Skip to site navigation (Press enter)

[webkit-changes] [254821] trunk

commit-queue Mon, 20 Jan 2020 06:44:06 -0800

Title: [254821] trunk

Revision: 254821
Author: [email protected]
Date: 2020-01-20 06:43:44 -0800 (Mon, 20 Jan 2020)

Log Message

Implement "create a potential-CORS request"
https://bugs.webkit.org/show_bug.cgi?id=205326


Patch by Rob Buis <[email protected]> on 2020-01-20
Reviewed by Youenn Fablet.

LayoutTests/imported/w3c:

Update improved test result.

* web-platform-tests/html/semantics/scripting-1/the-script-element/script-crossorigin-network-expected.txt:

Source/WebCore:

The storedCredentialsPolicy should be calculated using a same origin
check when credentials are computed as same-origin.

Test: imported/w3c/web-platform-tests/html/semantics/scripting-1/the-script-element/script-crossorigin-network.html

* loader/CrossOriginAccessControl.cpp:
(WebCore::createPotentialAccessControlRequest):

Modified Paths

trunk/LayoutTests/imported/w3c/ChangeLog
trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/scripting-1/the-script-element/script-crossorigin-network-expected.txt
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp

Diff

Modified: trunk/LayoutTests/imported/w3c/ChangeLog (254820 => 254821)


--- trunk/LayoutTests/imported/w3c/ChangeLog	2020-01-20 14:28:18 UTC (rev 254820)
+++ trunk/LayoutTests/imported/w3c/ChangeLog	2020-01-20 14:43:44 UTC (rev 254821)
@@ -1,3 +1,14 @@
+2020-01-20  Rob Buis  <[email protected]>
+
+        Implement "create a potential-CORS request"
+        https://bugs.webkit.org/show_bug.cgi?id=205326
+
+        Reviewed by Youenn Fablet.
+
+        Update improved test result.
+
+        * web-platform-tests/html/semantics/scripting-1/the-script-element/script-crossorigin-network-expected.txt:
+
 2020-01-20  Rossana Monteriso  <[email protected]>
 
         [css-grid] Import grid-align-content-distribution tests to WebKit

Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/scripting-1/the-script-element/script-crossorigin-network-expected.txt (254820 => 254821)


--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/scripting-1/the-script-element/script-crossorigin-network-expected.txt	2020-01-20 14:28:18 UTC (rev 254820)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/scripting-1/the-script-element/script-crossorigin-network-expected.txt	2020-01-20 14:43:44 UTC (rev 254821)
@@ -1,5 +1,5 @@
 
 PASS HTMLScriptElement: crossorigin attribute network test1 
-FAIL HTMLScriptElement: crossorigin attribute network test2 assert_true: invalid values should default to include credentials due to response tainting expected true got false
+PASS HTMLScriptElement: crossorigin attribute network test2 
 PASS HTMLScriptElement: crossorigin attribute network test3

Modified: trunk/Source/WebCore/ChangeLog (254820 => 254821)


--- trunk/Source/WebCore/ChangeLog	2020-01-20 14:28:18 UTC (rev 254820)
+++ trunk/Source/WebCore/ChangeLog	2020-01-20 14:43:44 UTC (rev 254821)
@@ -1,5 +1,20 @@
 2020-01-20  Rob Buis  <[email protected]>
 
+        Implement "create a potential-CORS request"
+        https://bugs.webkit.org/show_bug.cgi?id=205326
+
+        Reviewed by Youenn Fablet.
+
+        The storedCredentialsPolicy should be calculated using a same origin
+        check when credentials are computed as same-origin.
+
+        Test: imported/w3c/web-platform-tests/html/semantics/scripting-1/the-script-element/script-crossorigin-network.html
+
+        * loader/CrossOriginAccessControl.cpp:
+        (WebCore::createPotentialAccessControlRequest):
+
+2020-01-20  Rob Buis  <[email protected]>
+
         Make isValidUserAgentHeaderValue GLib only
         https://bugs.webkit.org/show_bug.cgi?id=206475

Modified: trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp (254820 => 254821)


--- trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp	2020-01-20 14:28:18 UTC (rev 254820)
+++ trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp	2020-01-20 14:43:44 UTC (rev 254821)
@@ -137,7 +137,16 @@
         ? FetchOptions::Credentials::Omit : equalLettersIgnoringASCIICase(crossOriginAttribute, "use-credentials")
         ? FetchOptions::Credentials::Include : FetchOptions::Credentials::SameOrigin;
     options.credentials = credentials;
-    options.storedCredentialsPolicy = credentials == FetchOptions::Credentials::Include ? StoredCredentialsPolicy::Use : StoredCredentialsPolicy::DoNotUse;
+    switch (credentials) {
+    case FetchOptions::Credentials::Include:
+        options.storedCredentialsPolicy = StoredCredentialsPolicy::Use;
+        break;
+    case FetchOptions::Credentials::SameOrigin:
+        options.storedCredentialsPolicy = document.securityOrigin().canRequest(request.url()) ? StoredCredentialsPolicy::Use : StoredCredentialsPolicy::DoNotUse;
+        break;
+    case FetchOptions::Credentials::Omit:
+        options.storedCredentialsPolicy = StoredCredentialsPolicy::DoNotUse;
+    }
 
     CachedResourceRequest cachedRequest { WTFMove(request), WTFMove(options) };
     updateRequestForAccessControl(cachedRequest.resourceRequest(), document.securityOrigin(), options.storedCredentialsPolicy);

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes