin redirect 303 in error redirect and cors mode 
 PASS same-origin redirect 303 in error redirect and no-cors mode 
 PASS same-origin redirect 303 in manual redirect and cors mode 
-FAIL same-origin redirect 303 in manual redirect and no-cors mode promise_test: Unhandled rejection with value: object "TypeError: Not allowed to request resource"
+PASS same-origin redirect 303 in manual redirect and no-cors mode 
 PASS same-origin redirect 303 in follow redirect and cors mode 
 PASS same-origin redirect 303 in follow redirect and no-cors mode 
 PASS same-origin redirect 307 in error redirect and cors mode 
 PASS same-origin redirect 307 in error redirect and no-cors mode 
 PASS same-origin redirect 307 in manual redirect and cors mode 
-FAIL same-origin redirect 307 in manual redirect and no-cors mode promise_test: Unhandled rejection with value: object "TypeError: Not allowed to request resource"
+PASS same-origin redirect 307 in manual redirect and no-cors mode 
 PASS same-origin redirect 307 in follow redirect and cors mode 
 PASS same-origin redirect 307 in follow redirect and no-cors mode 
 PASS same-origin redirect 308 in error redirect and cors mode 
 PASS same-origin redirect 308 in error redirect and no-cors mode 
 PASS same-origin redirect 308 in manual redirect and cors mode 
-FAIL same-origin redirect 308 in manual redirect and no-cors mode promise_test: Unhandled rejection with value: object "TypeError: Not allowed to request resource"
+PASS same-origin redirect 308 in manual redirect and no-cors mode 
 PASS same-origin redirect 308 in follow redirect and cors mode 
 PASS same-origin redirect 308 in follow redirect and no-cors mode 
 PASS cross-origin redirect 301 in error redirect and cors mode

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-mode.any.worker-expected.txt (250514 => 250515)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-mode.any.worker-expected.txt	2019-09-30 09:06:38 UTC (rev 250514)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/redirect/redirect-mode.any.worker-expected.txt	2019-09-30 10:40:02 UTC (rev 250515)
@@ -1,16 +1,13 @@
 CONSOLE MESSAGE: Not allowed to follow a redirection while loading http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=301&location=cors-top.txt
-CONSOLE MESSAGE: No-Cors mode requires follow redirect mode
-CONSOLE MESSAGE: No-Cors mode requires follow redirect mode
+CONSOLE MESSAGE: Not allowed to follow a redirection while loading http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=301&location=cors-top.txt
 CONSOLE MESSAGE: Not allowed to follow a redirection while loading http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=302&location=cors-top.txt
-CONSOLE MESSAGE: No-Cors mode requires follow redirect mode
-CONSOLE MESSAGE: No-Cors mode requires follow redirect mode
+CONSOLE MESSAGE: Not allowed to follow a redirection while loading http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=302&location=cors-top.txt
 CONSOLE MESSAGE: Not allowed to follow a redirection while loading http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=303&location=cors-top.txt
-CONSOLE MESSAGE: No-Cors mode requires follow redirect mode
-CONSOLE MESSAGE: No-Cors mode requires follow redirect mode
+CONSOLE MESSAGE: Not allowed to follow a redirection while loading http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=303&location=cors-top.txt
 CONSOLE MESSAGE: Not allowed to follow a redirection while loading http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=307&location=cors-top.txt
-CONSOLE MESSAGE: No-Cors mode requires follow redirect mode
-CONSOLE MESSAGE: No-Cors mode requires follow redirect mode
+CONSOLE MESSAGE: Not allowed to follow a redirection while loading http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=307&location=cors-top.txt
 CONSOLE MESSAGE: Not allowed to follow a redirection while loading http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=308&location=cors-top.txt
+CONSOLE MESSAGE: Not allowed to follow a redirection while loading http://localhost:8800/fetch/api/resources/redirect.py?redirect_status=308&location=cors-top.txt
 CONSOLE MESSAGE: No-Cors mode requires follow redirect mode
 CONSOLE MESSAGE: No-Cors mode requires follow redirect mode
 CONSOLE MESSAGE: No-Cors mode requires follow redirect mode
@@ -21,37 +18,35 @@
 CONSOLE MESSAGE: No-Cors mode requires follow redirect mode
 CONSOLE MESSAGE: No-Cors mode requires follow redirect mode
 CONSOLE MESSAGE: No-Cors mode requires follow redirect mode
-CONSOLE MESSAGE: No-Cors mode requires follow redirect mode
-CONSOLE MESSAGE: No-Cors mode requires follow redirect mode
 
 PASS same-origin redirect 301 in error redirect and cors mode 
 PASS same-origin redirect 301 in error redirect and no-cors mode 
 PASS same-origin redirect 301 in manual redirect and cors mode 
-FAIL same-origin redirect 301 in manual redirect and no-cors mode promise_test: Unhandled rejection with value: object "TypeError: Not allowed to request resource"
+PASS same-origin redirect 301 in manual redirect and no-cors mode 
 PASS same-origin redirect 301 in follow redirect and cors mode 
 PASS same-origin redirect 301 in follow redirect and no-cors mode 
 PASS same-origin redirect 302 in error redirect and cors mode 
 PASS same-origin redirect 302 in error redirect and no-cors mode 
 PASS same-origin redirect 302 in manual redirect and cors mode 
-FAIL same-origin redirect 302 in manual redirect and no-cors mode promise_test: Unhandled rejection with value: object "TypeError: Not allowed to request resource"
+PASS same-origin redirect 302 in manual redirect and no-cors mode 
 PASS same-origin redirect 302 in follow redirect and cors mode 
 PASS same-origin redirect 302 in follow redirect and no-cors mode 
 PASS same-origin redirect 303 in error redirect and cors mode 
 PASS same-origin redirect 303 in error redirect and no-cors mode 
 PASS same-origin redirect 303 in manual redirect and cors mode 
-FAIL same-origin redirect 303 in manual redirect and no-cors mode promise_test: Unhandled rejection with value: object "TypeError: Not allowed to request resource"
+PASS same-origin redirect 303 in manual redirect and no-cors mode 
 PASS same-origin redirect 303 in follow redirect and cors mode 
 PASS same-origin redirect 303 in follow redirect and no-cors mode 
 PASS same-origin redirect 307 in error redirect and cors mode 
 PASS same-origin redirect 307 in error redirect and no-cors mode 
 PASS same-origin redirect 307 in manual redirect and cors mode 
-FAIL same-origin redirect 307 in manual redirect and no-cors mode promise_test: Unhandled rejection with value: object "TypeError: Not allowed to request resource"
+PASS same-origin redirect 307 in manual redirect and no-cors mode 
 PASS same-origin redirect 307 in follow redirect and cors mode 
 PASS same-origin redirect 307 in follow redirect and no-cors mode 
 PASS same-origin redirect 308 in error redirect and cors mode 
 PASS same-origin redirect 308 in error redirect and no-cors mode 
 PASS same-origin redirect 308 in manual redirect and cors mode 
-FAIL same-origin redirect 308 in manual redirect and no-cors mode promise_test: Unhandled rejection with value: object "TypeError: Not allowed to request resource"
+PASS same-origin redirect 308 in manual redirect and no-cors mode 
 PASS same-origin redirect 308 in follow redirect and cors mode 
 PASS same-origin redirect 308 in follow redirect and no-cors mode 
 PASS cross-origin redirect 301 in error redirect and cors mode

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-event-redirect.https-expected.txt (250514 => 250515)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-event-redirect.https-expected.txt	2019-09-30 09:06:38 UTC (rev 250514)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-event-redirect.https-expected.txt	2019-09-30 10:40:02 UTC (rev 250515)
@@ -1,21 +1,3 @@
-CONSOLE MESSAGE: line 55: No-Cors mode requires follow redirect mode
-CONSOLE MESSAGE: line 55: Not allowed to request resource
-CONSOLE MESSAGE: line 55: Fetch API cannot load https://localhost:9443/nonav-manual-nocors-redirects-to-sameorigin-nocreds?url="" due to access control checks.
-CONSOLE MESSAGE: line 55: No-Cors mode requires follow redirect mode
-CONSOLE MESSAGE: line 55: Not allowed to request resource
-CONSOLE MESSAGE: line 55: Fetch API cannot load https://localhost:9443/nonav-manual-nocors-redirects-to-nocors-nocreds?url="" due to access control checks.
-CONSOLE MESSAGE: line 55: No-Cors mode requires follow redirect mode
-CONSOLE MESSAGE: line 55: Not allowed to request resource
-CONSOLE MESSAGE: line 55: Fetch API cannot load https://localhost:9443/nonav-manual-nocors-redirects-to-cors-nocreds?url="" due to access control checks.
-CONSOLE MESSAGE: line 55: No-Cors mode requires follow redirect mode
-CONSOLE MESSAGE: line 55: Not allowed to request resource
-CONSOLE MESSAGE: line 55: Fetch API cannot load https://localhost:9443/nonav-manual-nocors-redirects-to-sameorigin-creds?url="" due to access control checks.
-CONSOLE MESSAGE: line 55: No-Cors mode requires follow redirect mode
-CONSOLE MESSAGE: line 55: Not allowed to request resource
-CONSOLE MESSAGE: line 55: Fetch API cannot load https://localhost:9443/nonav-manual-nocors-redirects-to-nocors-creds?url="" due to access control checks.
-CONSOLE MESSAGE: line 55: No-Cors mode requires follow redirect mode
-CONSOLE MESSAGE: line 55: Not allowed to request resource
-CONSOLE MESSAGE: line 55: Fetch API cannot load https://localhost:9443/nonav-manual-nocors-redirects-to-cors-creds?url="" due to access control checks.
 CONSOLE MESSAGE: FetchEvent.respondWith received an error: TypeError: Origin https://localhost:9443 is not allowed by Access-Control-Allow-Origin.
 CONSOLE MESSAGE: Fetch API cannot load https://localhost:9443/nonav-follow-cors-redirects-to-nocors-nocreds?url=""
 CONSOLE MESSAGE: FetchEvent.respondWith received an error: TypeError: Unsafe attempt to load URL https://127.0.0.1:9443/service-workers/service-worker/resources/success.py from origin https://localhost:9443. Domains, protocols and ports must match.
@@ -44,15 +26,12 @@
 CONSOLE MESSAGE: Fetch API cannot load https://localhost:9443/nonav-error-sameorigin-redirects-to-nocors-nocreds?url=""
 CONSOLE MESSAGE: FetchEvent.respondWith received an error: TypeError: Not allowed to follow a redirection while loading https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=https%3A%2F%2F127.0.0.1%3A9443%2Fservice-workers%2Fservice-worker%2Fresources%2Fsuccess.py%3FACAOrigin%3Dhttps%253A%252F%252Flocalhost%253A9443
 CONSOLE MESSAGE: Fetch API cannot load https://localhost:9443/nonav-error-sameorigin-redirects-to-cors-nocreds?url=""
-CONSOLE MESSAGE: line 51: No-Cors mode requires follow redirect mode
-CONSOLE MESSAGE: line 51: Not allowed to request resource
-CONSOLE MESSAGE: line 51: Fetch API cannot load https://localhost:9443/nonav-error-nocors-redirects-to-sameorigin-nocreds?url="" due to access control checks.
-CONSOLE MESSAGE: line 51: No-Cors mode requires follow redirect mode
-CONSOLE MESSAGE: line 51: Not allowed to request resource
-CONSOLE MESSAGE: line 51: Fetch API cannot load https://localhost:9443/nonav-error-nocors-redirects-to-nocors-nocreds?url="" due to access control checks.
-CONSOLE MESSAGE: line 51: No-Cors mode requires follow redirect mode
-CONSOLE MESSAGE: line 51: Not allowed to request resource
-CONSOLE MESSAGE: line 51: Fetch API cannot load https://localhost:9443/nonav-error-nocors-redirects-to-cors-nocreds?url="" due to access control checks.
+CONSOLE MESSAGE: FetchEvent.respondWith received an error: TypeError: Not allowed to follow a redirection while loading https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=https%3A%2F%2Flocalhost%3A9443%2Fservice-workers%2Fservice-worker%2Fresources%2Fsuccess.py
+CONSOLE MESSAGE: Fetch API cannot load https://localhost:9443/nonav-error-nocors-redirects-to-sameorigin-nocreds?url=""
+CONSOLE MESSAGE: FetchEvent.respondWith received an error: TypeError: Not allowed to follow a redirection while loading https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=https%3A%2F%2F127.0.0.1%3A9443%2Fservice-workers%2Fservice-worker%2Fresources%2Fsuccess.py
+CONSOLE MESSAGE: Fetch API cannot load https://localhost:9443/nonav-error-nocors-redirects-to-nocors-nocreds?url=""
+CONSOLE MESSAGE: FetchEvent.respondWith received an error: TypeError: Not allowed to follow a redirection while loading https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=https%3A%2F%2F127.0.0.1%3A9443%2Fservice-workers%2Fservice-worker%2Fresources%2Fsuccess.py%3FACAOrigin%3Dhttps%253A%252F%252Flocalhost%253A9443
+CONSOLE MESSAGE: Fetch API cannot load https://localhost:9443/nonav-error-nocors-redirects-to-cors-nocreds?url=""
 CONSOLE MESSAGE: FetchEvent.respondWith received an error: TypeError: Not allowed to follow a redirection while loading https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=https%3A%2F%2Ffoo%3Abar%40localhost%3A9443%2Fservice-workers%2Fservice-worker%2Fresources%2Fsuccess.py
 CONSOLE MESSAGE: Fetch API cannot load https://localhost:9443/nonav-error-cors-redirects-to-sameorigin-creds?url=""
 CONSOLE MESSAGE: FetchEvent.respondWith received an error: TypeError: Not allowed to follow a redirection while loading https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=https%3A%2F%2Ffoo%3Abar%40127.0.0.1%3A9443%2Fservice-workers%2Fservice-worker%2Fresources%2Fsuccess.py
@@ -65,15 +44,12 @@
 CONSOLE MESSAGE: Fetch API cannot load https://localhost:9443/nonav-error-sameorigin-redirects-to-nocors-creds?url=""
 CONSOLE MESSAGE: FetchEvent.respondWith received an error: TypeError: Not allowed to follow a redirection while loading https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=https%3A%2F%2Ffoo%3Abar%40127.0.0.1%3A9443%2Fservice-workers%2Fservice-worker%2Fresources%2Fsuccess.py%3FACAOrigin%3Dhttps%253A%252F%252Flocalhost%253A9443
 CONSOLE MESSAGE: Fetch API cannot load https://localhost:9443/nonav-error-sameorigin-redirects-to-cors-creds?url=""
-CONSOLE MESSAGE: line 51: No-Cors mode requires follow redirect mode
-CONSOLE MESSAGE: line 51: Not allowed to request resource
-CONSOLE MESSAGE: line 51: Fetch API cannot load https://localhost:9443/nonav-error-nocors-redirects-to-sameorigin-creds?url="" due to access control checks.
-CONSOLE MESSAGE: line 51: No-Cors mode requires follow redirect mode
-CONSOLE MESSAGE: line 51: Not allowed to request resource
-CONSOLE MESSAGE: line 51: Fetch API cannot load https://localhost:9443/nonav-error-nocors-redirects-to-nocors-creds?url="" due to access control checks.
-CONSOLE MESSAGE: line 51: No-Cors mode requires follow redirect mode
-CONSOLE MESSAGE: line 51: Not allowed to request resource
-CONSOLE MESSAGE: line 51: Fetch API cannot load https://localhost:9443/nonav-error-nocors-redirects-to-cors-creds?url="" due to access control checks.
+CONSOLE MESSAGE: FetchEvent.respondWith received an error: TypeError: Not allowed to follow a redirection while loading https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=https%3A%2F%2Ffoo%3Abar%40localhost%3A9443%2Fservice-workers%2Fservice-worker%2Fresources%2Fsuccess.py
+CONSOLE MESSAGE: Fetch API cannot load https://localhost:9443/nonav-error-nocors-redirects-to-sameorigin-creds?url=""
+CONSOLE MESSAGE: FetchEvent.respondWith received an error: TypeError: Not allowed to follow a redirection while loading https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=https%3A%2F%2Ffoo%3Abar%40127.0.0.1%3A9443%2Fservice-workers%2Fservice-worker%2Fresources%2Fsuccess.py
+CONSOLE MESSAGE: Fetch API cannot load https://localhost:9443/nonav-error-nocors-redirects-to-nocors-creds?url=""
+CONSOLE MESSAGE: FetchEvent.respondWith received an error: TypeError: Not allowed to follow a redirection while loading https://localhost:9443/service-workers/service-worker/resources/redirect.py?Redirect=https%3A%2F%2Ffoo%3Abar%40127.0.0.1%3A9443%2Fservice-workers%2Fservice-worker%2Fresources%2Fsuccess.py%3FACAOrigin%3Dhttps%253A%252F%252Flocalhost%253A9443
+CONSOLE MESSAGE: Fetch API cannot load https://localhost:9443/nonav-error-nocors-redirects-to-cors-creds?url=""
 
 PASS initialize global state 
 PASS Non-navigation, manual redirect, cors mode Request redirected to same-origin without credentials should succeed opaqueredirect interception and response should not be redirected 
@@ -82,9 +58,9 @@
 PASS Non-navigation, manual redirect, same-origin mode Request redirected to same-origin without credentials should succeed opaqueredirect interception and response should not be redirected 
 PASS Non-navigation, manual redirect, same-origin mode Request redirected to no-cors without credentials should succeed opaqueredirect interception and response should not be redirected 
 PASS Non-navigation, manual redirect, same-origin mode Request redirected to cors without credentials should succeed opaqueredirect interception and response should not be redirected 
-FAIL Non-navigation, manual redirect, no-cors mode Request redirected to same-origin without credentials should succeed opaqueredirect interception and response should not be redirected promise_test: Unhandled rejection with value: object "TypeError: Not allowed to request resource"
-FAIL Non-navigation, manual redirect, no-cors mode Request redirected to no-cors without credentials should succeed opaqueredirect interception and response should not be redirected promise_test: Unhandled rejection with value: object "TypeError: Not allowed to request resource"
-FAIL Non-navigation, manual redirect, no-cors mode Request redirected to cors without credentials should succeed opaqueredirect interception and response should not be redirected promise_test: Unhandled rejection with value: object "TypeError: Not allowed to request resource"
+PASS Non-navigation, manual redirect, no-cors mode Request redirected to same-origin without credentials should succeed opaqueredirect interception and response should not be redirected 
+PASS Non-navigation, manual redirect, no-cors mode Request redirected to no-cors without credentials should succeed opaqueredirect interception and response should not be redirected 
+PASS Non-navigation, manual redirect, no-cors mode Request redirected to cors without credentials should succeed opaqueredirect interception and response should not be redirected 
 PASS Non-navigation, manual redirect, cors mode Request redirected to same-origin with credentials should succeed opaqueredirect interception and response should not be redirected 
 PASS Non-navigation, manual redirect, cors mode Request redirected to no-cors with credentials should succeed opaqueredirect interception and response should not be redirected 
 PASS Non-navigation, manual redirect, cors mode Request redirected to cors with credentials should succeed opaqueredirect interception and response should not be redirected 
@@ -91,9 +67,9 @@
 PASS Non-navigation, manual redirect, same-origin mode Request redirected to same-origin with credentials should succeed opaqueredirect interception and response should not be redirected 
 PASS Non-navigation, manual redirect, same-origin mode Request redirected to no-cors with credentials should succeed opaqueredirect interception and response should not be redirected 
 PASS Non-navigation, manual redirect, same-origin mode Request redirected to cors with credentials should succeed opaqueredirect interception and response should not be redirected 
-FAIL Non-navigation, manual redirect, no-cors mode Request redirected to same-origin with credentials should succeed opaqueredirect interception and response should not be redirected promise_test: Unhandled rejection with value: object "TypeError: Not allowed to request resource"
-FAIL Non-navigation, manual redirect, no-cors mode Request redirected to no-cors with credentials should succeed opaqueredirect interception and response should not be redirected promise_test: Unhandled rejection with value: object "TypeError: Not allowed to request resource"
-FAIL Non-navigation, manual redirect, no-cors mode Request redirected to cors with credentials should succeed opaqueredirect interception and response should not be redirected promise_test: Unhandled rejection with value: object "TypeError: Not allowed to request resource"
+PASS Non-navigation, manual redirect, no-cors mode Request redirected to same-origin with credentials should succeed opaqueredirect interception and response should not be redirected 
+PASS Non-navigation, manual redirect, no-cors mode Request redirected to no-cors with credentials should succeed opaqueredirect interception and response should not be redirected 
+PASS Non-navigation, manual redirect, no-cors mode Request redirected to cors with credentials should succeed opaqueredirect interception and response should not be redirected 
 PASS Non-navigation, follow redirect, cors mode Request redirected to same-origin without credentials should succeed interception and response should be redirected 
 PASS Non-navigation, follow redirect, cors mode Request redirected to no-cors without credentials should fail interception and response should not be redirected 
 PASS Non-navigation, follow redirect, cors mode Request redirected to cors without credentials should succeed interception and response should be redirected

Modified: trunk/Source/WebCore/ChangeLog (250514 => 250515)


--- trunk/Source/WebCore/ChangeLog	2019-09-30 09:06:38 UTC (rev 250514)
+++ trunk/Source/WebCore/ChangeLog	2019-09-30 10:40:02 UTC (rev 250515)
@@ -1,3 +1,21 @@
+2019-09-30  Rob Buis  <[email protected]>
+
+        No-Cors check should take into account same-origin
+        https://bugs.webkit.org/show_bug.cgi?id=202353
+
+        Reviewed by Youenn Fablet.
+
+        No-Cors check should take into account same-origin, in that case the
+        check should bail out, since same-origin is already handled in
+        the first step of [1].
+
+        Test: imported/web-platform-tests/fetch/api/redirect/redirect-mode.any.html
+
+        [1] https://fetch.spec.whatwg.org/#main-fetch Step 5
+
+        * loader/cache/CachedResourceLoader.cpp:
+        (WebCore::CachedResourceLoader::canRequest):
+
 2019-09-30  Zan Dobersek  <[email protected]>
 
         [Nicosia] Complete ScrollingTreeNicosia::createScrollingTreeNode()

Modified: trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp (250514 => 250515)


--- trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp	2019-09-30 09:06:38 UTC (rev 250514)
+++ trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp	2019-09-30 10:40:02 UTC (rev 250515)
@@ -507,7 +507,7 @@
         return false;
     }
 
-    if (options.mode == FetchOptions::Mode::NoCors && options.redirect != FetchOptions::Redirect::Follow && type != CachedResource::Type::Ping) {
+    if (options.mode == FetchOptions::Mode::NoCors && !m_document->securityOrigin().canRequest(url) && options.redirect != FetchOptions::Redirect::Follow && type != CachedResource::Type::Ping) {
         ASSERT(type != CachedResource::Type::MainResource);
         frame()->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, "No-Cors mode requires follow redirect mode"_s);
         return false;

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to